System Informer、ProcessHacker系统工具
System Informer(github1 github2,下载地址)是一款开源的运行更丝滑的类似于Process Explorer的系统工具,主界面如下:
Process Hacker是System Informer的前身,也是非常好用的开源系统工具。已经停止更新了,最新为2018.2.10发布的2.39版本:
使用DriverView查看当前挂载运行的sys驱动
关闭Process Hacker工具存在kprocesshacker.sys驱动残留的问题,可用windows系统sc命令行工具强制stop卸载掉
sc stop KProcessHacker3
SERVICE_NAME: KProcessHacker3 TYPE : 1 KERNEL_DRIVER STATE : 1 STOPPED WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
可用sc query type= driver查看当前挂载运行的所有sys驱动
SERVICE_NAME: ACPI DISPLAY_NAME: Microsoft ACPI Driver TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: acpiex DISPLAY_NAME: Microsoft ACPIEx Driver TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: acpipagr DISPLAY_NAME: ACPI 处理器聚合器驱动程序 TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 。。。 。。。 SERVICE_NAME: KProcessHacker3 DISPLAY_NAME: KProcessHacker3 TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 SERVICE_NAME: SysmonDrv DISPLAY_NAME: SysmonDrv TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
浙公网安备 33010602011771号