// the find
winsiderss/systeminformer
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ https://windows-internals.com
System Informer (formerly Process Hacker) is a Windows process/resource monitor with a kernel driver for elevated visibility — think Task Manager with ring-0 access, stack traces, handle inspection, and malware detection. It's aimed at Windows power users, security researchers, and developers who need to see what's actually happening on a system, not just what the OS wants to show them. The kernel component (KSystemInformer) is what separates it from every other process monitor.
The kernel driver gives it visibility that userland tools simply cannot match — hidden processes, protected handles, image coherency checks for tampered DLLs. The plugin architecture (extmgr.c, phdk.h SDK) lets you extend it without forking the whole codebase. It ships signed kernel binaries for amd64 and arm64, which means you don't need to fight Secure Boot or test signing mode just to run it. The dynamic data system (dyndata.c, kphdyn.xml) handles undocumented kernel struct offsets across Windows versions without hardcoding them — that's genuine engineering, not a hack.
Windows-only and Visual Studio-only build — CMake support exists but feels bolted on, and the build/build_init.cmd ritual is friction you don't expect from a mature project. The codebase is essentially all C with Win32 UI, so contributing meaningfully requires knowing both Windows internals and a UI paradigm that most developers haven't touched in a decade. The kernel driver requires a valid code-signing certificate for production use, which is a real barrier for anyone wanting to ship a modified version. Documentation for the plugin SDK is thin — readme.txt in the sdk folder is not going to get you far.