Process Hacker

Process Hacker is a tool for viewing and manipulating processes and their threads, modules, memory and handles, and viewing and editing services. It can also read/write process memory and search through process memory using literal bytes or regular expressions. It can view the command line and current directory of a process, view/edit its DEP status, and even DRM-protect and unprotect it. It can run programs as another user or as SYSTEM, LOCAL SERVICE or NETWORK SERVICE if you have administator privileges. This is achieved using a helper program which is installed as a system service (similar to PsExec). It loads symbols from various libraries automatically and uses them when displaying the call stacks of threads (just like Process Explorer). It also has a disassembler derived from OllyDbg's which can be accessed when viewing PE files' exports. It can bypass most kernel-mode hooks and user-mode hooks on ZwOpenProcess, ZwOpenThread and ZwOpenProcessToken.