There are some issues regarding the process hacker driver, for example some functions are only available for process hacker, well a properly signes binary rather, but taskexplorer isn't. So in future builds I will include xprocesshacker.sys, which accepts taskexplorer and enables all functionality, as a default. I ran the modded and signed driver against virus total and only 3 AV products complain about the used leaked certificate. of cause avast is one of them. That will simplify it for the user, one thing I don't know if I should continue to use processhackers binary verification mechanism in the driver just with my key, or if I should just disable it entirely, since anyone has access to the code and this certificate it wasn't difficult to find. Hence probably there is no point in adding any restrictions.
Well, as we cannot rely on Antivirus software in this case, the included xprocesshacker.sys should at least check its own integrity, if possible (Avast will always complain).
Its not about its own integrity, as that is guarded by the signature. Its about if the driver will allow every process runnign with administrative rights to use all its features, or if it will restrict them to the custom signed TaskExplorer.exe Like the ph driver does with the ph.exe. Imho its not nice towards admins to restrict what features they can use. Hence I would say any admin process should be able to use all the drivers features.
Would it be possible to make it configurable, or have two versions to choose from? Personally, I'd prefer to use the process hacker only with taskexplorer.exe.
Well configurable, how do you save the configuration securely? That is the problem, if you have admin right to install a driver you can also write any registry location and change any configuration. So imho its eider hard coded or its enough to limit the driver access to any process with admin rights. Anyhow if you have a malware with admin rights you are screwed eider way processhacker driver or no driver.
Maybe, but the driver is an additional attack vector. We might see malware targeting your tool and the xprocesshacker.sys it contains. Would just like to not having another driver laying around ready to be abused by any process with admin rights (includes many services). Could you use compiler flags to limit just the included copy, but offer a generic unlocked distribution for admins?
Unfortunately, 0.8.0 doesn't work on Windows 7. Code: --------------------------- TaskExplorer.exe - Entry Point Not Found --------------------------- The procedure entry point SetThreadDescription could not be located in the dynamic link library KERNEL32.dll. --------------------------- OK ---------------------------
Hi Version 0.8.0 starts but crashes. Here is the dmp from TaskExplorer.exe I hope it helps you. Nice Tool by the Way
ups that was a untested test build, I re upload the right build now it shouldn't crash at that point.
would u mind making application that save services / drivers settings like startup type to present file and then load it afterward in another machine ? or for sharing it or know app that already do that thx u
for only those services that was changed by the user the rest it would be nice if it will tell the service is not as the default or new service are exist in the new machine
well it can't know whats changes out of nothing. it could work like this you start it and make a snapshot than you do your changes and than make an other snapshot and it saved the differences. whats the usecase you are thinking about exactly?
it could be added to the present file without having effect so when there a problem it can be recover back to good state