Process Hacker is a free and open source process viewer. This multi-purpose tool will assist you with debugging, malware detection and system monitoring. It includes powerful process termination, memory viewing/editing and other unique and specialized features.
Key features of Process Hacker:
- View processes in a tree view with highlighting.
- View detailed process statistics and performance graphs.
- Process tooltips are detailed and show context-specific information.
- Select multiple processes and terminate, suspend or resume them.
- (32-bit only) Bypass almost all forms of process protection.
- Restart processes.
- Empty the working set of processes.
- Set affinity, priority and virtualization.
- Create process dumps.
- Use over a dozen methods to terminate processes.
- Detach processes from debuggers.
- View process heaps.
- View GDI handles.
- Inject DLLs.
- View DEP status, and even enable/disable DEP.
- View environment variables.
- View and edit process security descriptors.
- View image properties such as imports and exports
- View thread start addresses and stacks with symbols.
- Threads are highlighted if suspended, or are GUI threads.
- Select multiple threads and terminate, suspend or resume them.
- Force terminate threads.
- View TEB addresses and view TEB contents.
- (32-bit only) Find out what a thread is doing, and what objects it is waiting on.
- View and edit thread security descriptors
- View full token details, including user, owner, primary group, session ID, elevation status, and more.
- View token groups.
- View privileges and even enable, disable or remove them.
- View and edit token security descriptors
- View modules and mapped files in one list.
- Unload DLLs.
- View file properties and open them in Windows Explorer
- View a virtual memory list.
- Read and modify memory using a hex editor.
- Dump memory to a file.
- Free or decommit memory.
- Scan for strings
- View process handles, complete with highlighting for attributes.
- Search for handles (and DLLs and mapped files).
- Close handles.
- (32-bit only) Set handle attributes - Protected and Inherit.
- Granted access of handles can be viewed symbolically instead of plain hex numbers.
- View detailed object properties when supported.
- View and edit object security descriptors
- View a list of all services.
- Create services.
- Start, stop, pause, continue or delete services.
- Edit service properties.
- View service dependencies and dependents.
- View and edit service security descriptors
- View a list of network connections.
- Close network connections.
- Use tools such as whois, traceroute and ping
Compared with Process Explorer, Process Hacker:
- Implements all of the functionality offered by Process Explorer, plus more advanced features.
- Allows you to see what a thread is waiting on.
- Has advanced string scanning capabilities, as well as regular expression filtering.
- Highlights both relocated and .NET DLLs.
- Shows symbolic access masks (e.g. Read, Write), rather than just numbers (e.g. 0x12019f).
- Shows names for transaction manager objects and ETW registration objects.
- Shows detailed token information, as well as allowing privileges to be enabled and disabled.
You may choose to download standard installer or portable version, not requiring installation, from the website links.