Hacking Task Manager on 1024+ Cores w/ Cool Video Demos!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

For anyone curious, this is done by injecting a .dll into Task Manager and feeding the data directly there, rather than Windows actually measuring task activity in this way.

👍︎︎ 29 👤︎︎ u/lighthawk16 📅︎︎ Oct 10 2021 🗫︎ replies

will have to check this out

👍︎︎ 7 👤︎︎ u/RandomXUsr 📅︎︎ Oct 10 2021 🗫︎ replies

Ok but why?

👍︎︎ 3 👤︎︎ u/SweetyVolty 📅︎︎ Oct 10 2021 🗫︎ replies

That’s pretty fun but it’s not really ‘hacking’ task manager!

👍︎︎ 12 👤︎︎ u/Ashrayle 📅︎︎ Oct 10 2021 🗫︎ replies

Wait.... WAIT.... WAIIITT!!!!

BAD APPLE TASK MANAGER!!! >:0

👍︎︎ 2 👤︎︎ u/Eeve2espeon 📅︎︎ Oct 11 2021 🗫︎ replies

Captions

[Music] hey i'm dave welcome to my shop today on dave's garage we're hacking task manager [Music] it means no worries as you may know i wrote the original windows task manager and today it's just going to be like an episode of mori you are not we're going to see if there's any family resemblance in order to find out if task manager looks like it's that at all can i hack the cpu heat map to display a movie of my own face lately i've seen a lot of people hacking task manager even making a display classic videos like bad apple and you've probably already seen the thumbnail for this video so you know i can do something like it at least but today's episode is really about the how it's done i'll show you how task manager can be hacked to force it to display any arbitrary grayscale movie the best and the worst part of it is that i'll do it first with the same dirty hackery that you've probably seen in some of these demos if you want a thousand cpu cores you got it baby then i'll go you one better and i'll teach you how to do it the right way on big iron with lots of real cores all totally system legal with zero dirty hackery i'll show you the cool demos i'll explain how the code to do it all works all right here today in dave's garage [Music] before we dive right on into task manager i wanted to take a second to announce that after what seems like innumerable requests i finally set up a discord server for the channel you can find a link in the video description click on the link to join me there in order to discuss the latest episode make suggestions or chat with others about the primes project night driver or anything channel related now as for task manager its history is well documented by now so i won't repeat that all here in brief i wrote the original windows task manager in my home dan back in about 1994 something i wanted just for my own use as i was a developer working on windows and it lacked one it soon caught on amongst my fellow developers at microsoft and long story short wound up in the product where the core of it survives to this very day there was a major update for windows 8 and then a more minor update in windows 10. they've lovingly added a number of cool new features and i remain a big fan of what they've done with it but as far as i know as far as i can tell under the covers it's the same bones going all the way back to 1994. one thing i didn't have to worry about back in my day was what to do if the user had a huge number of cores at the time the most cores i'd ever seen was the pair of them on my dual proc mips machine the build lab had a quad core alpha axp but nobody was loaning me one to test with since they ran something like fifty thousand dollars at the time or so i heard i decided that it was unlikely for anyone to have really more than eight cores in the windows nt4 time frame and time has proved me right on that much and thus the original windows task manager was able to handle up to eight cores though i only ever tested it by simulating those additional cores but what if you had more though did it explode the default cause of blue screen no of course not it just didn't display individual core graphs or anything beyond the eighth the overall stats even were still all correct you just couldn't see the sub-graphs beyond the eighth core as we know though even eight cores is typical these days so the developers and program managers of task manager in more recent times have had to deal not only with common machines that have many cores but also with a few cpus featuring core counts unheard of just a few years ago like 128 and even 256 cores the biggest iron in the azure data center that i know of rocks 896 cores at some point it's just not that informative to show a bajillion little graphs that you can't make much use out of them the solution was to replace the cpu graphs with a heat map grid like a census map that shows population density or some other statistic on an urban map the cpu heat map shows you how busy each individual core is by coloring its cell increasingly darker the busier the core the darker the cell it corresponds to that core if you had a 64 core epic then you could be displaying it as an 8x8 grid of those variable cells and you can vary the individual darkness of each cell so what have you really got well you've got kind of a digital grayscale photo if you think about it although a very low resolution one going up to 128 core cpu means you could do a little better like a 14 by 9 grid with two cells to spare that was the first hack that i saw myself a 3990 threadripper with 128 cores playing the japanese animation of bad apple let's take a look at what they're able to achieve with 128 cores [Music] as you can see the motion is fluid enough so the frame rate is quite high that helps a great deal as does the good grayscale mapping but the resolution is still pretty low i'd venture to say that having the original video for reference goes a long way towards helping your brain understand what it's seeing in the task manager heat map without knowing what you're looking at i think it would be a lot less compelling when i first saw this demo though i was blown away because i assumed it was fully real and then i looked a little more closely something wasn't right right off as i said the frame rate was high a little too high as it's higher than the current versions of task manager will let you do at least from one of the predefined update speeds holding down the f5 key will cause task manager to update repeatedly and while that used to be as fast as the machine can do back in my day they've throttled it down to what i'd call several frames per second now so the only way they could do this legitimately would be to send a rapid stream of update messages to the task manager all while running the movie and manipulating the cpu cores to reflect the right pixel values so far it was cool but to me the visuals just weren't high resolution enough until machines with many hundreds of cores to service pixels were available i didn't think a task manager heat map video was practical at least for now but it turns out i didn't have to wait long behold bad apple on 1024 cores now we're getting somewhere not only do we have that same crazy fast frame rate but now the time clock is also visible and if you watch it's pretty clear the video has been sped up two to three times in post production still i was impressed enough that i was willing to forgive that speed up then i noticed it was showing only a single socket with two cores not some big array of epics so how could you have 1024 logical processors on two cores didn't make a lot of sense to me the most convincing video i'd found reported 32 sockets of 28 cores for a total of 896 cores that at least match the physical attributes of an intel cpu and indeed some of the microsoft data center machines have that configuration but i'm still convinced that that one was hacked and even if not the frame rate was still too high even if they had to hack task manager to do it it's still a cool achievement but not as cool as if they would have done it the right way the only problem is the frame rate as task manager will simply only update so fast in its current versions we're gonna have to live with speeding them up in post to 24 frames a second to make them all equal and for fully fluid motion i'm fortunate that my own machine has 64 cores but that's only 8x8 as i noted earlier you can get as many as 256 cores i believe and you could likely do a basic demo with that many but to run much of a graphical movie with anything recognizable in it i think you need at least 32 by 32 like an old windows 3.1 icon that gives you 1024 cores now the only way to get task manager display more cores than you actually have would be to virtualize a monster cpu or hack task manager itself before i dive into how that's done technically let's look at what's possible artistically by lying to task manager itself about how many cores the computer really has that means you inject code or hack the binary to modify the parts where it looks at the cpu core counts or where it stores them internally and then you make it do your own bidding let's look at a few more cool examples before i get into the gory details of how they're doing it here's a quick example of doom on 896 cores now this one looks particularly unconvincing i think for a number of reasons but still it serves as proof of concept for that resolution if nothing else here's minecraft with all those same caveats let's double that core count and see what can be done with 1792 cores that many cores enables the pokemon video and once you've got the kids watching they're gonna want a disney video or two so i give you the lion king also won one thousand seven hundred and ninety two cores it means no worries hakuna matata for the rest of your days but if movies are good you know what's even better games but you know how it goes you teach a task manager to play ping pong pretty soon it's trying to take over the world as cute as these games and movies are though at the end of the day they're still hacks and they're not strictly real because task manager has been modified to somewhat manually display a movie on a seat map using forged data and statistics there's a right way and a wrong way to get task manager to do your bidding let's start with the wrong way the easiest approach is to load the binary program for task manager into ida pro or gidra i've shown how to use guidry in a previous live stream that you might want to look up on my channel and they're both tools for disassembly and inspecting application binaries like the task manager program itself microsoft actually makes it pretty handy by providing debug symbols for task manager on their public symbol servers and those symbol sets even though they're presumably stripped down for public consumption still seem surprisingly complete you can load them into ghidra and it will use those symbols to assist and label the code that it generates for you in the symbols you'll find things like cpu usage and cpu heat map and on kernel times toggle which is pretty clearly called whenever the user turns off and on the kernel times option when you find the symbol for cpu heat map you can see that it's only used if you have 64 or more cores there's no option for turning off or on the heat map it's decided purely on whether or not you have enough core so if you're looking for the option to turn on the heat map i'll save you time don't bother there isn't one now you could hack the binary right at this level hard code the core count to 1024 and intercept every call to get cpu usage for a particular core to return what you want it to be the only problem is that there isn't a virus scanner on earth this can let you run a hacked up version of a windows system binary that has a digital signature to prove that it's been tampered with a slightly safer and more elegant approach if you can call it that is to use dll injection that's a mechanism whereby you write the dynamic link library or dll and get it loaded into the task manager process to do its thing a dll is nothing more than a bunch of c code that you compile into a binary program and it's basically a collection of subroutines and functions other than having a dll attach function instead of a main function dlls are quite similar to actual simple programs at least in terms of structure but how do you get your dll into a running task manager's memory space you can use the registry to configure task manager to automatically load your dll each and every time it loads but that may not be what you want you might want to load it right now and you might want to remove it when you're done the easiest way to do that then is to write your dll call set windows hook ex to load it into every process but then have your dll decline to actually load itself except in task manager your dll attach function simply looks to see who's loading the dll and if it's not taskmanager.exe it simply fails the load in that way your dll is loaded into precisely that one program since your dll is loaded into the process it can then do whatever it would like as part of it from modifying corecast to subclosing the window messages such that your dll handles the painting of the heat map entirely on its own the choice is yours and it's completely system legal with no binary patching or hacking of the task manager system at all more sensitive antivirus scanners might take objection to the injection of a dll into a process that was launched from a system binary but you can likely disable that prohibition for one time for the sake of testing that leaves only two benefits to the hacky approach the faster frame rate and the ability to claim an arbitrarily large number of cores much greater than what you physically have on the machine it's cheaper than buying the machine without any cores the first we can solve a little not quite hackery of figuring out the window message that causes a refresh of task manager and sending that message frequently or we find some other means of increasing the refresh rate since everyone else does it anyway though i'm just going to fix mine and post so they stood at 24 frames a second which is about a double speed up and leave it at that for now in terms of the frame rate but what about cores i'm fortunate to have 64 real cores in the old threadripper here but that won't be enough for a recognizable face 8x8 might be enough to make a cartoon dave icon but not a photo or a movie some months ago microsoft was gracious enough to let me use the original windows xp source code for task manager in a lecture i first gave the lecture at the university of regina up in canada but since not everybody can get into a place like that i also dated at oxford over in england whether or not my nda from microsoft still applies here matters very little to me because i'm still not comfortable discussing the internals of details that i personally worked on but i'm happy to hack on stuff that happened long after i left and i had absolutely nothing to do with the cool heat maps they've added so as far as i'm concerned the heat map is fair game we need to find out where the data is loaded into the heat map a little poking around in ida pro or gydra combined with the symbols from the public symbol server reveals what we need to know load logical cpu chart is the main function of interest it calls show logical heat map to check if there are enough cores to bother with a heat map at all and if not it shows the more conventional style of graphs by calling load multi cpu chart if there are enough cores for heat map it calls load heat map we need to do two things then we have to hack that test to convince it that we have a lot more cores than we really do then we need to set our own grayscale image data into the heat map itself the magic function that we care about is cpu heat map update data first that function calls get cpu usage data it then calls get block colors and then finally set block data but it turns out the setblock data contains the cpu data as well as the count of cores so if you compose that packet properly it should just work without ever changing the number of cores reported and indeed it does so when you see that my machine still reports 64 cores in the description but has a thousand and 24 in the graph that's precisely why and so finally as its original creator let's have a look and see if task manager bears any resemblance to me i have to size things to around 32 by 32 to get the cells to line up at which point i should correctly phase into view hey i'm dave welcome to my shop hey i'm dave welcome to my shop well it looks like that one didn't fall very far from the tree here it is at its natural speed which is still much faster than the normal task manager update speed higher contrast would yield a better video effect as would perhaps fine-tuning my conversion of the grayscale to the blue i should have dyed my beard that week perhaps at the end of the day you don't need me to tell you how to hack task manager because it turns out that hacking it it's pretty easy where people seem to be struggling though isn't doing it the right way and by the right way i mean the way i thought they were doing it initially which is where you actually have that many course whether real or virtual and the task manager is unmodified and actually reporting the correct instantaneous cpu usages from the system and they just happen to match the desired grayscale video frame it's a lot more complicated as you can imagine it's a tad challenging but is it even possible and the short answer is yes with a butt because they've intentionally limited it in the code without hackery we're limited to the less than ideal speed which again we're just going to fix the 24 in post i know i keep saying it i just want to be really transparent about that part let's have a look at how to do it correctly the way i envisioned it should work is that i would create a thread for each core set a thread affinity to lock it to that particular core then any cpu usage in that thread would be attributed precisely to that core only let's say that core needs to be 33 in order to achieve the shade of blue that i want i simply have that core busy weight until it's burned 33 percent of the available cycles and then sleep for the remaining 67 that allows the actual work going on to fit within the cpu usage reported unless real work exceeds simulated work this will give that core exactly 33 usage and it will be drawn as such in the task manager heat map some of the apis that you wind up using like create remote thread are used pretty infrequently in windows programming i've been writing win32 code since it was invented pretty much and this is only the second time i've ever needed that api and in searching google and github for information on it i stumbled across code from markrasonovich that did exactly what i hoped i would do if you don't recognize the name mark krasonovich and i hope i'm pronouncing his name right i've never actually had to say his last name you're likely not a windows developer or if you were you'd know that he is currently the chief technical officer for all of azure at microsoft he came over to microsoft from wind turtles which was a joint venture between bryce cogswell and himself to produce highly technical niche products like filemon regemon and tools to defragment your system paging file mark is not only a talented developer but as the technical head of azure he has access to big iron with many real and virtual cpus reading mark's code is always a pleasure about the only way it could be better would be if mark or sonovos wrote it raymond chen code reviewed it bob day debugged it and then kevin ross wrote an interrupt thunking layer for it i know you don't know who those people are so it's just me but trust me they're all epic mark's code seems to do precisely what i anticipated i would do with one significant exception he does create remote thread and then specifies a core to be pinned to whereas in my head i would have used create thread and then set thread affinity in fact that's another limitation of the earliest task manager implementations they were limited in most cases to operations to a theoretical 32 cpu limit because some of the apis like set thread affinity took a 32-bit mask for each bit represented a core now how good is mark's code well i was going to write one for this episode but i didn't think i could make a material improvement on what he did so i defer to the master and will showcase his azure demo i've taken the liberty of changing the frame rates at 24 frames per second for reasons previously discussed i think you'll be pleased with how good it looks how good can it look well here it is 100 real no hackery except upping the refresh to 24 frames per second and looping it all done elegantly in code that you would be wise to emulate both in style and substance i'll put a link to mark's code in the video description so be sure to go check it out it's only about 300 lines of c plus plus in one file and it's pretty easy to digest please consider subscribing to my channel if you found this episode interesting or entertaining lest we never see each other again i don't have any patreons and i don't have anything for sale i'm just in this for the subs and likes and so it'd be really deluxe if you'd leave me one of each today actually technically i do have a single item for sale in the channel store it's just that i don't keep any of the money order yourself a classic dave's garage mug sure to become a valuable collector's item upon my inevitable transformation from obscure programming host to internationally famous kpop singer until then they're available in four colors or as a complete set on the channel store with all 20 21 channel profits including from merchandise such as this going to the uw autism center in the meantime in in between time i hope to see you next time right here in dave's garage

Info

Channel: Dave's Garage

Views: 161,010

Rating: undefined out of 5

Keywords: task manager, task manager theme, task manager has been disabled by your administrator, task manager windows 10, windows task manager, task manager video, task manager bitmap

Id: oKQ1X_4JCn0

Channel Id: undefined

Length: 19min 34sec (1174 seconds)

Published: Sun Oct 10 2021