Build v1.2.5

This build updates the driver with the ability to log kernel debug messages, when Debug Output Logging is enabled every process gets a Debug tab with its debug output and accordingly the system process is showing the Kernel Debug Output.

Other changes reorganized the UI to be more comprehensive, I would recommend to disable all System info tabs that contain graphs and use then only from the standalone System Info window. This uncluttered the UI quite a bit further more the Kernel View tab has been incorporated into the system tab and some process info tabs now are sub tabs of the general process tab.

[1.2.5] - 2020-06-01

Added

• Added debug view tab to see the debug output of individual process, when debug monitor is enabled
• Added kernel debug log option to xprocesshacker3 driver

Changed

• Sandboxie support needs to be enabled in the settings, as having it always on interfears with updating sandboxie
• moved services tab to the general tab as a sub tab
• moved environment tab to the general tab as a sub tab
• merged system info tab kernel objects and main system tab
• moved a lot of usefull generic code to MiscHelpers.dll

Fixed

• fixed tab menu checks
• fixed issue with system and task info window tabs
• fixed issue process name label forcing panel size
• fixed soem more minor ui glitches

Build v1.2.1

This build comes with many big fixes and minor usability improvements.

[1.2.1] - 2020-04-27

Added

• the TCP/IP traffic graph now show additional plots with LAN traffic based on ETW data
• services can now be stoped from the process tree contect menu

Changed

• statis column now sorts not alphabetically but by list color
• reorganized the tool bar a bit and added a few shortcuts
• switched back to the custom installer due to "compatybility" issues

Fixed

• cpu affinity was not properly loaded from file
• fixed more tray opening issues
• fixed issue displaying .NET assembly informations
• fixed issues with list coloring when not allcolors were enabled

Build v1.2

This build focuses on many large and small usability improvements as well as a few small new features.

[1.2.0] - 2020-04-20

Added

• Option to configure process name display
• Pressing the refresh toolbar button now also clears the persistence when in hold mode
• Persistent Process Presets
  -- CPU, IO, Memory Priorities and CPU Affinity can be set persitence actoss process starts
  -- Processes are identifyed by path wildcard paths can be used
  -- The mechanism can also kill undesired processes swiftly
• add pe file viewer
• Sandboxie support, sandboxed prosesses are marked in yellow and the box thay belong to is provided in the tooltip

Changed

• more options on main window close
  -- Exit confirmation dialog can now be disabled
• by default symbols are not auto downloaded, upon selecting a thread the user will be prompted whether to download them of the internet
• updated PHlib to version 3.0.3014
• updated some default collors
• switched to Inno Setup as instller

Fixed

• fixed when opening from tray window sometimes being empty

Build v1.1

This build focuses on greatly improving the tracking of process starts and display of meaningful process trees. This is accomplished by monitoring the appropriate ETW events and using this information to list short lived processes that otherwise would fall between the refresh intervals of the regular enumeration method.
A new setting "Retain parent Processes" makes task explorer keep terminated processes listed as long as there are still child or (grand,...)grandchild processes running. A new toolbar button allows to quickly switch between a list view and a tree view while retaining the list sort order.
The new build also features other UI improvements most notably a Dark Mode for those who likes it.

[1.1.0] - 2020-23-01

Added

• added Dark Theme Support
• added ETW monitoring of the processProvider
  -- allows to capture all process cration events henc elisting of very short lived processes
  -- using ETW data to set image path and command line when the process closed before we could inspect it
• added option to keep processes listed indefinetly as long as thay have still running children.
• added functionality to find some types of hidden processes, also usefull to find some already terminated processes
• added tool bar button to switch between the tree view and a list view more convinient as the last choose list sort column is remembered

Changed

• the handle tab is now present twice once as it was and once providing only an open file list

Fixed

• handle types are now sorted properly i.e. "[All]" is first
• fixed bug where in the unifyed list view switching to tree view was not possible
• fixed issue with some values not being initialized in CWinMainModule
• fixed High DPI scaling issues

Build v1.0.2

This release adds some improvements and fixes some bugs, as well as updating the used PH-library to a new version.

[1.0.2] - 2019-12-24

Added

• settign for reverse DNS to disable it when desired
• when flushing dns cache the dns cache retention is reset as well
• handle types are now sorted alphabetically

Changed

• most "unknown" values now shows teh numeric value encountered
• updated PHlib to version 3.0.2812

Fixed

• an issue with the DNS cache monitoring
• fixed issue with etw event tracking for UDP traffic
• fixed issue with thread service tag not being resolved properly

Build v1.0.1

Maintenance Release with some bug fixes, see change-log.

[1.0.1] - 2019-11-15

Changed

• improved file handle info retrival
• ewt monitoring button is now disabled when running without admin rights

Fixed

• memory leak occuring when updating per process handle list
• fixed issue with service to process association

Build v1.0

Finally we arrived at the build v1.0, this build features a extended xprocesshacker.sys that can unprotect (PPL) protected processes.
An other great new feature is a much better remote host name resolution for sockets, instead of just relying on reverse dns (which in the age of CDN's is not very reliable), we monitor ETW events emitted when a process issues a dns query. This way we know what domains every process requested and what IP's it got as answer, hence when observing a new socket we first check in this list for matching entries, when found it is almost certain the socket was opened with the intention to reach the captured domain.

Added

• xprocesshacker.sys can now unprotect and re protect protected processes (light)
• using ETW Events to monitor what domains individual processes querry
  -- enabled more accurate remote hostname column display

Changed

• cleaned up PH directory
• improved process display for the case when multiple processes are sellected
• now using https://github.com/microsoft/krabsetw to monitor ETW events
• reworked socket process association
• when opening finder the search term ist selected such it can be replaced quickly

Fixed

• no longer trying to do reverse dns on adresses that returned no results

Build v0.9.75

This release focuses on bugfixes many many bug fixes, and some usability improvements.

[0.9.75] - 2019-09-29

Added

• priority columns now show text instead of numbers (except base priority)
• added cert display to process security sub tab
• ctrl+e now expands all process tree items
• added driver config window
• added verbose error's dialog
• added more status informations

Changed

• reduced cpu usage of models
• reduced cpu usage of rate counters
• moved firewall status resolution to separate threa
• reworked thread enumeration to save cpu usage
• service and socket tabs are not longer updated when thay are not visible
• gpu per proces stat update is now performed on a as needed basis
• massivly reduced treeview cpu usage by adaping configuration

Fixed

• fixed an issue when on successfuly changing priority still an error was reported
• when starting using UAC bypass the process ended up with lower priority,
  -- fixed by now always settign higher priority on startup
• fixed bug with gpu usage column display
• fixed issue "bring in front" was always disable din the process tree
• fixed issue where thread start adresses were resolved multiple times unnececerly
• fixed crash issue when logging out users
• fixed service window not closing when ok was pressed
• fixed issue with service to process association
• fixed crash bug in reverse dns lookups on win 7

Build v0.9.50

This new build features many usability improvements and some bug fixes.

[0.9.50] - 2019-09-24

Added

• critical status added to processes state string
• critical processes / threads have an own list color
• trying to terminate a critical process or thread wil now display an additional confirmation mesage
• ctrl+c now copys the selected rows
• formating for copying panels can be set in settings
• added additional mitigation informations
• added additional informations to geneal process info
  -- details sub tab
  -- security sub tab
  -- app subtab
• added job id to job tab
• added app infos to process general tab

Changed

• resolving symbols for pool limits is only triggered once the kernel objects tab gets opened
• all priority settings have now an own groupe in the process tree
• no longer keeping a handle open to all threads when thay were not used recently
• mitigation informtions are not more verbose

Fixed

• all unselected tabs are no longer unnececerly updated at startup
• issue with private bytes displaying the wrong value
• fixed crash bug in task menu action handling
• fixed a minor issue with sid resolving

Build v0.9.25

This releases added many small convenience features, as well as a few major once.
It now has a DNS cache tab, and the date form the DNS cache are used to more reliably resolve the remote host mane to which a socket was opened. Instead of just using a reverse dns which in the age of CDN's, likecloud flare and blazing fast, is quite useless, the tool correlates new sockets with the system DNS cache this way resolving which host name the process actually requested.
Task explorer can now use the Wait Chain Traversal feature of windows to debug deadlocks of processes.
And as the version approaches 1.0 we have many bug fixed.

[0.9.25] - 2019-09-15

Added

• added remote host names resolution for the socket's tabs
• added dns cache viever with 60 min persistence
  -- the dns cache feature correlates the cached data with open sockets and provides a remote host name more reliable than reverse dns lookups
• better formating when copying panels
• added column reset option to all lists
• added f5 full refresh options
• added security explorer
• all sub windows now save their geometry
• addes Working Set Watch fature to count page faults
• added a few more pool informations
• added running object table view to kernel objects
• added Wait Chain Traversal feature to detect deadlocks
• added option to open thread tokens

Changed

• when a new process is seen in an ETW or FW event it is now created and some masic infos are loaded
• copy cell now can copy multiple cels
• when enabling/disablign columns a refresh is triggered right away to fill in the data (in caseuse has set a ver slow refresh rate)
• improved menu layout

Fixed

• fixed on copy cell did not work properly with multiple items selected
• fixed on cppy panel and row copying empty(hiden) columns
• fixed process tree horizontal scroll bar position reset on selection in tree
• fixed NtQueryInformationFile deadlock in windows 7 when querying \Device\VolMgrControl
• fixed issue where some deltas caused a overflow when the counter reset