|
|
- Process Hacker is a powerful free and open source process viewer.
-
- == Getting started ==
-
- Simply run ProcessHacker.exe to start Process Hacker. There are two
- versions, 32-bit (x86) and 64-bit (x64). If you are not sure which
- version to use, open Control Panel > System and check the "System
- type". You cannot run the 32-bit version of Process Hacker on a
- 64-bit system and expect it to work correctly, unlike other programs.
-
- == System requirements ==
-
- Windows XP SP2 or higher, 32-bit or 64-bit.
-
- == Settings ==
-
- If you are running Process Hacker from a USB drive, you may want to
- save Process Hacker's settings there as well. To do this, create a
- blank file named "ProcessHacker.exe.settings.xml" in the same
- directory as ProcessHacker.exe. You can do this using Windows Explorer:
-
- 1. Make sure "Hide extensions for known file types" is unticked in
- Tools > Folder options > View.
- 2. Right-click in the folder and choose New > Text Document.
- 3. Rename the file to ProcessHacker.exe.settings.xml (delete the ".txt"
- extension).
-
- == Plugins ==
-
- Plugins can be configured from Hacker > Plugins.
-
- If you experience any crashes involving plugins, make sure they
- are up to date.
-
- The ExtendedTools plugin is only available for Windows Vista and
- above. Disk and Network information provided by this plugin is
- only available when running Process Hacker with administrative
- rights.
-
- == KProcessHacker ==
-
- NOTE: The driver has been very generously signed by the
- ReactOS Foundation (http://www.reactos.org).
-
- Process Hacker uses a kernel-mode driver, KProcessHacker, to
- assist with certain functionality. This includes:
-
- * Bypassing security software and rootkits in limited ways
- * More powerful process and thread termination (*)
- * Setting DEP status of processes
- * Capturing kernel-mode stack traces
- * More efficiently enumerating process handles
- * Retrieving names for file handles
- * Retrieving names for EtwRegistration objects
- * Setting handle attributes
-
- The feature(s) marked with an asterisk (*) are NOT available on 64-bit
- versions of Windows.
-
- Certain features such as modifying process protection are disabled
- in the released driver binary due to legal reasons. You can enable
- them by building KProcessHacker with the "dirty" configuration.
-
- Note that by default, KProcessHacker only allows connections from
- processes with SeDebugPrivilege. To allow Process Hacker to show details
- for all processes when it is not running as administrator:
-
- 1. In Registry Editor, navigate to:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KProcessHacker2
- 2. Under this key, create a key named Parameters if it does not exist.
- 3. Create a DWORD value named SecurityLevel and set it to 0.
- 4. Restart the KProcessHacker2 service (sc stop KProcessHacker2,
- sc start KProcessHacker2).
|