Process Hacker

Process Hacker deserves the label of “Software of the week” because it’s the most advanced and powerfull tool I ever tested for manipulating or managing computer processes. Here are included applications processes, running services, hidden processes, all revealed highly detailed. For example for a given process, the tool will display to the user the handles, modules loaded, threads, the services associated with it if any, the memory map, the token, the DEP (Data Execution Prevention) status, the permissions and pretty much everything, all easily accesible via context menu.

process hacker window

process-hacker-svchost

The analysis can be deeper, you can even view the stack of a process thread. The Services tab include a complete list with all kinds of services running and their type, status and start type, for example drivers, FS(File System) drivers, share processes and so on.

process-hacker-services

As a bonus, the Network tab displays the connections made by your computer, with details about remote adress, remote port, local port and adress, the state of connection(e.g. Estabilished, Listen, Close Wait) and via the context menu, the user can view the process responsible by the connection and the memory stack, so an eventually malicious connection can easily be unveiled.

process-hacker-network

Besides all, the program is written mainly in C and C# programming languages, assuring a lightning speed of execution and very low RAM memory usage.

From the “de-virusing” point of view, if you want to try it manually, the program unlike other programs has excellent abilities to force a process termination bypassing rootkits protection for example, but the program can bypass almost all forms of process protection, it can enable or disable procesess privileges, it can inject or unload DLLs, a very usefull feature being a known fact that many malware can inject itself as a dll into a browser or instant messenger process, it can reveal hidden processes.Therefore is a very powerful and easy to use security tool.

Proving these abilities, this program can be very helpfull to detect and remove ZeuS trojan for example (the Banking trojan or ZBot), a trojan where the antivirus software has a low detection rate due to continue improvements of the trojan. New variants of the ZeuS trojan called by TrendMicro TSPY_ZBOT.BYZ, uses new techinques to spread the infection-LICAT file infector which is injecting itself into explorer.exe Windows process space, infect various system files, making possible to open network connections on various ports in order to download and execute the ZBot trojan new variants, obviously all without user knowledge.

The good news is ZeuS trojan can be detected easily by Process Hacker.

You can view the complete list of its features here.

Finally, the program can create services, delete or modify their properties or their security descriptors.

Posted in Selected Software.

One Response

Leave a Reply