-
Notifications
You must be signed in to change notification settings - Fork 294
/
Copy pathCHANGELOG.txt
238 lines (202 loc) · 7.23 KB
/
CHANGELOG.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
v2.0.6
win11 24h2/25h2 compatibility improvements
v2.0.5
added Pnp manager callbacks
win11 22h2/23h2/24h2 compatibility improvements
v2.0.4
win11 23h2 compatibility
win11+ 24h2 compatibility improvements
fix tooltip flickering for drivers list
fix log ui highlight glitch
fix authenticode hash missing pad bytes (in some cases)
driver list tooltip now include information if the given driver is registered as filter (admin priv. required)
v2.0.3
recent win11 compatibility improvements
win11 24h2 preliminary support
v2.0.2
recent win10/win11 compatibility improvements
display more details about shimmed drivers
v2.0.1
recent win10/win11 compatibility improvements
token properties dialog changes
added and updated some object type descriptions (from Windows Internals 7ed book)
v2.0.0
added entirely new handling of object names to support embedded nulls
added Pico providers, Nmi, SiloMonitor and Errata manager callbacks
added CmControlVector viewer
added Copy Name/Copy Name (Binary) commands to the main window popup menus
added program statistics (see Help->Statistics)
added legend window description for process list
added ability to fix image sections for dumped drivers
added RegistryTransaction object view and access rights
moved "Globals" from about box to the View->System Information and rearranged it output
drivers dump operation can now be cancelled
fix display of PUNICODE_STRING dump
fix ALPC Port type objects sometimes unable to open while they can be opened
plugin sdk updated to accommodate new named objects handling
imagescope plugin updated to accomodate plugin sdk changes
elevation required features in "extras" will now request elevation instead of just been disabled
help file updated with drivers and symbols usage
internal rearrange and minor UI changes
v1.9.3
updated SeCiCallbacks search for newest Windows versions
added Windows Server 2022 support
fix win32k ApiSet resolving for Win10 21H2
fix ObCallbacks enumeration issues
support for various kernel driver helpers
ported to msvc 2022 (with backward compatibility to 2019)
bugfixes
rtls updated
v1.9.2
more Win10/11 21h2 compatibility changes
added FLT_FILTER, FLT_OBJECT structured dump
added authenticode hash calculation for loaded drivers (extras->Drivers, use popup menu on driver entry)
added coalescing callbacks to callbacks list
various minor UI changes
fix misbehavior with recent wine staging 6.x
internal rearrange
rtls updated
v1.9.1
21h2 compatibility improvements
rtls updated
v1.9.0
added Section object structured dump
added ALPC port connections list (similar to !alpc /lpc windbg command)
added MmUnloadedDrivers list
added ExCreateCallback list to the callbacks list (PR #26)
updated ApiSet plugin now support in place search filter
internal rearrange
v1.8.8
internal rearrange
view security for alpc ports (most of them)
security descriptor view dialog (object sid, dacl & sacl)
fix scm services list query
fix "jump to file may fail under certain conditions" bug
various minor UI changes
21h1 compatibility improvements
v1.8.7
20h1/20h2/21h1 compatibility improvements
added recognizing of shimmed drivers for drivers list (win10+)
show process trust label for sections if it present
plugins system extended and upgraded to support context plugins
added imagescope plugin for section object types backed by imagefile
added plugins viewer
various minor changes
treelist: fix tooltips flickering on Windows 7
turn off Spectre nonsense
rtls update
v1.8.6
reimplemented directory object dump to output more data
added callbacks registered with ExRegisterExtension
fix for pipes (PR #17)
internal rearrange
fix high cpu usage for splitter drag (report/fix by RamMerlabs)
fix security dialog regression (reported by RamMerlabs)
v1.8.5
fix object cookie
add error log
20h1/20h2 compatibility improvements
v1.8.4
support of additional helper driver
fix Windows 7 regressions
v1.8.3
internal rearrange
ported to msvc 2019 (with backward compatibility to 2017)
fix current directory value for elevated/system re-launch (reported by RamMerlabs)
v1.8.2
added Token object properties
added PsAltSystemCallHandlers to callbacks dialog
fix High DPI issues
fix Pipe security dialog not shown where available
fix multiple Wine/Wine Staging misbehavior
corrected typo in DebugObject description
more 20H1 support changes
various minor changes
v1.8.1
19H2 support
Preliminary 20H1 support
v1.8.0
improved run as localsystem feature
added plugin subsystem
added example plugin
added Sonar plugin - NDIS protocols viewer
added ApiSetView plugin - ApiSetSchema viewer (supported v2, v4, v6)
v1.7.4
added software licensing cache view (extras)
resolve apisets while viewing shadow table in Windows 10 20H1 >= 18890 builds
fix displaying sid user/domain information for private namespaces
added refresh (f5) for private namespace dialog
v1.7.3
threads list in processes dialog
view file properties for KisServiceTable/W32pServiceTable dialogs
process/thread/token object properties dialogs
bugfixes
v1.7.2
symbolic link object dump
internal fixes after profiling
support for 19H1 SeCiCallbacks scan
added and updated more object type descriptions
v1.7.1
SeCiCallbacks/g_CiCallbacks, DbgkLmdCallbacks added to the callbacks viewer
Session object view and access rights, merge pull request #8 #9
fixed regression added in 1.7.0
treelist updated
v1.7.0
code can now be compiled as C++
added W32pServiceTable view
added process list dialog (extras)
added Callback object type callbacks list (Properties->Object)
added callbacks viewer for certain callback types (registry, ps, ob, kebugcheck, se, dbg, po, io etc)
reimplemented "type" object type view (added missing fields from w10+)
reimplemented service tables extraction code
v1.6.0
ported to msvc 2017 (with backward compatibility to 2015)
reimplemented private namespaces lookup
object directory dump reflect Win10 changes
added alpc port dump and additional dialog
treelist control updated
private namespaces dialog updated
usershareddata dialog updated
internal rearrange
merge pull request #7, fix Job object process list display
multiple Wine Staging fixes
rtls updated
v1.5.5
tweaked PTL display
v1.5.4
added display of Process Trust Label for Directory object type
v1.5.3
OpenWindowStation fix
v1.5.2
internal rearrange
v1.5.1
bugfixes
v1.5.0
added Partition, DxgkCurrentDxgProcessObject objects description
added mailslots viewer dialog
added file properties for drivers (menu -> extras -> Drivers)
added FltConnectionPort object dump
switched to hde instead of ldasm
fixed Wine behavior along with some bugs
rtls updated, switched to VS2015 U3
note: Windows 10 RS2 (15063), RS1 (14393) supported as well as TH1(10240)/TH2(10586), RS3 supported (16288+ build)
v 1.4.0
drivers list and dump (menu -> extras)
kiservicetable dump for all supported Windows versions
some code revision and corrections
v 1.3.0
official support for Windows 10
private namespaces (menu -> extras)
v 1.2.0
added KUSER_SHARED_DATA dump (menu -> extras)
code revision and corrections
ported to msvc 2015
v 1.1.0
added popup menu for Process page
added file properties dialog for Process page
added descriptions for more object types
added named pipes dialog (menu -> extras)
added information for IoCompletion object type, including structured object body dump2
some code revision and corrections
v 1.0.0 (Feb 23, 2015)
initial release