Build v0.9.0

This releases added some new useful insights into the operating system and adds firewall event monitoring to be able to show blocked connection attempts.

[0.9.0b] - 2019-09-10

fixed

• fixed crash isue on windows 7 systems when opening permissions tab

[0.9.0] - 2019-09-09

Added

• added windows firewall monitor to show blockes connection atempts
• added network column to processes, showing if a process is or was using network sockets
• added toolbar button to set persistence to 1h
• added toolbar menu to quickly change item persistence
• added kernel object tab to system panel, including the pool table and otehr informations
• added nt object browser sub tab
• added atom table view to the kernel objects tab

Changed

• The system info Drivers tab is now moved to a sub tab of the new kernel objects tab
• the stack trace section of the thread window can now be colapsed

Fixed

• fixed issue disabling network adapter graphs did not work
• fixed driver view module info was not loaded

Build v0.8.5

This release focuses on bug fixing and usability improvements. An other major change is the use of the own xprocesshacker.sys driver by default, this is required as the original kprocesshacker.sys comes with a DRM that locks some functionality away from tools which are not signed by the process hacker team. With an own driver we can again mess with protected processes and read any memory location.

The used leaked signing certificate does not seam to raise to many read flags eider, virus total:
xprocesshacker.sys 4 false positivs https://www.virustotal.com/gui/file/ac2ed32418c81cf97dd6a53e258b4066952affbb768e66ebaaf57643d5f145ec/detection
vs
original kprocesshacker.sys 13 false positivs https://www.virustotal.com/gui/file/220a2dcf4d597f9208c0e7fd7057a91e88e118d420f20aac8e75ae3e39a7ac22/detection
In fact we get much less than process hacker does.

[0.8.5] - 2019-09-01

Added

• multi graph widget (optional individual CPU plots and individual GPU Node plots)
• plot background/text/grid colirs can now be changed
• added close (WM_CLOSE) and quit command (WM_QUIT)
• added option for rates/deltas and cpu/gpu usage to show an empty string instead of '0'
• added option to highlicht the x top resource users per column
• reduced GUI cpu load by 20% by improved issuing of cell updates in the process tree model
• added window title and status columns
• added toolbar option to quickly adjust the refresh rate
• added options to tray menu

Changed

• system plots now set the proper length
• all tool bar drop down buttons have now a default action
• now the xprocesshacker.sys is used by default

Fixed

• fixed issues with changing graph length
• fixed bad color contrast of sellected items
• fixed a crash (race condition) when closing
• fixed issues with cycle based cpu usage calculation
• fixed major issue with process stat display
• fixed isue with PrivateBytesDelta column
• fixed issue with asynchroniouse username resolution
• fixed cpu time columns showing a wrong value
• fixed broken protection columns DEP and ASLR
• fixed broken file info columns size and modification time

Build v0.8.0

This build focuses on optimizations and reduced CPU usage the gained performance is used to enable the tool to merge information from multiple processes, when more than one are selected. When all processes are selected this results some views showing and updating ~200 000 entries what is handled with good performance.

[0.8.0] - 2019-08-26

Added

• added listing of unloaded DLLs (shown in gray in modules tab)
• added "Services referencing" feature to modules tab -> column
• added optional CPU cycle based CPU usage calculation
• show merged informations when more than one process is sellected
• added search (highlight) feature to the stack trace list
• added Dangerous Flags from process hacker to the token tab
• added job limits informations tab to the job tab
• added search functionality to all remaining list/tree views

Changed

• optimized cpu uage all models are now aware of hidden columns and dont query them
• improved tree and list model performance by mor than an order of magnitude
• some values, like per process gpu sats, are not longer queried when thair columns are hidden
• reworked the token handling to optimize performance and properly handle situations when a Token gets replaced
• moved Sid Resolving to a dedicated worker thread

Fixes

• issue with .NET tab not getting cleared when an other process was selected
• fixed issue not all open file references being shopwed when a handle value was reused
• fixed error in global memory search
• fixed issue in token panel with the integrity combo box

Build v0.7.5

This build focuses on bug fixing and usability improvements, lots of small improvements.

[0.7.5] - 2019-08-19

Added

• tooltips to process tree
• added tool-bar
• bring to front on tray single click
• added bring in front command to the process tree
• disks which don't support performance queries now will get an own read/write rates graph called "unsupported" in the disk plot using ETW data
• added option to simulate UDP pseudo connections using ETW data.
• added hard fault count and delta
• added process uptime informations
• added peak handles and threads columns
• added computer menu (lock, shutdown, reboot, etc...)
• added users menu (enum users, status, log off, etc...)
• added some menu icons

Changed

• ETW is now disabled by default, its really only needed for socket data rates
• when minimized or hiden no more ui updates to save cpu
• better number formating, long numbers are now split in groups of 3
• now using SYSTEM_PROCESS_INFORMATION_EXTENSION for process disk rates when possible, this is much more reliable than ETW
• reduced cpu usage when updating thread info (more data are now loaded only on demand)
• reduced cpu usage of window enumeration by using NtUserBuildHwndList (on windows 10) instead of FindWindowEx and by caching more data
• reduced cpu usage by using SystemFullProcessInformation to enum processes when possible (elevation required), instead of using additional calls to get the same data
• reorganized task menus for better usability

Fixed

• fixed issue when attaching a debugger
• fixed resize issue when collapsing the side panel
• fixed crash issue with text copy in service and driver views
• fixed issue in socket listing

Build v0.7

This build focuses on many new system info/performance features and usability improvements.
It adds new System Info tabs showing CPU usage, GPU usage, Memory usage, individual Disk usage, and network usage.

This build also adds crash dump creation so if there is a problem and the tool crashes on you please post the *.dmp file to the issue section on github: https://github.com/DavidXanatos/TaskExplorer/issues

Last but not least as some AntiVirus-tools are blocking the kprocesshacker.sys I have added a custom xprocesshacker.sys which should not trigger AV self-defence mechanisms. Howe ever as I don't have an expensive code signing certificate I provide the driver in two variants: one self-signed that runs only on windows booted in test-mode; and the second signed with a leaked certificate which may cause a AV-tool to complain, but than just add an exception for the file and it will work. The password for the ZIP with the second variant is "leaked".

[0.7] - 2019-08-09

Added

• added a custom drivers as some AV software does not like kprocesshacker.sys, just unpack one of the following and it will be used instead
  -- self-signed xprocesshacker.sys driver in xprocesshacker_test-sign.zip
  -- signed with a leaked cert in xprocesshacker_hack-sign.zip PW: leaked
• added GDI objects tab
• added CPU Info tab
• added Memory/RAM Info tab including page file info
• added Disk/IO Info tab
• added Network Info tab also containing RAS infos
• added GPU Info tab
• added open path option to process tree
• added free memory commands to tools menu
• added crash dump creation

Changed

• improved disk usag graph to show percentage of disk utilization instead of just data rate
• double click on thray now toggles show/hife of the window
• moved "Show Kernel Services" from view menu to services sub menu
• reworked system info tab

Fixed

• fixed column issue in process picker and job tab
• fixed total/kernel/user cpu columns showing the wrong values
• fixed potential rais condition when initialising LibPH
• fixed issue with settings dialog
• fixed race condition when deleting theAPI
• fixed crash issue on 32 bit platforms
• fixed issue causing the elevation status not being resolved

Build v0.6

This release focuses on .NET support and improvements to services.

[0.6] - 2019-07-31

Added

• .NET stack tracking support
• .NET Tab with assemblies and performance infos
• panel search can now instead of only filtering also just highlight the results
• when encountering an access denided we now try to start an elevated worker and retry
• added option to edit service dependencies
• forked QTabBar and QTabWidget to provide a windows like multiRow operation mode

Changed

• taskexplorer can now be started as elevated worker or 32 bit worker not just as a service
• improved stack trace display handling
• improved service info window

Fixed

• memory view being unnececerly refreshed
• fixed dpi scling issue

Build v0.5

The build 0.5 features variolous search and filter functions making the UI much more usable, and it improves on the memory editor.
The source code can now be compiled on Linux without errors, although due to the lack of a back end it does nto do much yet.

[0.5] - 2019-07-22

Added

• added search filter to all panels by pressinf Ctrl+F
• find open file/handles/dll's
• find strings in program memory
• extended QHexEditor with the ability to search for unicode (UTF-16) strings
• added context menu to qhexeditor
• terminate tasks and close handles/sockets/windows using the del key
• added status bar infos
• add system info window in case one closed the system info panel
• disable system info tab settings when panel is collapsed

Changed

• reworked tree graph's for better performance

Fixed

• fixed an issue where reused handles woule be colored as to be removed permanently
• fixed column order getting messed up in process tree when adding/removing columns
• QHexEditor does not longer allow to replace a string with a different length string when its not in insert moe
• fixed crash bug in CWinToken::InitStaticData
• fixed a many of small bugs preventing compilation of the UI on Linux

Build v0.4

New release featuring many new usability improvements

[0.4] - 2019-07-15

Added

• gpu usage statistics
• option to reset graph
• pause refresh + refresh now
• add option to fully refresh all services
• added option to inject a dll into any running process
• use profile directory to save settings
• option to customize graph bars from the graph bar context menu
• graph now have tool tips with detailed informations
• settings dialog with options and the ability to customize list colors

Changed

• now distributing as an installer usinf https://github.com/DavidXanatos/uSetup, with the option to extract for portable mode.
• made most dialogs resizable
• select reasonable default columns

Fixed

• a 32 bit version can not longer be started on a 64-bit system as it would not work correctly, however it tries to start a 64 bit version if avilable.
• fixed process service tab not working

Build v0.3

[0.3] - 2019-07-09

Added

• tokens tab with advanced infos
• improved handle window
  -- show job info window
  -- show token info window
  -- show task info window
  -- open file lokation
  -- open registry key
  -- read/write section memory
  -- type filter now enumerates all types
• added size info to section type handle

Changed

• rewoked sid to username resolution now using a worker thread to improve performance
• CWinProcess does nto longer handle sid_user/token informations all is doem by CWinToken instead

Fixed

• fixed issue with the first graph text not being displayed
• fixed an issue causing the client to wait for 10 sec on shutdown

Build v0.2

[0.2] - 2019-07-05

Added

• memory tab, with options to dump the memory, free it or change access permissions
• advanced memory editor window
  -- forked qhexedit2 https://github.com/DavidXanatos/qhexedit to ad missing functionality, edit, lock mode, etc...
  -- added a QHexEditor class to qhexedit implementing a generic hex editor dialog with options and search capability

Changed

• I/O stats does not longer show ETW values when the is not monitoring ETW events

Fixed

• fixed Uptime column not being refreshed