[German]Brief information, which is already here with me since August 2021, but which I have not yet addressed in the blog. David Xanatos has pointed out to me that Microsoft is refusing to sign drivers for the new Process Hacker without giving any further reason. The whole thing is addressed on GitHub in this thread. This means that newer versions of this tool (and tools like ProcessExplorer) can no longer be used.
Process Hacker is a powerful and versatile tool that can be used to monitor system resources, debug software, and detect malware for free. David Xanatos had already posted a comment in the discussion area about it – on my hint – a long time ago. I'm dragging his text here into the blog post, since I clean up the discussion area from time to time.
I'm sure many are familiar with the ProcessHacker tool, a very advanced task manager with a UI that takes a lot of getting used to.
It looks like the developer of the tool has massive problems getting a new driver signed by MSFT, as he reports on a github discussion:
The signing process fails each time without any error messages and Microsoft claimed "this surpasses our support"… They've just fucked me around endlessly until the certificates expire.
The exact same issue happened when submitting to Microsoft Winget:
I tired emailing him but never got a response about this behavior. You can also see how many times the package failed for unexplained reasons and that exact same problem happens when submitting the driver: microsoft/winget-pkgs#373
Microsoft Process Explorer has the same functionality so they don't have standing to block competitors then go and include the exact same features in their own software.
Microsoft has been secretly adding more powerful features than Process Hacker via their SAC product – SAC has no security whatsoever by design – they're clearly targeting the project not because of any actual technical issues but rather because we're more popular than their products, so they're using the same (illegal and anti-competitive) tactics they used against Netscape Navigator to eliminate competition but also labeling the project malicious in an attempt to mislead the competition regulators.
The large majority of changes by Microsoft are limited to restricting the Windows API with signature checks that block competitors software (e.g. CreateWindowInBand, NtQuerySystemInformation, NtQueryInformationProcess to name a few) rather than directly targeting the drivers themselves.
The signature checks added to those functions and classes only block third-parties and this includes signed binaries. We won't be able to implement the same functionality as Task Manager and Process Explorer because of those Microsoft-only signature checks even after we sort out the submission issue.
Always-on-top, Auto-elevation, DPS statistics, Default taskmgr application preferences (Microsoft hardcoded taskmgr.exe blocking competitors), GPU statistics (deliberately broken on Win10 and Win11 recently) and the DirectUI framework are some examples of features that I want to implement and are currently implemented by Task Manager but are Microsoft-only signature restricted while newer more advanced security like PPL that we desperately need are also Microsoft-only signature restricted.
The only certificate allowed to use these and other functionality is now limited to Microsoft Windows certificates – the same certificates used with Task Manager and Process Explorer – while SAC has even more powerful functionality than anything else (including Process Hacker) with absolutely no security whatsoever.
I've been complaining to Microsoft employees for years about this stuff but the attacks keep getting worse and I've since started demanding our competition regulator prosecute the company after they labeled the project malicious last year… Microsoft claims to love open source and be more transparent these days but the bullshit they're doing with SAC, taskmgr and procxp while attacking competitors and trying to limit competition and kill off the project is insane.
I was around during the 90's and they killed Netscape with this exact same behavior by changing APIs and blocking Netscape from those same APIs.
Windows owns the market for the simple reason it's not some locked down garbage controlled system so they need to start communicating these changes if they intend to kill off third party task managers or instead doing something about the numerous complaints and issues that I have complained about or they'll end up getting prosecuted and charged by regulators again just like last time when they did this exact same bullshit with Netscape.
Cookies helps to fund this blog: Cookie settings