David Xanatos revealed that Microsoft refused to sign the driver for the new Process Hacker without giving any further reasons.This means that newer versions of this tool (and tools such as ProcessExplorer) can no longer be used. Process Hacker is a multifunctional system monitoring software. Many researchers can use this tool to monitor their system resources, debug software or detect malware.
Microsoft China Official Store-Home
Process Hacker project address
● Official website: https://processhacker.sourceforge.io/
Windows 7 and above, support 32-bit or 64-bit.
● Provide a detailed overview of system activity information, support highlighting;
● Provide icon data and statistical data, which can help us quickly track target resources and progress;
● Can’t edit or delete files? Track the process of using the target file;
● Active network connection diagnosis, you can directly close the connection;
● Obtain real-time disk access information;
● View stack memory data in kernel mode, support WOW64 and .NET;
● Over services.msc: create, edit and control services;
● Small size, movable, no need to install;
● 100% free software (follow the GPL v3 license agreement).
David Xanatos stated:
I believe that many people are familiar with the Process Hacker tool, which is a very advanced task manager, and its user interface takes a lot of time to adapt.
It seems that the developer of the tool has encountered huge problems in getting the new driver signed by MSFT, as he reported in the Github discussion.
The signing process failed every time without any error message. Microsoft claimed that “this is beyond our support”… But Microsoft just kept messing with me until the certificate expired.
The exact same problem occurred when submitting to Microsoft Winget.
I was tired of emailing Microsoft, but I never got a response about this behavior. You can also see how many times the package failed for unexplained reasons, and the exact same problem occurred when submitting the driver: microsoft/winget-pkgs#373
Microsoft’s Process Explorer has the same function, so they are not qualified to stop competitors and then go to include exactly the same function in their own software.
Microsoft has been secretly adding more powerful features than Process Hacker through their SAC products-SAC is designed without any security-they are obviously not targeting this project because of any actual technical problems, but because we are better than them. The product is more popular, so they used the same (illegal and anti-competitive) strategy they used for Netscape Navigator to eliminate competition, but they also labeled the project malicious in an attempt to mislead competition regulators.
Most of Microsoft’s changes are limited to restricting Windows APIs (such as CreateWindowInBand, NtQuerySystemInformation, NtQueryInformationProcess, etc.) by blocking signature checks of competitor software, rather than directly targeting the driver itself.
The signature checks added to these functions and classes only block third parties, and this includes signed binary files. Because those signature checks are only for Microsoft, even if we solve the submission problem, we cannot achieve the same functions as the task manager and the process browser.
Always-on-top, Auto-elevation, DPS statistics, Default taskmgr application preferences (Microsoft hardcoded taskmgr.exe blocking competitors), GPU statistics (recently vandalized on Windows 10 and Windows 11) and DirectUI framework are what I want to achieve Some examples of functions are currently implemented by Task Manager, but are restricted by Microsoft’s proprietary signatures, and the more advanced new security such as PPL that we urgently need is also restricted by Microsoft’s proprietary signatures.
Now the only certificate that allows the use of these and other functions is limited to Microsoft’s Windows certificate-the same certificate used by Task Manager and Process Explorer-and SAC has more powerful functions than anything else (including process hacking). But there is absolutely no security.
I have been complaining about these things to Microsoft employees for many years, but the attacks have become more and more serious. Since they put malicious labels on the project last year, I have started asking our competition regulator to sue the company… Microsoft claims that now They love open source and are more transparent, but the ghosts they did on SAC, taskmgr, and procxp, while attacking competitors, trying to limit competition, and stifle projects, is really crazy.