Process Hacker – easy manipulating processes and services on yourcomputer
Stampa / Print

Process Hacker is a free and open source process
viewer. This multi-purpose tool will assist you with debugging, malware
detection and system monitoring. It includes powerful process termination,
memory viewing/editing and other unique and specialized features.

Image and video hosting by TinyPic

Key features of Process Hacker:


  • View
    processes in a tree view with highlighting.
  • View
    detailed process statistics and performance graphs.
  • Process
    tooltips are detailed and show context-specific information.
  • Select
    multiple processes and terminate, suspend or resume them.
  • (32-bit
    only) Bypass almost all forms of process protection.
  • Restart
  • Empty the
    working set of processes.
  • Set
    affinity, priority and virtualization.
  • Create
    process dumps.
  • Use over a
    dozen methods to terminate processes.
  • Detach
    processes from debuggers.
  • View process
  • View GDI
  • Inject DLLs.
  • View DEP
    status, and even enable/disable DEP.
  • View
    environment variables.
  • View and
    edit process security descriptors.
  • View image
    properties such as imports and exports


  • View thread
    start addresses and stacks with symbols.
  • Threads are
    highlighted if suspended, or are GUI threads.
  • Select
    multiple threads and terminate, suspend or resume them.
  • Force
    terminate threads.
  • View TEB
    addresses and view TEB contents.
  •  (32-bit only) Find out what a thread is
    doing, and what objects it is waiting on.
  • View and
    edit thread security descriptors


  • View full
    token details, including user, owner, primary group, session ID, elevation
    status, and more.
  • View token
  • View
    privileges and even enable, disable or remove them.
  • View and
    edit token security descriptors


  • View
    modules and mapped files in one list.
  • Unload DLLs.
  • View file
    properties and open them in Windows Explorer


  • View a
    virtual memory list.
  • Read and
    modify memory using a hex editor.
  • Dump memory
    to a file.
  • Free or
    decommit memory.
  • Scan for


  • View
    process handles, complete with highlighting for attributes.
  • Search for
    handles (and DLLs and mapped files).
  • Close
  •  (32-bit only) Set handle attributes –
    Protected and Inherit.
  • Granted
    access of handles can be viewed symbolically instead of plain hex numbers.
  • View
    detailed object properties when supported.
  • View and
    edit object security descriptors


  • View a list
    of all services.
  • Create
  • Start,
    stop, pause, continue or delete services.
  • Edit
    service properties.
  • View
    service dependencies and dependents.
  • View and
    edit service security descriptors


  • View a list
    of network connections.
  • Close
    network connections.
  • Use tools
    such as whois, traceroute and ping

Compared with Process Explorer, Process

  • Implements
    all of the functionality offered by Process Explorer, plus more advanced
  • Allows
    you to see what a thread is waiting on.
  • Has
    advanced string scanning capabilities, as well as regular expression
  • Highlights
    both relocated and .NET DLLs.
  • Shows
    symbolic access masks (e.g. Read, Write), rather than just numbers (e.g. 0x12019f).
  • Shows
    names for transaction manager objects and ETW registration objects.
  • Shows
    detailed token information, as well as allowing privileges to be enabled
    and disabled.

You may choose to download standard installer or
portable version, not requiring installation, from the website links.


About the author

Related Post


Questo sito non rappresenta una testata giornalistica e viene aggiornato senza alcuna periodicità, esclusivamente sulla base della disponibilità di materiale sugli argomenti trattati. Pertanto, non può considerarsi prodotto editoriale sottoposto alla disciplina di cui all'art. 1, comma III della Legge n. 62 del 7.03.2001 e leggi successive.