Olivia
Online
Steve
@processhacker
System Informer | Process Hacker | Windows Internals | Wrangler of Dingoes
Australia
Joined March 2011
19 Following
428 Followers
49 Posts
#TaskManager and #ProcessExplorer are dead (because they lie). Long live to @SystemInformer (and shame to #Powerpoint)
@daaximus A function named "RunTimeSettings::IsJolt" was added to Windows Task Manager recently with a significant amount of warbird encryption/obfuscation for no reason?
Yeah, @Google my primary email created in 2004 and used daily for 22 years is a bot? I'm now locked out of +450 other websites including my bank, work and github which use it for MFA and have to wait several days before a human reviews the appeal?🤔🤢
My new blog post 🥳
Improving AFD Socket Visibility for Windows Forensics & Troubleshooting
It discusses the low-level API under Winsock (IOCTLs on \Device\Afd handles) and explores the workings of the new socket inspection feature in System Informer 🔥
https://t.co/UDw18wKDdc
Better socket handle visibility coming soon to @SystemInformer 🔥
When viewing a process handle table, SI will recognize files under \Device\Afd and retrieve information about their state, protocol, addresses, and more. Also works on Bluetooth and Hyper-V sockets 🤩
As promised, I've updated the blog post with details and System Informer has received a patch to account for these changes in 24H2:
https://t.co/bDf4DDtDYJ
Changes to cycle accounting in 24H2 ARM64: PMCCNTR_EL0 removed, multiple new branches in the accounting path, and feature flags gating idle thread changes. Working on updates to System Informer cycle-based usage on ARM64 and the blog post.
https://t.co/bDf4DDtDYJ
@Aiden9_ @Aiden_9 Your screenshots show Process Hacker failed with ACCESS_DENIED for MW2? How did a 15 year old game from 2009 stop PH? You can't use Process Hacker for cheating. It alerted anti-cheat via ObRegisterCallbacks and the AC blocked access by design - btw I'm the dev of PH :)
So I made a thing ☺️
Converted #phnt (Native API header files from the System Informer project) to #IDA TIL, IDC.
To import "phnt" types and function definitions to IDA and help with Reverse Engineering.
@HexRaysSA @mrexodia
Introducing #IDA_PHNT_TYPES:
https://t.co/EOC909MIH1
Microsoft finally updates documentation after 20 years @MSFTCopilot
The new Token Universe v0.5 can view and edit security descriptors on 30 types of securable objects. 🔥
It also knows how to handle complex ACLs with compound and callback ACEs, mandatory and trust labels, and more. Enjoy experimenting!
https://t.co/Rmd1MenqHI
@namazso @mrexodia @timmisiak @SystemInformer InternalGetWindowIcon doesn't return the icon for packaged processes - another issue is that function always returns a icon handle (even when the window doesn't have an icon - exceeding shared desktop heap limits and preventing applications from running)
@mrexodia @timmisiak @namazso @SystemInformer Querying the icon for packaged processes requires getting the PKEY_Tile_SmallLogoPath from FOLDERID_AppsFolder (this is documented) then using an undocumented interface called IMrtResourceManager and passing the SmallLogoPath to IResourceMap_GetFilePath (returns actual filename)
@masterchaerge The Windows Shell maps shared caches into each process for MRU (most recently used) and auto-complete (FileSystem etc...) and entire clipboard history (Winkey+V)... If the process is using shell functions then it'll have a copy of that cache in memory and find strings
@embee_research The System Informer/ProcessHacker nightly build uses debugger instrumentation for showing .NET assemblies instead of ETW events like other tools. It's able to show CLR modules otherwise hidden by exploits targeting ETW.
@elfchief @SystemInformer Disabling the driver limits viewing everything for system processes, limits thread stacks, limits handle info (ALPC, ETW and others), disables protection features (VSM/KDP) and higher cpu/memory use because no driver notifications and having to poll for changes to objects etc..
@elfchief @SystemInformer It's a Windows kernel bug from multiple drivers queuing APCs are fired more than once. It needs changes from third parties and OS. We've fixed ours but can't update the driver until Microsoft fix other issues so for now you'll need to disable the driver in the options window.
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers