Releases: supervoidcoder/win-witr
win-witr v0.1.15
win-witr v0.1.14
Significant performance improvements! On the GitHub actions runners each run used to be about 20-25 ms. Now it's all the way down to 12-15 ms!
However, that isn't the biggest thing here. In fact, 20-25 ms is already basically instant. The real sink was when you have a really massive tree. When making a tree that was around 100 levels deep, the program significantly slowed down, so it was directly correlated, being O(n^2). The 100-level deep tree was 230-300 ms. Now, instead of using process32 next in nested loops, I just made it into an unordered map. This immediately sped up the program back down to around 20-30 ms even for that big tree.
Given that, well, no one will probably ever have a process tree that is that long. But this was a fun optimization nonetheless. Funnily enough, the original witr (written in Go) is really slow, taking over a second for most queries. So this is pretty cool!
Changes
🐛 Fixes
- local var supposed to be public (f9a07b3)
- stray equal sign (6fb0555)
- missing time (34c439c)
- errorosroororsr (1f83782)
- try fix compile errors (5dfc598)
⚡ Performance
- enhance process time retrieval with optional pidMap parameter (44fa1da)
- cache vt terminal so only call once (ed4b19e)
- pidMap Use emplace instead of copy assignment (b68348e)
- remove entire exeTimes vector to save time (daca893)
- use a single snapshot for all functions (6bd547d)
♻️ Refactoring
- Optimize process snapshot handling using a map for improved performance (843a74c)
📋 Other Changes
win-witr v0.1.13
Now win-witr can find processes even if you don't type the .exe or type the process name exactly as is! It's also case insensitive now, so if you type notepad, it stilll finds Notepad.exe (which is the modern name for the new stupid clankerified bloated win11 notepad, the old one is still lowercase if I remember right)
yay
Changes
✨ Features
- make it case insensitive and work without an extension (f9c1fbe)
🐛 Fixes
- recompute exename inside loop or elese (a89f834)
- convert procname to string (0f7cc06)
- add mising parenthehsesssersrseesrsereserseserserserseseserserserser (34a82c0)
- move (253d8b2)
🔄 CI/CD
- remove extensions (271c09a)
📋 Other Changes
win-witr v0.1.12
feat: show related processes, essentially deduplicating processes like witr but being more helpful
Changes
✨ Features
- show related processes, essentially deduplicating processes like witr but being more helpful (0ef5a4b)
🐛 Fixes
- Fix process name storage conversion issue (c37dd60)
- type error (10f4359)
- fix type error and fix semicolon accidentally typed as colon (1242a6d)
- add missing initializing argument (cbafa76)
- another missing semicolon (a435b95)
- missing semicolon (cea6b6b)
- syntax error and terrible syntax (b9e6b64)
⚡ Performance
- make related procnames use stored vector of names rather than calling win32 api for proc name on every related process (1894fed)
♻️ Refactoring
- names is passed by value — prefer const std::vectorstd::string& (aa03023)
📋 Other Changes
- Merge branch 'main' into name-check-improvements (17cc779)
- Update process.ps1 (6e7728e)
- Update process.ps1 (147bb68)
- Update process.ps1 (5b3e47b)
- Merge branch 'main' into name-check-improvements (4dbc96a)
win-witr v0.1.11
Changes
✨ Features
- Add handles entry by using undocumented ntdll functions to get the handles (93e8bc7)
🐛 Fixes
- 😲 (6a49605)
- 🤨 (42e7281)
- 🤔 (8919dfe)
- 🤡 (cd53d7c)
- check if object name is valid before checking it (1e502c9)
- add DUPLICATE_SAME_ACCESS to param and add PROCESS_DUP_HANDLE (7dc1cce)
- add missing typedefs and casting (b2f7b95)
- make params in getlibraryprocadress const char* (4bec8be)
- modify ListProcHandles to be integrated into win-witr and use the existing handles and pids (b84c8e4)
- Change "Handle" to "HANDLE" (ee95597)
📋 Other Changes
win-witr v0.1.10
This adds the Listening: entry in win-witr just like witr! It uses iphlpapi.h to find out what ports are linked to each PID. If you run this as admin, you can even find some interesting stuff about existing Windows processes! If you see a high port number on a process such as lsass.exe, say, "49664", that's normal! Even I only learned that today...
Have fun inspecting which processes are torrenting 10 terabytes of uncensored "ram sticks breaking" footage!
Changes
✨ Features
- Make it look like witr (90337c4)
- Add a listening entry which shows which ports a process is listening to (aedc733)
🐛 Fixes
win-witr v0.1.9
Now you can see the RAM usage of a process straight from win-witr! Gone are the days where you have to wonder why there's a suspicious process born from WINWORD and uses up 12 GB of RAM
Changes
✨ Features
🐛 Fixes
- Make non-ansi path display correctly and fix int overflow error by using unsigned long long (b17f34f)
- Add missing bracket to RAM usage if (db284d3)
- Fix syntax error due to misplaced apostrophe (267924b)
win-witr v0.1.8
This adds the Working Directory: entry to win-witr's output. Making it was easy, all I had to do was copy the GetCommandLine function(used for the Command: entry) and change a few offsets that led to the working dir inside the PEB.
Changes
✨ Features
- Add working directory by copying the GetCommandLine function and changing the offsets (1b5141c)
🐛 Fixes
- Add newline to command and working directory output (6c2a99d)
win-witr v0.1.7
This adds the "Command:" entry in win-witr! This took unnecessarily longer than it had to because I used undocumented ntdll.dll functions to walk the PEB of a process. This meant I had to manually write support for all of these scenarios:
- ARM64 --> ARM64
- x64 --> x64
- x86 --> x86
- x64 --> x86 (via WoW64)
- x86 --> x64 (this sounds very illegal, but it actually uses another undocumented function that reads the memory "virtually" so you can access it. even then there's still other tricks like Heaven's Gate so it's really not that impossible)
- ARM64 --> WoW64
Most of it was copy-paste, but it took me basically a whole week. The fun part is? This could've been all easily avoided if I had just used WMI like the original witr, which used Get-CimInstance (which is WMI under the hood)! But WMI is notorious for being slow, adding around 200ms for EVERY query, which is a lot. So I did all this work and almost 700 extra lines of code just to scrape off a few hundred milliseconds. Hey, at least it was exciting! MWAHHhAHAHAHAH
Changes
✨ Features
- Add error handling for function pointer retrieval in main.cpp (68c537d)
- read WoW64 from x64 and arm64 (66e342b)
- Address code review issues. Fixed label with undefined block in build.yml. Fixed version number in release.yml and main.cpp. (90a7a56)
- Add PROCESS_BASIC_INFORMATION64 structure and update function pointer for NtWow64QueryInformationProcess64 (8054ef0)
- Add support for reading command line of 32-bit and 64-bit processes in Windows using undocumented ntdll.dll functions. That's right! UNDOCUMENTED!! MWAHHAHAHAH (e586c8e)
- make it so the program actually knows the version (960e7ea)
- add force_ansi env var (5291195)
- Add command entry by reading process PEB (cddb4f6)
🐛 Fixes
- version (29a3138)
- version number embed during compilation (65c6fbd)
- Add error handling for build process in release.yml (bb1be52)
- Improve error handling for function pointer retrieval and memory access in process command line reading (942e314)
- Replace AreWeWoW64 with IsWow64Process because i'm stupid and used teh wrong functions that didn't exis tbecause they don't exist and they don't exist due to the fact that they don't exist since they don't exist in the existence of the existencial nt kernel (5e35271)
- missing bracket (4e70436)
- correct wow64 checking (932b51f)
- add debug log (7d4d552)
- CI TESTS (51d6a74)
- add fail-fast false (1fab362)
- update error messages for Git Bash and add architecture support in GetCommandLine function (c561d7b)
- stdcerr remove (aca3416)
- add missing newline after User entry (8487b74)
- Fix typos and wrong functions (09e2dea)
- Add x64 implementation to manually read process PEB and return command line string (43b0330)
- a (07fce97)
- remove stupid useless defines (13e2ace)
- try changing dword to size_t (f20951d)
- return pointer instead of character and add missing include statement (b66390e)
- try adding #define (3c3df85)
♻️ Refactoring
- Remove debug and error logging statements for function pointer retrieval and memory access SINCE IT FINALLY WORKS NOW (6290464)
🔄 CI/CD
- add provjobd.exe handling to process.bat and create provdjob.bat (6cc86f3)
- add provjobd.exe entries to process.bat (3e3e1a1)
- add hosted-compute-agent to process.bat (151bbfc)
- more tests (038d172)
- Remove wrong or not working tests from process.bat test CI (f27388c)
- add way more process tests ci (3d24e3c)
💄 Style
- made error statements nicer (4e731b5)
📋 Other Changes
- address code review (7ddec09)
- IDK (f82f6f2)
- just add a bunch of debugs for now (3a77bd6)
- Merge branch 'main' into command-and-git-peb (16110ec)
- Merge branch 'main' into command-and-git-peb (ef2601e)
- Merge pull request #63 from supervoidcoder/main (405172c)
win-witr v0.1.6
Changes
✨ Features
- Add color to Target and Process like witr. Also add error validation (9616ba5)
- Add Target and Process fields, just like witr. This makes it so you can see the name and pid of the process name you are looking up. It can be a bit redundant, but it's in witr, so hey (358bb7d)
🐛 Fixes
- Fix syntax error in Line 599 regarding misplaced << in cout (657ae0e)
💄 Style
- Add a space in the Process entry to make it look better and remove redundant output (ae89516)
📋 Other Changes
- Avoid returning the PID as a “process name” when no match is found. (ed7e904)