Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Internals
  New Posts New Posts RSS Feed: Hey guys, The JOB is waiting for you!
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Hey guys, The JOB is waiting for you!
 Post Reply Post Reply Page  12>
Author
Message Reverse Sort Order
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
Meriadoc View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 August 2006
Online Status: Offline
Posts: 233 		Post Options Post Options   Quote Meriadoc Quote  Post ReplyReply Direct Link To This Post Topic: Hey guys, The JOB is waiting for you!
    Posted: 07 June 2009 at 10:00am
Originally posted by GamingMasteR

PH acts well on infected boxed than PE does !!

Agree.


Edited by Meriadoc - 07 June 2009 at 10:02am
Back to Top
wj32 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 16 January 2009
Location: Australia
Online Status: Offline
Posts: 704 		Post Options Post Options   Quote wj32 Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2009 at 3:12am
The thing is, the way David Solomon worded it, he was suggesting that unless PH had distinguishing features there was no point in developing it. Imagine if the features I mentioned didn't exist in PH. Would that make PH pointless? PH is open source, and that would be the biggest distinguishing factor.
MCTS: Windows Internals
Process Hacker, a free and open source process viewer.
Back to Top
SvenBomwollen View Drop Down
Senior Member
Senior Member


Joined: 29 August 2008
Location: Germany
Online Status: Offline
Posts: 1400 		Post Options Post Options   Quote SvenBomwollen Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2009 at 1:14am
Hello, wj32.
Do you really think the only process viewer there should be is Process Explorer?
Though you addressed this question to dsolomon, let me give my point view on it: dsolomon did not suggest that there should be Process Explorer only. He just asked how Process Hacker differs from Process Explorer.
Well, you explained the differences in your reply. Smile

Is there really no point in creating a process viewer since Process Explorer already exists?
My point of view: if the answer to this question were "there is none", then we would all still be using e.g. Norton Commander for DOS, because all the NC clones would never have been written. We all know they have been developped and a few of them grew more powerful than the original NC ever was. So as long as you think there is a point in developping Process Hacker, there is a point in doing so. Moreover, competition is good for business. Smile

Kind regards,
SvenBomwollen
 


Edited by SvenBomwollen - 07 June 2009 at 1:18am
Back to Top
GamingMasteR View Drop Down
Senior Member
Senior Member
Avatar

Joined: 10 August 2008
Online Status: Offline
Posts: 210 		Post Options Post Options   Quote GamingMasteR Quote  Post ReplyReply Direct Link To This Post Posted: 06 June 2009 at 4:15am
I agree with wj32, PH acts well on infected boxed than PE does !!
Back to Top
wj32 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 16 January 2009
Location: Australia
Online Status: Offline
Posts: 704 		Post Options Post Options   Quote wj32 Quote  Post ReplyReply Direct Link To This Post Posted: 06 June 2009 at 3:51am
Originally posted by dsolomon

What's the point of this project? What are the key features that differ this from Process Explorer?
 
If there are some key things missing in Process Explorer, Mark wants to know about it - submit them in the forum in the usual place.


( Rant: )

Do you really think the only process viewer there should be is Process Explorer? Is there really no point in creating a process viewer since Process Explorer already exists?

For starters, Process Hacker is open source while Process Explorer is not. PH has advanced process termination while PE doesn't. PH highlights GUI threads. PH lets you enable/disable/remove privileges. PH lets you read/write memory. PH lets you unload modules. PH lets you change handle attributes. PH shows you all services and lets you modify them.

I don't think Mark is even looking at the Feature Requests topic. I'm not saying that Mark is obliged to update PE with new features, but your attitude is very frustrating (it's not just you though). You're saying I'm not allowed to create a new process viewer with the features I want in it - I need to use PE and post everything on a wishlist, even if the features I request will never be added.

Angry
MCTS: Windows Internals
Process Hacker, a free and open source process viewer.
Back to Top
dsolomon View Drop Down
Newbie
Newbie


Joined: 01 July 2007
Location: United States
Online Status: Offline
Posts: 19 		Post Options Post Options   Quote dsolomon Quote  Post ReplyReply Direct Link To This Post Posted: 06 June 2009 at 1:49am
What's the point of this project? What are the key features that differ this from Process Explorer?
 
If there are some key things missing in Process Explorer, Mark wants to know about it - submit them in the forum in the usual place.
--David Solomon
Coauthor, Windows Internals (Microsoft Press)
http://www.solsem.com
Back to Top
GamingMasteR View Drop Down
Senior Member
Senior Member
Avatar

Joined: 10 August 2008
Online Status: Offline
Posts: 210 		Post Options Post Options   Quote GamingMasteR Quote  Post ReplyReply Direct Link To This Post Posted: 08 May 2009 at 9:36am

Smart Kill is the best termination method i've seen till now .

Enumerate the process's threads .

Kill every thread by inserting APC that will call PspExitThread to the current thread .

Don't insert the APC using normal KeInsertQueueApc routine because it could be hooked, use your own apc insertion method or use the unexported api KiInsertQueueApc .

There're more spices LOL



Edited by GamingMasteR - 08 May 2009 at 9:45am
Back to Top
wj32 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 16 January 2009
Location: Australia
Online Status: Offline
Posts: 704 		Post Options Post Options   Quote wj32 Quote  Post ReplyReply Direct Link To This Post Posted: 08 May 2009 at 8:02am
Originally posted by GamingMasteR

I wish to help but i know nothing about .NET development :)


If I knew C GUI programming then I would have coded PH entirely in C (not C++, I HATE C++). The only part of PH that is really .NET-based is the GUI. Have you looked inside the source code for KProcessHacker (kernel-mode driver)? It may contain things you could put in Kernel Detective Smile. BTW: How does Kernel Detective terminate processes? KPH scans for PsTerminateProcess.
MCTS: Windows Internals
Process Hacker, a free and open source process viewer.
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17492 		Post Options Post Options   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 07 May 2009 at 5:50pm
Do not apply if you will be too busy to work on Process Hacker.
Sounds fun, and while I certainly understand the reason for it the possibility of the above prevents me from getting involved. Dead
Daily affirmation:
net helpmsg 4006
Back to Top
GamingMasteR View Drop Down
Senior Member
Senior Member
Avatar

Joined: 10 August 2008
Online Status: Offline
Posts: 210 		Post Options Post Options   Quote GamingMasteR Quote  Post ReplyReply Direct Link To This Post Posted: 07 May 2009 at 5:24pm
I wish to help but i know nothing about .NET development :)
Back to Top
 Post Reply Post Reply Page  12>

Forum Jump Forum Permissions View Drop Down