System Informer — Advanced System Monitor and Process Manager for Windows

Introduction

System Informer (formerly Process Hacker) is an advanced system monitoring and process management tool for Windows. It goes far beyond Task Manager by exposing detailed information about processes, threads, handles, network connections, services, and kernel objects. Developers and system administrators use it for debugging, performance analysis, and malware investigation.

What System Informer Does

• Displays a real-time process tree with CPU, memory, I/O, and GPU usage per process
• Shows detailed per-process information including threads, handles, modules, and memory regions
• Monitors active network connections and listening ports with process attribution
• Provides a services manager with start, stop, and configuration capabilities
• Detects hidden processes, packed executables, and suspicious activity patterns

Architecture Overview

System Informer is a native Windows application written in C. It uses direct system calls and the Windows Native API (ntdll) to gather information that standard Win32 APIs do not expose. A kernel-mode driver provides deeper access for operations like handle inspection and process termination of protected processes. The UI is a custom-drawn interface optimized for displaying large amounts of real-time data with minimal overhead.

Self-Hosting & Configuration

• Download the installer or portable ZIP from the GitHub releases page
• Run as administrator for full access to all processes and kernel information
• Configure highlighting rules to color-code processes by type (services, .NET, packed, etc.)
• Set up custom columns to display specific metrics relevant to your debugging workflow
• Enable the kernel driver during installation for advanced features like protected process access

Key Features

• Process tree view with color coding for services, own processes, and system processes
• Network tab showing TCP/UDP connections, listening ports, and associated process details
• Disk and GPU monitoring at the per-process level for performance diagnosis
• Handle and DLL inspection for debugging resource leaks and dependency issues
• Plugin system for extending functionality with community-developed modules

Comparison with Similar Tools

• Windows Task Manager — Basic overview; System Informer shows threads, handles, and kernel objects
• Process Explorer (Sysinternals) — Similar depth but closed source; System Informer is fully open source
• Process Monitor (ProcMon) — Focused on event tracing; System Informer focuses on live state inspection
• htop/btop (Linux) — Linux-only; System Informer is Windows-native with deep OS integration
• Resource Monitor (resmon) — Built into Windows but lacks process tree and handle inspection

FAQ

Q: Is System Informer the same as Process Hacker? A: Yes. The project was renamed from Process Hacker to System Informer. The codebase and development team are the same.

Q: Does it require administrator privileges? A: It runs without admin for basic process viewing, but elevated privileges are needed for full access to all processes, services, and kernel information.

Q: Is the kernel driver safe to install? A: The driver is signed and open source. It provides access to protected processes and advanced features that user-mode APIs cannot reach.

Q: Can I use it for malware analysis? A: System Informer can identify hidden processes, inspect loaded DLLs, and detect suspicious memory patterns, making it a useful first-response tool for malware triage.

Sources

• https://github.com/winsiderss/systeminformer
• https://systeminformer.sourceforge.io/