From d3d96f0e8a957283fe9fed3fe35afc05bf8e0c56 Mon Sep 17 00:00:00 2001
From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com>
Date: Fri, 13 Feb 2026 09:39:09 -0500
Subject: [PATCH 1/9] feat: Make `Process:` entry display the window title of
 the target process instead

---
 main.cpp | 360 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 360 insertions(+)

diff --git a/main.cpp b/main.cpp
index 8258d1b..7920a25 100644
--- a/main.cpp
+++ b/main.cpp
@@ -1513,6 +1513,354 @@ return WideToString(stringBuffer);
 #endif
 }
 
+/* another massive block
+2453128674613097462347362402316408372462317652378652397816478164234
+4237842134623140236403264236492173643219462193487621394612983746973424
+242347623947623987462378462398746239187463298746987462398764728936428379462
+248764923864698723498237698327649823764879264928736482379642713642]
+
+33424234234
+234234234
+231423423
+4234234
+*/
+
+std::string GetWindowTitle(HANDLE hproc) {
+	// in this function, we will get the window title of the program
+	// by once again readding the peb
+	// it will replace the "Process" entry because 
+	// currently its a bit redundant
+	// this will be a bit more helpful while still being basically instant
+	// and if its a headless program it doesn't matter much since its going to be the .exe name either way
+	// which would be the same as not reading the PEB so better to try than nothing 
+#ifdef _M_X64
+
+
+BOOL isWow64 = FALSE;
+if (!IsWow64Process(hproc, &isWow64)) {
+    return ""; // in this case, we don't need to return an error code if it fails, we just silently fall back
+	// to the existing target name we already had so it doesn't matter much
+}
+bool isWoW64 = isWow64;
+
+if (!isWoW64) {
+
+typedef NTSTATUS (WINAPI *pNtQueryInformationProcess)(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
+auto queryInfo = (pNtQueryInformationProcess)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtQueryInformationProcess");
+if (!queryInfo) {
+    return "";
+}
+
+PROCESS_BASIC_INFORMATION pbi;
+if (queryInfo(hproc, ProcessBasicInformation, &pbi, sizeof(pbi), NULL) != 0) {
+
+    return "";
+}
+
+PVOID procParamPtr = nullptr;
+if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x20, &procParamPtr, sizeof(PVOID), NULL)) {
+    return "";
+}
+
+UNICODE_STRING cmdLStruct;
+SIZE_T bytesRead2 = 0;
+if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x38, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
+    return "";
+}
+
+if (cmdLStruct.Length == 0 || (cmdLStruct.Length % sizeof(wchar_t)) != 0 || cmdLStruct.Length > 65534) {
+    return "";
+}
+
+size_t wchar_count = cmdLStruct.Length / sizeof(wchar_t);
+std::vector<wchar_t> buffer(wchar_count + 1, 0);
+if (!ReadProcessMemory(hproc, cmdLStruct.Buffer, buffer.data(), cmdLStruct.Length, NULL))
+{
+    return "";
+}
+
+std::wstring stringBuffer = buffer.data();
+return WideToString(stringBuffer);
+
+
+} else {
+    auto queryInfo = (pNtQueryInformationProcess)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtQueryInformationProcess");
+    if (!queryInfo) {
+        v
+    }
+
+    ULONG_PTR peb32Address = 0;
+    NTSTATUS status = queryInfo(hproc, ProcessWow64Information, &peb32Address, sizeof(peb32Address), NULL);
+    if (status != 0 || peb32Address == 0) {
+        return "";
+    }
+
+    ULONG procParamPtr32 = 0;
+    if (!ReadProcessMemory(hproc, (BYTE*)peb32Address + 0x10, &procParamPtr32, sizeof(procParamPtr32), NULL)) {
+        return "";
+    }
+
+    UNICODE_STRING32 cmdLStruct32{};
+    if (!ReadProcessMemory(hproc, (BYTE*)(ULONG_PTR)procParamPtr32 + 0x24, &cmdLStruct32, sizeof(cmdLStruct32), NULL)) {
+       return "";
+    }
+
+    if (cmdLStruct32.Length == 0 || (cmdLStruct32.Length % sizeof(wchar_t)) != 0 || cmdLStruct32.Length > 65534) {
+        return "";
+    }
+
+    size_t wchar_count = cmdLStruct32.Length / sizeof(wchar_t);
+    std::vector<wchar_t> buffer(wchar_count + 1, 0);
+    if (!ReadProcessMemory(hproc, (PVOID)(ULONG_PTR)cmdLStruct32.Buffer, buffer.data(), cmdLStruct32.Length, NULL))
+    {
+        return "";
+    }
+
+    std::wstring stringBuffer = buffer.data();
+    return WideToString(stringBuffer);
+}
+ #elif defined(_M_IX86) 
+     BOOL areWeWoW64 = FALSE;
+    IsWow64Process(GetCurrentProcess(), &areWeWoW64);
+    if (!areWeWoW64) {
+        typedef NTSTATUS (WINAPI *pNtQueryInformationProcess)(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
+auto queryInfo = (pNtQueryInformationProcess)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtQueryInformationProcess");
+if (!queryInfo) {
+    return "";
+}
+
+PROCESS_BASIC_INFORMATION pbi;
+if (queryInfo(hproc, ProcessBasicInformation, &pbi, sizeof(pbi), NULL) != 0) {
+
+    return "";
+}
+
+PVOID procParamPtr = nullptr;
+if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x10, &procParamPtr, sizeof(PVOID), NULL)) {
+   return "";
+}
+
+UNICODE_STRING cmdLStruct;
+SIZE_T bytesRead2 = 0;
+if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x24, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
+    return "";
+}
+
+if (cmdLStruct.Length == 0 || (cmdLStruct.Length % sizeof(wchar_t)) != 0 || cmdLStruct.Length > 65534) {
+    return "";
+}
+
+size_t wchar_count = cmdLStruct.Length / sizeof(wchar_t);
+std::vector<wchar_t> buffer(wchar_count + 1, 0);
+if (!ReadProcessMemory(hproc, cmdLStruct.Buffer, buffer.data(), cmdLStruct.Length, NULL))
+{
+    return "";
+}
+
+std::wstring stringBuffer = buffer.data();
+return WideToString(stringBuffer);
+} else {
+
+    BOOL targetIsWow64 = FALSE;
+    
+    IsWow64Process(hproc, &targetIsWow64);
+    if (targetIsWow64) {
+
+   typedef NTSTATUS (WINAPI *pNtQueryInformationProcess)(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
+auto queryInfo = (pNtQueryInformationProcess)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtQueryInformationProcess");
+if (!queryInfo) {
+    return "";
+}
+
+PROCESS_BASIC_INFORMATION pbi;
+if (queryInfo(hproc, ProcessBasicInformation, &pbi, sizeof(pbi), NULL) != 0) {
+
+    return "";
+}
+
+PVOID procParamPtr = nullptr;
+if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x10, &procParamPtr, sizeof(PVOID), NULL)) {
+    return "";
+}
+
+UNICODE_STRING cmdLStruct;
+SIZE_T bytesRead2 = 0;
+if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x24, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
+    return "";
+}
+
+if (cmdLStruct.Length == 0 || (cmdLStruct.Length % sizeof(wchar_t)) != 0 || cmdLStruct.Length > 65534) {
+    return "";
+}
+
+size_t wchar_count = cmdLStruct.Length / sizeof(wchar_t);
+std::vector<wchar_t> buffer(wchar_count + 1, 0);
+if (!ReadProcessMemory(hproc, cmdLStruct.Buffer, buffer.data(), cmdLStruct.Length, NULL))
+{
+    return "";
+}
+
+std::wstring stringBuffer = buffer.data();
+return WideToString(stringBuffer);
+
+    } else {
+        
+        HMODULE ntdll = GetModuleHandleA("ntdll.dll");
+        auto queryInfo64 = (pNtWow64QueryInformationProcess64)GetProcAddress(ntdll, "NtWow64QueryInformationProcess64");
+        auto readMem64 = (pNtWow64ReadVirtualMemory64)GetProcAddress(ntdll, "NtWow64ReadVirtualMemory64");
+
+        if (!queryInfo64 || !readMem64) {
+            return "";
+        }
+
+        HANDLE targetHandle = hproc;
+        HANDLE openedHandle = NULL;
+        DWORD targetPid = 0;
+        if (hproc != NULL) {
+            targetPid = GetProcessId(hproc);
+        }
+        if (targetPid != 0) {
+            openedHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, targetPid);
+            if (openedHandle) targetHandle = openedHandle;
+        }
+
+        PROCESS_BASIC_INFORMATION64 pbi64{};
+        ULONG returnLen = 0;
+        NTSTATUS status = queryInfo64(targetHandle, ProcessBasicInformation, &pbi64, sizeof(pbi64), &returnLen);
+        ULONG64 peb64Address = pbi64.PebBaseAddress;
+        if (status != 0 || peb64Address == 0) {
+            if (openedHandle) CloseHandle(openedHandle);
+           return "";
+        }
+
+        ULONG64 procParamPtr64 = 0;
+        status = readMem64(targetHandle, peb64Address + 0x20, &procParamPtr64, sizeof(procParamPtr64), NULL);
+        if (status != 0) {
+            if (openedHandle) CloseHandle(openedHandle);
+           return "";
+        }
+
+        UNICODE_STRING64 cmdLStruct64;
+        status = readMem64(targetHandle, procParamPtr64 + 0x38, &cmdLStruct64, sizeof(cmdLStruct64), NULL);
+        if (status != 0) {
+            if (openedHandle) CloseHandle(openedHandle);
+           return "";
+        }
+
+        if (cmdLStruct64.Length == 0 || (cmdLStruct64.Length % sizeof(wchar_t)) != 0 || cmdLStruct64.Length > 65534) {
+            if (openedHandle) CloseHandle(openedHandle);
+            return "";
+        }
+
+        size_t wchar_count = cmdLStruct64.Length / sizeof(wchar_t);
+        std::vector<wchar_t> buffer(wchar_count + 1, 0);
+        status = readMem64(targetHandle, cmdLStruct64.Buffer, buffer.data(), cmdLStruct64.Length, NULL);
+        if (status != 0) {
+            if (openedHandle) CloseHandle(openedHandle);
+            return "";
+        }
+
+        if (openedHandle) CloseHandle(openedHandle);
+        std::wstring wstr(buffer.data());
+        return WideToString(wstr);
+    
+
+        
+    }
+
+}
+ #elif defined(_M_ARM64) 
+
+
+BOOL isWow64 = FALSE;
+if (!IsWow64Process(hproc, &isWow64)) {
+    return "";
+}
+bool isWoW64 = isWow64;
+
+if (!isWoW64) {
+
+typedef NTSTATUS (WINAPI *pNtQueryInformationProcess)(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
+auto queryInfo = (pNtQueryInformationProcess)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtQueryInformationProcess");
+
+if (!queryInfo) {
+    return "";
+}
+
+PROCESS_BASIC_INFORMATION pbi;
+if (queryInfo(hproc, ProcessBasicInformation, &pbi, sizeof(pbi), NULL) != 0) {
+
+    return "";
+}
+
+PVOID procParamPtr = nullptr;
+if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x20, &procParamPtr, sizeof(PVOID), NULL)) {
+    return "";
+}
+
+UNICODE_STRING cmdLStruct;
+SIZE_T bytesRead2 = 0;
+if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x38, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
+   return "";
+}
+
+if (cmdLStruct.Length == 0 || (cmdLStruct.Length % sizeof(wchar_t)) != 0 || cmdLStruct.Length > 65534) {
+    return "";
+}
+
+size_t wchar_count = cmdLStruct.Length / sizeof(wchar_t);
+std::vector<wchar_t> buffer(wchar_count + 1, 0);
+if (!ReadProcessMemory(hproc, cmdLStruct.Buffer, buffer.data(), cmdLStruct.Length, NULL))
+{
+    return "";
+}
+
+std::wstring stringBuffer = buffer.data();
+return WideToString(stringBuffer);
+
+
+} else {
+
+    auto queryInfo = (pNtQueryInformationProcess)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtQueryInformationProcess");
+    if (!queryInfo) {
+        return "";
+    }
+
+    ULONG_PTR peb32Address = 0;
+    NTSTATUS status = queryInfo(hproc, ProcessWow64Information, &peb32Address, sizeof(peb32Address), NULL);
+    if (status != 0 || peb32Address == 0) {
+        return "";
+    }
+
+    ULONG procParamPtr32 = 0;
+    if (!ReadProcessMemory(hproc, (BYTE*)peb32Address + 0x10, &procParamPtr32, sizeof(procParamPtr32), NULL)) {
+       return "";
+    }
+
+    UNICODE_STRING32 cmdLStruct32{};
+    if (!ReadProcessMemory(hproc, (BYTE*)(ULONG_PTR)procParamPtr32 + 0x24, &cmdLStruct32, sizeof(cmdLStruct32), NULL)) {
+       return "";
+    }
+
+    if (cmdLStruct32.Length == 0 || (cmdLStruct32.Length % sizeof(wchar_t)) != 0 || cmdLStruct32.Length > 65534) {
+        return "";
+    }
+
+    size_t wchar_count = cmdLStruct32.Length / sizeof(wchar_t);
+    std::vector<wchar_t> buffer(wchar_count + 1, 0);
+    if (!ReadProcessMemory(hproc, (PVOID)(ULONG_PTR)cmdLStruct32.Buffer, buffer.data(), cmdLStruct32.Length, NULL))
+    {
+      return "";
+    }
+
+    std::wstring stringBuffer = buffer.data();
+    return WideToString(stringBuffer);
+}
+#else 
+   return "";
+#endif
+}
+
 void PrintAncestry(DWORD pid, HANDLE hSnapshot, const std::unordered_map<DWORD, PROCESSENTRY32>& pidMap) {
 	// now we're geting the name
 // we're making it slower by adding a bunch of snapshots 
@@ -1756,7 +2104,14 @@ void PIDinspect(const std::vector<DWORD>& pids, const std::vector<std::string>&
         } while (Process32Next(hshot, &pe32));
     }
 	std::string procName = GetProcessNameFromPid(pid, hshot);
+	std::string process = GetWindowTitle(hshot);
+	
+	
 	if (virtualTerminalEnabled) {
+		if (!process == "") { 
+		std::cout << "\033[34mTarget:\033[0m " << procName << "\033[0m" << std::endl;
+		std::cout << "\033[34mProcess:\033[0m " << process << "\033[90m (pid " << std::to_string(pid) << ")\033[0m" << std::endl;
+		} else {
 		if (procName == ""){
 			std::cout << "\033[34mTarget:\033[0m N/A\n\033[34mProcess:\033[0m N/A\n";
 		} else {
@@ -1764,12 +2119,17 @@ void PIDinspect(const std::vector<DWORD>& pids, const std::vector<std::string>&
 		std::cout << "\033[34mProcess:\033[0m " << procName << "\033[90m (pid " << std::to_string(pid) << ")\033[0m" << std::endl;
 		}
 	} else {
+			if (!process == "") { 
+		std::cout << "Target: " << procName << std::endl;
+		std::cout << "Process: " << process << " (pid " << std::to_string(pid) << ")" << std::endl;
+		} else {
 		if (procName == ""){
 			std::cout << "Target: N/A\nProcess: N/A\n";
 				} else {
 		std::cout << "Target: " << procName << std::endl;
 		std::cout << "Process: " << procName << " (pid " << std::to_string(pid) << ")" << std::endl;
 		}
+		}
 	}
 	
 

From 6bded0f73e8005ce8d4f8f99de27faf7811ed2ce Mon Sep 17 00:00:00 2001
From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com>
Date: Fri, 13 Feb 2026 09:42:09 -0500
Subject: [PATCH 2/9] fix:

---
 main.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main.cpp b/main.cpp
index 7920a25..79346f8 100644
--- a/main.cpp
+++ b/main.cpp
@@ -1586,7 +1586,7 @@ return WideToString(stringBuffer);
 } else {
     auto queryInfo = (pNtQueryInformationProcess)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtQueryInformationProcess");
     if (!queryInfo) {
-        v
+        return "";
     }
 
     ULONG_PTR peb32Address = 0;
@@ -2108,7 +2108,7 @@ void PIDinspect(const std::vector<DWORD>& pids, const std::vector<std::string>&
 	
 	
 	if (virtualTerminalEnabled) {
-		if (!process == "") { 
+		if (!(process == "")) { 
 		std::cout << "\033[34mTarget:\033[0m " << procName << "\033[0m" << std::endl;
 		std::cout << "\033[34mProcess:\033[0m " << process << "\033[90m (pid " << std::to_string(pid) << ")\033[0m" << std::endl;
 		} else {

From 94139082116049de1653500c065e740be2ff6972 Mon Sep 17 00:00:00 2001
From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com>
Date: Fri, 13 Feb 2026 09:45:03 -0500
Subject: [PATCH 3/9] fix:

---
 main.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/main.cpp b/main.cpp
index 79346f8..90424d1 100644
--- a/main.cpp
+++ b/main.cpp
@@ -2111,8 +2111,8 @@ void PIDinspect(const std::vector<DWORD>& pids, const std::vector<std::string>&
 		if (!(process == "")) { 
 		std::cout << "\033[34mTarget:\033[0m " << procName << "\033[0m" << std::endl;
 		std::cout << "\033[34mProcess:\033[0m " << process << "\033[90m (pid " << std::to_string(pid) << ")\033[0m" << std::endl;
-		} else {
-		if (procName == ""){
+		} else 
+		if (procName == "") { 
 			std::cout << "\033[34mTarget:\033[0m N/A\n\033[34mProcess:\033[0m N/A\n";
 		} else {
 		std::cout << "\033[34mTarget:\033[0m " << procName << "\033[0m" << std::endl;
@@ -2129,7 +2129,7 @@ void PIDinspect(const std::vector<DWORD>& pids, const std::vector<std::string>&
 		std::cout << "Target: " << procName << std::endl;
 		std::cout << "Process: " << procName << " (pid " << std::to_string(pid) << ")" << std::endl;
 		}
-		}
+		
 	}
 	
 

From 5342543f5acde54b2cc2d1b651cccac9d108ef4a Mon Sep 17 00:00:00 2001
From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com>
Date: Fri, 13 Feb 2026 09:47:47 -0500
Subject: [PATCH 4/9] feat: The offsets for the WindowTitle in the peb are 0x50
 for x86 and 0x60 for x64

---
 main.cpp | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/main.cpp b/main.cpp
index 90424d1..8b82377 100644
--- a/main.cpp
+++ b/main.cpp
@@ -1564,7 +1564,7 @@ if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x20, &procParamPtr, s
 
 UNICODE_STRING cmdLStruct;
 SIZE_T bytesRead2 = 0;
-if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x38, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
+if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x60, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
     return "";
 }
 
@@ -1601,7 +1601,7 @@ return WideToString(stringBuffer);
     }
 
     UNICODE_STRING32 cmdLStruct32{};
-    if (!ReadProcessMemory(hproc, (BYTE*)(ULONG_PTR)procParamPtr32 + 0x24, &cmdLStruct32, sizeof(cmdLStruct32), NULL)) {
+    if (!ReadProcessMemory(hproc, (BYTE*)(ULONG_PTR)procParamPtr32 + 0x50, &cmdLStruct32, sizeof(cmdLStruct32), NULL)) {
        return "";
     }
 
@@ -1642,7 +1642,7 @@ if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x10, &procParamPtr, s
 
 UNICODE_STRING cmdLStruct;
 SIZE_T bytesRead2 = 0;
-if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x24, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
+if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x50, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
     return "";
 }
 
@@ -1685,7 +1685,7 @@ if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x10, &procParamPtr, s
 
 UNICODE_STRING cmdLStruct;
 SIZE_T bytesRead2 = 0;
-if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x24, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
+if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x50, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
     return "";
 }
 
@@ -1741,7 +1741,7 @@ return WideToString(stringBuffer);
         }
 
         UNICODE_STRING64 cmdLStruct64;
-        status = readMem64(targetHandle, procParamPtr64 + 0x38, &cmdLStruct64, sizeof(cmdLStruct64), NULL);
+        status = readMem64(targetHandle, procParamPtr64 + 0x60, &cmdLStruct64, sizeof(cmdLStruct64), NULL);
         if (status != 0) {
             if (openedHandle) CloseHandle(openedHandle);
            return "";
@@ -1800,7 +1800,7 @@ if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x20, &procParamPtr, s
 
 UNICODE_STRING cmdLStruct;
 SIZE_T bytesRead2 = 0;
-if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x38, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
+if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x60, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
    return "";
 }
 
@@ -1838,7 +1838,7 @@ return WideToString(stringBuffer);
     }
 
     UNICODE_STRING32 cmdLStruct32{};
-    if (!ReadProcessMemory(hproc, (BYTE*)(ULONG_PTR)procParamPtr32 + 0x24, &cmdLStruct32, sizeof(cmdLStruct32), NULL)) {
+    if (!ReadProcessMemory(hproc, (BYTE*)(ULONG_PTR)procParamPtr32 + 0x50, &cmdLStruct32, sizeof(cmdLStruct32), NULL)) {
        return "";
     }
 

From ce69809c06e8cfb2d2c7d21bb7c80874d9b9b96a Mon Sep 17 00:00:00 2001
From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com>
Date: Fri, 13 Feb 2026 09:50:04 -0500
Subject: [PATCH 5/9] fix:

---
 main.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/main.cpp b/main.cpp
index 8b82377..c2a4ed8 100644
--- a/main.cpp
+++ b/main.cpp
@@ -2108,7 +2108,7 @@ void PIDinspect(const std::vector<DWORD>& pids, const std::vector<std::string>&
 	
 	
 	if (virtualTerminalEnabled) {
-		if (!(process == "")) { 
+		if (!process.empty()) { 
 		std::cout << "\033[34mTarget:\033[0m " << procName << "\033[0m" << std::endl;
 		std::cout << "\033[34mProcess:\033[0m " << process << "\033[90m (pid " << std::to_string(pid) << ")\033[0m" << std::endl;
 		} else 
@@ -2119,7 +2119,7 @@ void PIDinspect(const std::vector<DWORD>& pids, const std::vector<std::string>&
 		std::cout << "\033[34mProcess:\033[0m " << procName << "\033[90m (pid " << std::to_string(pid) << ")\033[0m" << std::endl;
 		}
 	} else {
-			if (!process == "") { 
+			if (!process.empty()) { 
 		std::cout << "Target: " << procName << std::endl;
 		std::cout << "Process: " << process << " (pid " << std::to_string(pid) << ")" << std::endl;
 		} else {
@@ -2131,6 +2131,7 @@ void PIDinspect(const std::vector<DWORD>& pids, const std::vector<std::string>&
 		}
 		
 	}
+	}
 	
 
 	

From c38088cc10c4da9f8bad5ebed343b29752611b44 Mon Sep 17 00:00:00 2001
From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com>
Date: Fri, 13 Feb 2026 12:16:25 -0500
Subject: [PATCH 6/9] window title

---
 main.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/main.cpp b/main.cpp
index c2a4ed8..70295f0 100644
--- a/main.cpp
+++ b/main.cpp
@@ -2431,6 +2431,8 @@ ProcInfos findMyProc(const char *procname, HANDLE hSnapshot) {
  
 
 int main(int argc, char* argv[]) {
+	
+	SetConsoleTitle(TEXT("Windows - Why Is This Running?"));
     SetConsoleOutputCP(CP_UTF8);
     virtualTerminalEnabled = IsVirtualTerminalModeEnabled();
     for (int i = 0; i < argc; ++i) {

From fc16ada8a5be7776757780fdbb418e6e0c897d87 Mon Sep 17 00:00:00 2001
From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com>
Date: Fri, 13 Feb 2026 12:22:06 -0500
Subject: [PATCH 7/9] fix:

---
 main.cpp | 57 ++++++++++++++++++++++++++++----------------------------
 1 file changed, 29 insertions(+), 28 deletions(-)

diff --git a/main.cpp b/main.cpp
index 70295f0..c8c9b41 100644
--- a/main.cpp
+++ b/main.cpp
@@ -2103,35 +2103,7 @@ void PIDinspect(const std::vector<DWORD>& pids, const std::vector<std::string>&
             pidMap.emplace(pe32.th32ProcessID, pe32);
         } while (Process32Next(hshot, &pe32));
     }
-	std::string procName = GetProcessNameFromPid(pid, hshot);
-	std::string process = GetWindowTitle(hshot);
-	
 	
-	if (virtualTerminalEnabled) {
-		if (!process.empty()) { 
-		std::cout << "\033[34mTarget:\033[0m " << procName << "\033[0m" << std::endl;
-		std::cout << "\033[34mProcess:\033[0m " << process << "\033[90m (pid " << std::to_string(pid) << ")\033[0m" << std::endl;
-		} else 
-		if (procName == "") { 
-			std::cout << "\033[34mTarget:\033[0m N/A\n\033[34mProcess:\033[0m N/A\n";
-		} else {
-		std::cout << "\033[34mTarget:\033[0m " << procName << "\033[0m" << std::endl;
-		std::cout << "\033[34mProcess:\033[0m " << procName << "\033[90m (pid " << std::to_string(pid) << ")\033[0m" << std::endl;
-		}
-	} else {
-			if (!process.empty()) { 
-		std::cout << "Target: " << procName << std::endl;
-		std::cout << "Process: " << process << " (pid " << std::to_string(pid) << ")" << std::endl;
-		} else {
-		if (procName == ""){
-			std::cout << "Target: N/A\nProcess: N/A\n";
-				} else {
-		std::cout << "Target: " << procName << std::endl;
-		std::cout << "Process: " << procName << " (pid " << std::to_string(pid) << ")" << std::endl;
-		}
-		
-	}
-	}
 	
 
 	
@@ -2174,6 +2146,35 @@ void PIDinspect(const std::vector<DWORD>& pids, const std::vector<std::string>&
         
         
     }
+	std::string procName = GetProcessNameFromPid(pid, hshot);
+	std::string process = GetWindowTitle(hProcess);
+	
+	
+	if (virtualTerminalEnabled) {
+		if (!process.empty()) { 
+		std::cout << "\033[34mTarget:\033[0m " << procName << "\033[0m" << std::endl;
+		std::cout << "\033[34mProcess:\033[0m " << process << "\033[90m (pid " << std::to_string(pid) << ")\033[0m" << std::endl;
+		} else 
+		if (procName == "") { 
+			std::cout << "\033[34mTarget:\033[0m N/A\n\033[34mProcess:\033[0m N/A\n";
+		} else {
+		std::cout << "\033[34mTarget:\033[0m " << procName << "\033[0m" << std::endl;
+		std::cout << "\033[34mProcess:\033[0m " << procName << "\033[90m (pid " << std::to_string(pid) << ")\033[0m" << std::endl;
+		}
+	} else {
+			if (!process.empty()) { 
+		std::cout << "Target: " << procName << std::endl;
+		std::cout << "Process: " << process << " (pid " << std::to_string(pid) << ")" << std::endl;
+		} else {
+		if (procName == ""){
+			std::cout << "Target: N/A\nProcess: N/A\n";
+				} else {
+		std::cout << "Target: " << procName << std::endl;
+		std::cout << "Process: " << procName << " (pid " << std::to_string(pid) << ")" << std::endl;
+		}
+		
+	}
+	}
 
      
     char exePath[MAX_PATH] = {0};

From 3bae704adcaca01885c014678ab6a7be29dc438d Mon Sep 17 00:00:00 2001
From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com>
Date: Fri, 13 Feb 2026 13:04:49 -0500
Subject: [PATCH 8/9] fix: Actually, the offsets are 0xB0 for x64 and 0x70 for
 x86 (probably)

---
 main.cpp | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/main.cpp b/main.cpp
index c8c9b41..ee9f685 100644
--- a/main.cpp
+++ b/main.cpp
@@ -1564,7 +1564,7 @@ if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x20, &procParamPtr, s
 
 UNICODE_STRING cmdLStruct;
 SIZE_T bytesRead2 = 0;
-if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x60, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
+if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0xB0, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
     return "";
 }
 
@@ -1601,7 +1601,7 @@ return WideToString(stringBuffer);
     }
 
     UNICODE_STRING32 cmdLStruct32{};
-    if (!ReadProcessMemory(hproc, (BYTE*)(ULONG_PTR)procParamPtr32 + 0x50, &cmdLStruct32, sizeof(cmdLStruct32), NULL)) {
+    if (!ReadProcessMemory(hproc, (BYTE*)(ULONG_PTR)procParamPtr32 + 0x70, &cmdLStruct32, sizeof(cmdLStruct32), NULL)) {
        return "";
     }
 
@@ -1642,7 +1642,7 @@ if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x10, &procParamPtr, s
 
 UNICODE_STRING cmdLStruct;
 SIZE_T bytesRead2 = 0;
-if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x50, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
+if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x70, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
     return "";
 }
 
@@ -1685,7 +1685,7 @@ if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x10, &procParamPtr, s
 
 UNICODE_STRING cmdLStruct;
 SIZE_T bytesRead2 = 0;
-if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x50, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
+if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x70, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
     return "";
 }
 
@@ -1741,7 +1741,7 @@ return WideToString(stringBuffer);
         }
 
         UNICODE_STRING64 cmdLStruct64;
-        status = readMem64(targetHandle, procParamPtr64 + 0x60, &cmdLStruct64, sizeof(cmdLStruct64), NULL);
+        status = readMem64(targetHandle, procParamPtr64 + 0xB0, &cmdLStruct64, sizeof(cmdLStruct64), NULL);
         if (status != 0) {
             if (openedHandle) CloseHandle(openedHandle);
            return "";
@@ -1800,7 +1800,7 @@ if (!ReadProcessMemory(hproc, (BYTE*)pbi.PebBaseAddress + 0x20, &procParamPtr, s
 
 UNICODE_STRING cmdLStruct;
 SIZE_T bytesRead2 = 0;
-if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0x60, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
+if (!ReadProcessMemory(hproc, (BYTE*)procParamPtr + 0xB0, &cmdLStruct, sizeof(cmdLStruct), &bytesRead2)) {
    return "";
 }
 
@@ -1838,7 +1838,7 @@ return WideToString(stringBuffer);
     }
 
     UNICODE_STRING32 cmdLStruct32{};
-    if (!ReadProcessMemory(hproc, (BYTE*)(ULONG_PTR)procParamPtr32 + 0x50, &cmdLStruct32, sizeof(cmdLStruct32), NULL)) {
+    if (!ReadProcessMemory(hproc, (BYTE*)(ULONG_PTR)procParamPtr32 + 0x70, &cmdLStruct32, sizeof(cmdLStruct32), NULL)) {
        return "";
     }
 

From 68cbbc0c264301a788a5cde1da3ce5b90ba22be0 Mon Sep 17 00:00:00 2001
From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com>
Date: Fri, 13 Feb 2026 13:17:13 -0500
Subject: [PATCH 9/9] fix: