Releases: DazzleTools/wingather
v0.2.3-alpha - Remove TOPMOST, Add Cascade Positioning
wingather v0.2.3-alpha
Windows security tool that discovers suspicious, hidden, and inaccessible windows — then brings them to your attention without disrupting your desktop.
What's New in v0.2.3-alpha
TOPMOST Removed (#14)
Suspicious windows no longer receive HWND_TOPMOST (sticky z-order pin). TOPMOST persisted after wingather exited, permanently altering your desktop z-order — windows stayed pinned above everything until manually cleared. This contradicted the goal of surfacing information without disrupting workflow.
All suspicious windows now use a one-time z-order raise via bring_to_front. The highest concern window ends up on top, but the user can cover it by clicking elsewhere. No permanent side effects.
Cascade Positioning (#14)
Multiple suspicious windows are now spread around screen center instead of stacking invisibly at dead center. Previously, only the top window was visible — others were hidden directly behind it.
- Highest concern window sits at dead center
- Lower concern windows fan out to cardinal/diagonal positions (60px radius)
- 9 fixed positions (center + 8 directions), ring-based fallback for 9+
- All positions clamped to monitor work area — windows never pushed off-screen
Simplified Processing
The three-tier processing loop (high concern / low concern / normal) is replaced with a two-pass system: normal windows first, then suspicious windows sorted by concern level (5→1). Level 1 is processed last, so it ends up at center and on top of z-order.
Version System
Added PRE_RELEASE_NUM constant for PEP 440 pre-release number control. Version is now 0.2.3a1 (previously hardcoded to a0).
Installation
pip install wingatherOr from source:
git clone https://github.com/DazzleTools/wingather.git
cd wingather
pip install -e .Version History
| Version | Key Change |
|---|---|
| v0.2.3-alpha | Remove TOPMOST, add cascade positioning |
| v0.2.2-alpha | Fix missing JSON data files in pip wheel |
| v0.2.1-alpha | Suspicious-only default, auto-trust MS-signed, LOLBin exclusion |
| v0.2.0-alpha | --undo for --show-hidden, hidden window docs, dual-level versioning |
| v0.1.2-alpha | Initial release: window enumeration, concern scoring, trust verification |
Platform Support
| Platform | Status |
|---|---|
| Windows (native) | Tested |
| Windows (Git Bash/MINGW64) | Tested |
| macOS | Stubs in place |
| Linux (X11) | Stubs in place |
Requirements
- Python 3.8+
pywin32>= 305psutil>= 5.9.0- For best results, run as Administrator
v0.1.2-alpha - Hidden Window Discovery & Recovery
Windows Admin & Security Tool for Hidden Window Discovery
First release of wingather — a tool for discovering, recovering, and managing hidden or inaccessible windows on Windows.
The Problem
Windows can become invisible for many reasons: pushed off-screen after a monitor disconnect, minimized and forgotten, hidden by malware, or shrunk to near-zero size. A suspicious dialog box appears for a split second and vanishes — was it closed, timed out, or moved off-screen by another process? Standard tools like Task Manager show processes but can't reveal or recover their windows.
The Solution
wingather enumerates all top-level windows via Win32 EnumWindows, identifies their state (normal, minimized, hidden, off-screen, cloaked), and brings them front-and-center on your chosen monitor.
wingather # gather all windows to primary monitor
wingather --dry-run # see what would happen without moving anything
wingather --list-only # survey all windows
wingather --show-hidden # also reveal explicitly hidden windows
wingather -m 1 # center on secondary monitor
wingather -f "*chrome*" # filter by title/process name
wingather --json # machine-readable outputSuspicious Window Detection
Windows are scored using weighted indicators and flagged with DEFCON-style concern levels:
| Level | Label | Example Triggers | Action |
|---|---|---|---|
[!1] |
ALERT | Off-screen + dialog, trust verification failed | Set TOPMOST |
[!2] |
ALERT | Off-screen window | Set TOPMOST |
[!3] |
CONCERN | Heavily shrunk window | Set TOPMOST |
[!4] |
NOTE | Dialog, partially off-screen | Flagged only |
[!5] |
NOTE | Cloaked on another desktop | Flagged only |
Trust Verification
Built-in trusted processes (explorer.exe, etc.) are verified via path validation and Microsoft Authenticode signature before suppressing flags. A process masquerading as a trusted name triggers an immediate level 1 ALERT.
Features
- Window enumeration with DPI awareness for mixed-DPI multi-monitor setups
- Window state detection: normal, minimized, maximized, hidden, off-screen, cloaked
- DWM cloaking analysis and virtual desktop support via IVirtualDesktopManager COM
- TOPMOST z-order for high-concern windows
- Process filtering and exclusion with fnmatch patterns
- Trust system with path + Authenticode verification for default trusted processes
- JSON output for scripting and integration
- 65 unit tests covering concern scoring, trust matching, CLI parsing, and rendering
Cross-Platform
Designed with a platform abstraction layer (wingather/platforms/). Currently Windows-only; macOS and Linux/X11 stubs are in place for future development.
Requirements
- Python 3.8+
pywin32>= 305psutil>= 5.9.0- For best results, run as Administrator
Documentation
- CLI Parameters — full reference for all options
- Platform Support — status, requirements, and how to help
Changes in v0.1.2-alpha
- Fix CI build failure: switch from internal
setuptools.backends._legacy:_Backendto standardsetuptools.build_metabackend for compatibility with Python 3.9/3.10 on GitHub Actions runners