Skip to content

This release focuses on bugfixes many many bug fixes, and some usability improvements.

[0.9.75] - 2019-09-29


  • priority columns now show text instead of numbers (except base priority)
  • added cert display to process security sub tab
  • ctrl+e now expands all process tree items
  • added driver config window
  • added verbose error's dialog
  • added more status informations


  • reduced cpu usage of models
  • reduced cpu usage of rate counters
  • moved firewall status resolution to separate threa
  • reworked thread enumeration to save cpu usage
  • service and socket tabs are not longer updated when thay are not visible
  • gpu per proces stat update is now performed on a as needed basis
  • massivly reduced treeview cpu usage by adaping configuration


  • fixed an issue when on successfuly changing priority still an error was reported
  • when starting using UAC bypass the process ended up with lower priority,
    -- fixed by now always settign higher priority on startup
  • fixed bug with gpu usage column display
  • fixed issue "bring in front" was always disable din the process tree
  • fixed issue where thread start adresses were resolved multiple times unnececerly
  • fixed crash issue when logging out users
  • fixed service window not closing when ok was pressed
  • fixed issue with service to process association
  • fixed crash bug in reverse dns lookups on win 7
Assets 4

@DavidXanatos DavidXanatos released this Sep 24, 2019 · 1 commit to master since this release

This new build features many usability improvements and some bug fixes.

[0.9.50] - 2019-09-24


  • critical status added to processes state string
  • critical processes / threads have an own list color
  • trying to terminate a critical process or thread wil now display an additional confirmation mesage
  • ctrl+c now copys the selected rows
  • formating for copying panels can be set in settings
  • added additional mitigation informations
  • added additional informations to geneal process info
    -- details sub tab
    -- security sub tab
    -- app subtab
  • added job id to job tab
  • added app infos to process general tab


  • resolving symbols for pool limits is only triggered once the kernel objects tab gets opened
  • all priority settings have now an own groupe in the process tree
  • no longer keeping a handle open to all threads when thay were not used recently
  • mitigation informtions are not more verbose


  • all unselected tabs are no longer unnececerly updated at startup
  • issue with private bytes displaying the wrong value
  • fixed crash bug in task menu action handling
  • fixed a minor issue with sid resolving
Assets 4

@DavidXanatos DavidXanatos released this Sep 15, 2019 · 2 commits to master since this release

This releases added many small convenience features, as well as a few major once.
It now has a DNS cache tab, and the date form the DNS cache are used to more reliably resolve the remote host mane to which a socket was opened. Instead of just using a reverse dns which in the age of CDN's, likecloud flare and blazing fast, is quite useless, the tool correlates new sockets with the system DNS cache this way resolving which host name the process actually requested.
Task explorer can now use the Wait Chain Traversal feature of windows to debug deadlocks of processes.
And as the version approaches 1.0 we have many bug fixed.

[0.9.25] - 2019-09-15


  • added remote host names resolution for the socket's tabs
  • added dns cache viever with 60 min persistence
    -- the dns cache feature correlates the cached data with open sockets and provides a remote host name more reliable than reverse dns lookups
  • better formating when copying panels
  • added column reset option to all lists
  • added f5 full refresh options
  • added security explorer
  • all sub windows now save their geometry
  • addes Working Set Watch fature to count page faults
  • added a few more pool informations
  • added running object table view to kernel objects
  • added Wait Chain Traversal feature to detect deadlocks
  • added option to open thread tokens


  • when a new process is seen in an ETW or FW event it is now created and some masic infos are loaded
  • copy cell now can copy multiple cels
  • when enabling/disablign columns a refresh is triggered right away to fill in the data (in caseuse has set a ver slow refresh rate)
  • improved menu layout


  • fixed on copy cell did not work properly with multiple items selected
  • fixed on cppy panel and row copying empty(hiden) columns
  • fixed process tree horizontal scroll bar position reset on selection in tree
  • fixed NtQueryInformationFile deadlock in windows 7 when querying \Device\VolMgrControl
  • fixed issue where some deltas caused a overflow when the counter reset
Assets 4
Sep 10, 2019

@DavidXanatos DavidXanatos released this Sep 9, 2019 · 5 commits to master since this release

This releases added some new useful insights into the operating system and adds firewall event monitoring to be able to show blocked connection attempts.

[0.9.0b] - 2019-09-10


  • fixed crash isue on windows 7 systems when opening permissions tab

[0.9.0] - 2019-09-09


  • added windows firewall monitor to show blockes connection atempts
  • added network column to processes, showing if a process is or was using network sockets
  • added toolbar button to set persistence to 1h
  • added toolbar menu to quickly change item persistence
  • added kernel object tab to system panel, including the pool table and otehr informations
  • added nt object browser sub tab
  • added atom table view to the kernel objects tab


  • The system info Drivers tab is now moved to a sub tab of the new kernel objects tab
  • the stack trace section of the thread window can now be colapsed


  • fixed issue disabling network adapter graphs did not work
  • fixed driver view module info was not loaded
Assets 6

@DavidXanatos DavidXanatos released this Sep 2, 2019 · 7 commits to master since this release

This release focuses on bug fixing and usability improvements. An other major change is the use of the own xprocesshacker.sys driver by default, this is required as the original kprocesshacker.sys comes with a DRM that locks some functionality away from tools which are not signed by the process hacker team. With an own driver we can again mess with protected processes and read any memory location.

The used leaked signing certificate does not seam to raise to many read flags eider, virus total:
xprocesshacker.sys 4 false positivs
original kprocesshacker.sys 13 false positivs
In fact we get much less than process hacker does.

[0.8.5] - 2019-09-01


  • multi graph widget (optional individual CPU plots and individual GPU Node plots)
  • plot background/text/grid colirs can now be changed
  • added close (WM_CLOSE) and quit command (WM_QUIT)
  • added option for rates/deltas and cpu/gpu usage to show an empty string instead of '0'
  • added option to highlicht the x top resource users per column
  • reduced GUI cpu load by 20% by improved issuing of cell updates in the process tree model
  • added window title and status columns
  • added toolbar option to quickly adjust the refresh rate
  • added options to tray menu


  • system plots now set the proper length
  • all tool bar drop down buttons have now a default action
  • now the xprocesshacker.sys is used by default


  • fixed issues with changing graph length
  • fixed bad color contrast of sellected items
  • fixed a crash (race condition) when closing
  • fixed issues with cycle based cpu usage calculation
  • fixed major issue with process stat display
  • fixed isue with PrivateBytesDelta column
  • fixed issue with asynchroniouse username resolution
  • fixed cpu time columns showing a wrong value
  • fixed broken protection columns DEP and ASLR
  • fixed broken file info columns size and modification time
Assets 4

@DavidXanatos DavidXanatos released this Aug 26, 2019 · 8 commits to master since this release

This build focuses on optimizations and reduced CPU usage the gained performance is used to enable the tool to merge information from multiple processes, when more than one are selected. When all processes are selected this results some views showing and updating ~200 000 entries what is handled with good performance.

[0.8.0] - 2019-08-26


  • added listing of unloaded DLLs (shown in gray in modules tab)
  • added "Services referencing" feature to modules tab -> column
  • added optional CPU cycle based CPU usage calculation
  • show merged informations when more than one process is sellected
  • added search (highlight) feature to the stack trace list
  • added Dangerous Flags from process hacker to the token tab
  • added job limits informations tab to the job tab
  • added search functionality to all remaining list/tree views


  • optimized cpu uage all models are now aware of hidden columns and dont query them
  • improved tree and list model performance by mor than an order of magnitude
  • some values, like per process gpu sats, are not longer queried when thair columns are hidden
  • reworked the token handling to optimize performance and properly handle situations when a Token gets replaced
  • moved Sid Resolving to a dedicated worker thread


  • issue with .NET tab not getting cleared when an other process was selected
  • fixed issue not all open file references being shopwed when a handle value was reused
  • fixed error in global memory search
  • fixed issue in token panel with the integrity combo box
Assets 4

@DavidXanatos DavidXanatos released this Aug 19, 2019 · 9 commits to master since this release

This build focuses on bug fixing and usability improvements, lots of small improvements.

[0.7.5] - 2019-08-19


  • tooltips to process tree
  • added tool-bar
  • bring to front on tray single click
  • added bring in front command to the process tree
  • disks which don't support performance queries now will get an own read/write rates graph called "unsupported" in the disk plot using ETW data
  • added option to simulate UDP pseudo connections using ETW data.
  • added hard fault count and delta
  • added process uptime informations
  • added peak handles and threads columns
  • added computer menu (lock, shutdown, reboot, etc...)
  • added users menu (enum users, status, log off, etc...)
  • added some menu icons


  • ETW is now disabled by default, its really only needed for socket data rates
  • when minimized or hiden no more ui updates to save cpu
  • better number formating, long numbers are now split in groups of 3
  • now using SYSTEM_PROCESS_INFORMATION_EXTENSION for process disk rates when possible, this is much more reliable than ETW
  • reduced cpu usage when updating thread info (more data are now loaded only on demand)
  • reduced cpu usage of window enumeration by using NtUserBuildHwndList (on windows 10) instead of FindWindowEx and by caching more data
  • reduced cpu usage by using SystemFullProcessInformation to enum processes when possible (elevation required), instead of using additional calls to get the same data
  • reorganized task menus for better usability


  • fixed issue when attaching a debugger
  • fixed resize issue when collapsing the side panel
  • fixed crash issue with text copy in service and driver views
  • fixed issue in socket listing
Assets 4

@DavidXanatos DavidXanatos released this Aug 9, 2019 · 11 commits to master since this release

This build focuses on many new system info/performance features and usability improvements.
It adds new System Info tabs showing CPU usage, GPU usage, Memory usage, individual Disk usage, and network usage.

This build also adds crash dump creation so if there is a problem and the tool crashes on you please post the *.dmp file to the issue section on github:

Last but not least as some AntiVirus-tools are blocking the kprocesshacker.sys I have added a custom xprocesshacker.sys which should not trigger AV self-defence mechanisms. Howe ever as I don't have an expensive code signing certificate I provide the driver in two variants: one self-signed that runs only on windows booted in test-mode; and the second signed with a leaked certificate which may cause a AV-tool to complain, but than just add an exception for the file and it will work. The password for the ZIP with the second variant is "leaked".

[0.7] - 2019-08-09


  • added a custom drivers as some AV software does not like kprocesshacker.sys, just unpack one of the following and it will be used instead
    -- self-signed xprocesshacker.sys driver in
    -- signed with a leaked cert in PW: leaked
  • added GDI objects tab
  • added CPU Info tab
  • added Memory/RAM Info tab including page file info
  • added Disk/IO Info tab
  • added Network Info tab also containing RAS infos
  • added GPU Info tab
  • added open path option to process tree
  • added free memory commands to tools menu
  • added crash dump creation


  • improved disk usag graph to show percentage of disk utilization instead of just data rate
  • double click on thray now toggles show/hife of the window
  • moved "Show Kernel Services" from view menu to services sub menu
  • reworked system info tab


  • fixed column issue in process picker and job tab
  • fixed total/kernel/user cpu columns showing the wrong values
  • fixed potential rais condition when initialising LibPH
  • fixed issue with settings dialog
  • fixed race condition when deleting theAPI
  • fixed crash issue on 32 bit platforms
  • fixed issue causing the elevation status not being resolved
Assets 4

@DavidXanatos DavidXanatos released this Jul 31, 2019 · 13 commits to master since this release

This release focuses on .NET support and improvements to services.

[0.6] - 2019-07-31


  • .NET stack tracking support
  • .NET Tab with assemblies and performance infos
  • panel search can now instead of only filtering also just highlight the results
  • when encountering an access denided we now try to start an elevated worker and retry
  • added option to edit service dependencies
  • forked QTabBar and QTabWidget to provide a windows like multiRow operation mode


  • taskexplorer can now be started as elevated worker or 32 bit worker not just as a service
  • improved stack trace display handling
  • improved service info window


  • memory view being unnececerly refreshed
  • fixed dpi scling issue
Assets 4
You can’t perform that action at this time.