Task Explorer - a new powerfull task manager

Discussion in 'Application Software' started by DavidXanatos, Jun 24, 2019.

  1. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    253
    1,029
    10
    There are some issues regarding the process hacker driver, for example some functions are only available for process hacker, well a properly signes binary rather, but taskexplorer isn't. So in future builds I will include xprocesshacker.sys, which accepts taskexplorer and enables all functionality, as a default.
    I ran the modded and signed driver against virus total and only 3 AV products complain about the used leaked certificate. of cause avast is one of them.
    That will simplify it for the user, one thing I don't know if I should continue to use processhackers binary verification mechanism in the driver just with my key, or if I should just disable it entirely, since anyone has access to the code and this certificate it wasn't difficult to find. Hence probably there is no point in adding any restrictions.
     
  2. Carlos Detweiller

    Carlos Detweiller MDL Spinning Tortoise

    Dec 21, 2012
    3,181
    2,784
    120
    Well, as we cannot rely on Antivirus software in this case, the included xprocesshacker.sys should at least check its own integrity, if possible (Avast will always complain).
     
  3. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    253
    1,029
    10
    Its not about its own integrity, as that is guarded by the signature.
    Its about if the driver will allow every process runnign with administrative rights to use all its features, or if it will restrict them to the custom signed TaskExplorer.exe
    Like the ph driver does with the ph.exe. Imho its not nice towards admins to restrict what features they can use. Hence I would say any admin process should be able to use all the drivers features.
     
  4. Carlos Detweiller

    Carlos Detweiller MDL Spinning Tortoise

    Dec 21, 2012
    3,181
    2,784
    120
    Would it be possible to make it configurable, or have two versions to choose from? Personally, I'd prefer to use the process hacker only with taskexplorer.exe.
     
  5. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    253
    1,029
    10
    Well configurable, how do you save the configuration securely?
    That is the problem, if you have admin right to install a driver you can also write any registry location and change any configuration.
    So imho its eider hard coded or its enough to limit the driver access to any process with admin rights.
    Anyhow if you have a malware with admin rights you are screwed eider way processhacker driver or no driver.
     
  6. Carlos Detweiller

    Carlos Detweiller MDL Spinning Tortoise

    Dec 21, 2012
    3,181
    2,784
    120
    Maybe, but the driver is an additional attack vector. We might see malware targeting your tool and the xprocesshacker.sys it contains. Would just like to not having another driver laying around ready to be abused by any process with admin rights (includes many services).


    Could you use compiler flags to limit just the included copy, but offer a generic unlocked distribution for admins?
     
  7. Carlos Detweiller

    Carlos Detweiller MDL Spinning Tortoise

    Dec 21, 2012
    3,181
    2,784
    120
    Unfortunately, 0.8.0 doesn't work on Windows 7.

    Code:
    ---------------------------
    TaskExplorer.exe - Entry Point Not Found
    ---------------------------
    The procedure entry point SetThreadDescription could not be located in the dynamic link library KERNEL32.dll.
    ---------------------------
    OK   
    ---------------------------
     
  8. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    253
    1,029
    10
    hmm.... i have removed the SetThreadDescription calls and re uploaded the build.
     
  9. Kingkaktus

    Kingkaktus MDL Novice

    Jul 22, 2009
    12
    2
    0
    Hi
    Version 0.8.0 starts but crashes. Here is the dmp from TaskExplorer.exe
    I hope it helps you. Nice Tool by the Way :D
     

    Attached Files:

  10. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    253
    1,029
    10
    ups that was a untested test build, I re upload the right build now it shouldn't crash at that point.
     
  11. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,661
    710
    60
    would u mind making application that save services / drivers settings like startup type to present file
    and then load it afterward in another machine ? or for sharing it
    or know app that already do that
    thx u
     
  12. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    253
    1,029
    10
    For selected services or for all?
     
  13. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,661
    710
    60
    for only those services that was changed by the user
    the rest it would be nice if it will tell the service is not as the default
    or new service are exist in the new machine
     
  14. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    253
    1,029
    10
    well it can't know whats changes out of nothing.
    it could work like this you start it and make a snapshot than you do your changes and than make an other snapshot and it saved the differences.

    whats the usecase you are thinking about exactly?
     
  15. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,661
    710
    60
    it could be added to the present file without having effect

    so when there a problem it can be recover back to good state
     
  16. Carlos Detweiller

    Carlos Detweiller MDL Spinning Tortoise

    Dec 21, 2012
    3,181
    2,784
    120
    Could test now. Looks like the re-uploaded 0.8.0 works fine.
     
  17. DavidXanatos

    DavidXanatos MDL Senior Member

    May 23, 2010
    253
    1,029
    10