I have been playing with process explorer and with process hacker. I initially wanted to select the best of the two but I will finally keep and use both to identify running processes (and compromised workstations). Why?
- Both tools are useful pilot light-alike tools for your e.g. MS Windows XP or 7 computers. They provide useful information on which processes are running real time on the machine.
- Both tools help identifying what a specific process does in the machine. They complement each other.
In process hacker:
- You can inject your own dlls on a running process.
- The network and the services tabs, in the main panel, help overseeing all existing network connections and services.
- You hace access to all tokens related to a process and to all registry keys in use (also in process explorer through the lower pane).
- There is even more process related information than in process explorer.
- You can create your own service and look for hidden processes.
- You don't need to install .net in your machine (since version 2).
- There is a portable app version.
- You need(ed) to install .net in your machine. [Well, not anymore - thanks to Mantas for the comment]
In process explorer:
- In the process properties option, you can perform a strings command on the process (which is useful to identify specific pieces of code). You can also do this in process hacker but it is a little more hidden in the memory tab - search string.
- The "find process" functionality is really handy. Just place the moving target on the window you wonder which process it is and it identifies the process.
- There is also a portable app version.
- Less functionality sometimes means more clarity.
- You have access to network information per process, but not in the main panel.
All in all, I am happy to rectify but I would say that process hacker provides everything that process explorer brings plus an additional set of goodies.
ps By the way, little note for the readers of this blog. If you are a passionate IT security professional, able to work in English and willing to relocate in Central Europe for some months while adding undoubtful technical Infosec value to your CV, please contact me (an email address always appears in this blog's main page).