I think that's preferable. For example, look at the extraction instruction of AkelPad.computerfreaker wrote:is it acceptable in terms of telling users how to keep things as portable as possible
http://www.portablefreeware.com/?id=952
I think that's preferable. For example, look at the extraction instruction of AkelPad.computerfreaker wrote:is it acceptable in terms of telling users how to keep things as portable as possible
Do you think I should edit the Process Hacker database entry again to make it look a bit nicer, like AkelPad's entry? The current PH entry gets the job done, but it's not as clear as AkelPad's entry.infimum wrote:I think that's preferable. For example, look at the extraction instruction of AkelPad.computerfreaker wrote:is it acceptable in terms of telling users how to keep things as portable as possible
http://www.portablefreeware.com/?id=952
I think it make it alot easier for the averge user to decipher.Do you think I should edit the Process Hacker database entry again to make it look a bit nicer.
Do you think the entry looks OK now?guinness wrote:I think it make it alot easier for the averge user to decipher.Do you think I should edit the Process Hacker database entry again to make it look a bit nicer.
No at all! You have made great contributions to the TPFC community. It would be petty if you were banned for improving the quality of your suggested applicationI've got to be careful with all these edits or I'm going to end up getting banned.
I added a bit more to the description drawn from the feature list on the website. I figure its incomplete if we describe it as "feature-packed" without listing any of those features.computerfreaker wrote:Do you think the entry looks OK now?
Although on some servers they come up as red flags, you will not get banned for frequent edits here on PFW. I know because I've edited PicPick like 20x and there were no issues.computerfreaker wrote:I've got to be careful with all these edits or I'm going to end up getting banned
Thanks for doing that! I thought about doing a feature list, but couldn't seem to get all the features summarized into a reasonably small block of text.webfork wrote:I added a bit more to the description drawn from the feature list on the website. I figure its incomplete if we describe it as "feature-packed" without listing any of those features.computerfreaker wrote:Do you think the entry looks OK now?
That's good to hear. I was basing my statement off this quote, which always comes up when I'm editing an entry:webfork wrote:Although on some servers they come up as red flags, you will not get banned for frequent edits here on PFW. I know because I've edited PicPick like 20x and there were no issues.computerfreaker wrote:I've got to be careful with all these edits or I'm going to end up getting banned
"abusing this privilege", at least to me, means excessively using the Edit feature, hence the concern.Note: All edits are logged. If any member is found to abuse this privilege, inappropriate changes will be reverted and the offending member may be permanently banned.
Well, I don't really believe in giving users more leeway just because they've contributed a bit. "Rules is rules", which means I really should have done a good job the first time.guinness wrote:No at all! You have made great contributions to the TPFC community. It would be petty if you were banned for improving the quality of your suggested applicationI've got to be careful with all these edits or I'm going to end up getting banned.
Yeah, the Services tab is a nice feature. I've used it a lot over the past few days; let's just say I was surprised by how many services are on this old system.-.- wrote:since this doesnt use .net I'll switch back to it from process explorer, i find a lot more features on processhacker and i like the services tab.
I'm pretty sure it'll still leave Registry traces from where the driver was installed, though. I think the only way around that is to delete (or rename) the driver before installing it, which means deleting the driver before running Process Hacker.-.- wrote:edit, found kprocess in services tab, stopped/removed it from there and seems to work fine. though it wont fix stealth issue, i can leave the .sys in folder and it wont use it now
Code: Select all
<settings>
<setting name="EnableKph">0</setting>
</settings>
Yeah, I know, but that driver is also what takes the stealth out of Process Hacker.Ruby wrote:But please do not delete 'kprocesshacker.sys', this kernel driver is what puts the hacker in Process Hacker.
What apps?Ruby wrote:There are other apps in the database that write to the same reg key, yet no special instructions like this.
Nice! That disables the driver but doesn't delete it, so it can be re-enabled if necessary. That's much cleaner than my suggestion.Ruby wrote: I have found a way to start the app without it creating that reg key, whether you start as Admin or not.
1. Download the ZIP package and extract to a folder of your choice.
2. Create an new file in the folder and name it 'ProcessHacker.xml' (w/o quotes)
3. Copy and Paste the code below inside this new file and run with the parameter -settings ProcessHacker.xmlProcess Hacker will now read/write to this file.Code: Select all
<settings> <setting name="EnableKph">0</setting> </settings>
Should the time come when you do need to delete/terminate some low-level process here are the ways.
If running as normal user, click Hacker > Options... > Advanced and tick 'Enable kernel-mode driver'.
Click Hacker again and click 'Show Details for All Processes' this will elevate and load the driver and you're good to go.
If running as Admin, > 'Enable kernel-mode driver', you'll need to restart PH to load the driver.
With this driver loaded I was able to shut down avast! with just a couple of clicks.
Note: You can name the xml file you create anything you want as long as you pass it after the parameter -settings.
How to extract:Full control over processes, rootkit termination, and DLL controls.
And at the Homepage of ProcessHacker:Delete kprocesshacker.sys
I don't think that for the sake of a 'stealth application' that this program should be crippled of it's full capabilities.Full control over all processes, even processes protected by rootkits or security software.
Its kernel-mode driver has unique abilities which allows it to terminate, suspend and resume all processes and threads,
including software like IceSword, avast! anti-virus, AVG Antivirus, COMODO Internet Security, etc. (just to name a few).
That's good to know.SYSTEM wrote:BTW, the kernel-mode driver can also be disabled by using the command line switch -nokph.
Yeah, I keep it disabled (on flash drive) but it's there and ready to go!SYSTEM wrote:Personally I keep the driver enabled.
I'm with you on this one.SYSTEM wrote:I find features more important than stealthability.
I haven't tested.Ruby wrote:That's good to know.SYSTEM wrote:BTW, the kernel-mode driver can also be disabled by using the command line switch -nokph.
Can it be renabled live when running with that switch?
Well, now I have tested. At least under Windows XP SP3 re-enabling the driver requires restarting Process Hacker without the switch.SYSTEM wrote:I haven't tested.Ruby wrote:That's good to know.SYSTEM wrote:BTW, the kernel-mode driver can also be disabled by using the command line switch -nokph.
Can it be renabled live when running with that switch?