Releases: DavidXanatos/TaskExplorer
Buil v1.3.0
This build updates the PH Library to 3.0.3972 and adds fixes various minor bugs.
Important Note:
The xprocesshacker.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.
You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos
ChangeLog
Changed
- changed memory search window layout
- on debug log start stop the lists are now reset
- updated MiscHelpers
- updated PHlib to version 3.0.3972
- updated QWT to version 6.1.6
- updated to use Visual studio 2019
Fixed
- fixed issues with hex string memory search
- fixed issue with updating token privileges
- fixed issues with disabled items in dark mode
- fixed race condition in etw initialization
Buil v1.2.9
This build updates the PH Library to 3.0.3014 and adds minor usability improvements.
Important Note:
The xprocesshacker.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.
If you want TaskExplorer to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos
ChangeLog
Added
- added highest thread CPU percentage to the CPU column
Changed
- tree graph background in dark mode is also dark now
- updated PHlib to version 3.0.3476
- merged ASLR, DEP, CFG, CET columns into a joined mitigations column
Buil v1.2.8
This build focuses on usability improvements and bug fixes. It solves an issue causing very high CPU usage introduced in the last build. And it introduces some mitigation to the issues caused by the driver not being signed properly.
Important Note:
The xprocesshacker.sys driver must be signed, and since the appropriate certificates are prohibitively expensive, I head to use a leaked code signing certificate I found laying around the Internets. This means some anti malware applications wrongfully flag it as potentially dangerous or a virus.
If you want TaskExplorer to get a proper EV-Code Signing Certificate please support the project through donations. You can donate via paypal at https://xanasoft.com/ or patreon https://www.patreon.com/DavidXanatos
ChangeLog
Added
- "Original Token" button to inspect the original process token of sandboxed processes
-- SbieDrv driver 5.42 or higher required - added command line option to start multiple instances
- added driver file obfuscation and driver installation dialog
Changed
- reorganized settings pages
- improved sandboxie support implementation
fixed
- fixed excessive CPU usage in new process filter
- fixed outdated data shown in token panel when no token could be obtained
Build v1.2.7
New Update with various usability improvements.
[1.2.7] - 2020-06-13
Added
- Custom run dialog with the ability to inject a DLL when starting process
- Added process filter to proces tree to improve usability
Changed
- description in the process column now shows for svchost.exe instances a list of hosted services
- esc key now clsoes the finder bar in lists
- app id column now displays teh container id if its an app
Fixed
- run dialogs now execute on return press
- error with comctl32
- user connect/login window now hides teh password
- fixed pid in process info window
- modern apps are now properly atributed to the their users
Build v1.2.6b
This build adds support for UI translations using the QtLinguist tool.
Full release.
[1.2.6] - 2020-06-02
Added
- Support for translations using the QtLinguist tool
Build v1.2.5
This build updates the driver with the ability to log kernel debug messages, when Debug Output Logging is enabled every process gets a Debug tab with its debug output and accordingly the system process is showing the Kernel Debug Output.
Other changes reorganized the UI to be more comprehensive, I would recommend to disable all System info tabs that contain graphs and use then only from the standalone System Info window. This uncluttered the UI quite a bit further more the Kernel View tab has been incorporated into the system tab and some process info tabs now are sub tabs of the general process tab.
[1.2.5] - 2020-06-01
Added
- Added debug view tab to see the debug output of individual process, when debug monitor is enabled
- Added kernel debug log option to xprocesshacker3 driver
Changed
- Sandboxie support needs to be enabled in the settings, as having it always on interfears with updating sandboxie
- moved services tab to the general tab as a sub tab
- moved environment tab to the general tab as a sub tab
- merged system info tab kernel objects and main system tab
- moved a lot of usefull generic code to MiscHelpers.dll
Fixed
- fixed tab menu checks
- fixed issue with system and task info window tabs
- fixed issue process name label forcing panel size
- fixed soem more minor ui glitches
Build v1.2.1
This build comes with many big fixes and minor usability improvements.
[1.2.1] - 2020-04-27
Added
- the TCP/IP traffic graph now show additional plots with LAN traffic based on ETW data
- services can now be stoped from the process tree contect menu
Changed
- statis column now sorts not alphabetically but by list color
- reorganized the tool bar a bit and added a few shortcuts
- switched back to the custom installer due to "compatybility" issues
Fixed
- cpu affinity was not properly loaded from file
- fixed more tray opening issues
- fixed issue displaying .NET assembly informations
- fixed issues with list coloring when not allcolors were enabled
Build v1.2
This build focuses on many large and small usability improvements as well as a few small new features.
[1.2.0] - 2020-04-20
Added
- Option to configure process name display
- Pressing the refresh toolbar button now also clears the persistence when in hold mode
- Persistent Process Presets
-- CPU, IO, Memory Priorities and CPU Affinity can be set persitence actoss process starts
-- Processes are identifyed by path wildcard paths can be used
-- The mechanism can also kill undesired processes swiftly - add pe file viewer
- Sandboxie support, sandboxed prosesses are marked in yellow and the box thay belong to is provided in the tooltip
Changed
- more options on main window close
-- Exit confirmation dialog can now be disabled - by default symbols are not auto downloaded, upon selecting a thread the user will be prompted whether to download them of the internet
- updated PHlib to version 3.0.3014
- updated some default collors
- switched to Inno Setup as instller
Fixed
- fixed when opening from tray window sometimes being empty
Build v1.1
This build focuses on greatly improving the tracking of process starts and display of meaningful process trees. This is accomplished by monitoring the appropriate ETW events and using this information to list short lived processes that otherwise would fall between the refresh intervals of the regular enumeration method.
A new setting "Retain parent Processes" makes task explorer keep terminated processes listed as long as there are still child or (grand,...)grandchild processes running. A new toolbar button allows to quickly switch between a list view and a tree view while retaining the list sort order.
The new build also features other UI improvements most notably a Dark Mode for those who likes it.
[1.1.0] - 2020-23-01
Added
- added Dark Theme Support
- added ETW monitoring of the processProvider
-- allows to capture all process cration events henc elisting of very short lived processes
-- using ETW data to set image path and command line when the process closed before we could inspect it - added option to keep processes listed indefinetly as long as thay have still running children.
- added functionality to find some types of hidden processes, also usefull to find some already terminated processes
- added tool bar button to switch between the tree view and a list view more convinient as the last choose list sort column is remembered
Changed
- the handle tab is now present twice once as it was and once providing only an open file list
Fixed
- handle types are now sorted properly i.e. "[All]" is first
- fixed bug where in the unifyed list view switching to tree view was not possible
- fixed issue with some values not being initialized in CWinMainModule
- fixed High DPI scaling issues
Build v1.0.2
This release adds some improvements and fixes some bugs, as well as updating the used PH-library to a new version.
[1.0.2] - 2019-12-24
Added
- settign for reverse DNS to disable it when desired
- when flushing dns cache the dns cache retention is reset as well
- handle types are now sorted alphabetically
Changed
- most "unknown" values now shows teh numeric value encountered
- updated PHlib to version 3.0.2812
Fixed
- an issue with the DNS cache monitoring
- fixed issue with etw event tracking for UDP traffic
- fixed issue with thread service tag not being resolved properly