Task Explorer - a new powerfull task manager

Discussion in 'other software & services' started by DavidXanatos, Jun 17, 2019.

  1. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    290
    Location:
    Viena
    new release: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.8.5


    This release focuses on bug fixing and usability improvements. An other major change is the use of the own xprocesshacker.sys driver by default, this is required as the original kprocesshacker.sys comes with a DRM that locks some functionality away from tools which are not signed by the process hacker team. With an own driver we can again mess with protected processes and read any memory location.

    The used leaked signing certificate does not seam to raise to many read flags eider, virus total:
    xprocesshacker.sys 4 false positivs https://www.virustotal.com/gui/file...066952affbb768e66ebaaf57643d5f145ec/detection
    vs
    original kprocesshacker.sys 13 false positivs https://www.virustotal.com/gui/file...91e88e118d420f20aac8e75ae3e39a7ac22/detection
    In fact we get much less than process hacker does.

    [0.8.5] - 2019-09-01
    Added
    • multi graph widget (optional individual CPU plots and individual GPU Node plots)
    • plot background/text/grid colirs can now be changed
    • added close (WM_CLOSE) and quit command (WM_QUIT)
    • added option for rates/deltas and cpu/gpu usage to show an empty string instead of '0'
    • added option to highlicht the x top resource users per column
    • reduced GUI cpu load by 20% by improved issuing of cell updates in the process tree model
    • added window title and status columns
    • added toolbar option to quickly adjust the refresh rate
    • added options to tray menu
    Changed
    • system plots now set the proper length
    • all tool bar drop down buttons have now a default action
    • now the xprocesshacker.sys is used by default
    Fixed
    • fixed issues with changing graph length
    • fixed bad color contrast of sellected items
    • fixed a crash (race condition) when closing
    • fixed issues with cycle based cpu usage calculation
    • fixed major issue with process stat display
    • fixed isue with PrivateBytesDelta column
    • fixed issue with asynchroniouse username resolution
    • fixed cpu time columns showing a wrong value
    • fixed broken protection columns DEP and ASLR
    • fixed broken file info columns size and modification time
     
  2. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    290
    Location:
    Viena
    New Release: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.9.0

    This releases added some new useful insights into the operating system and adds firewall event monitoring to be able to show blocked connection attempts.

    [0.9.0] - 2019-09-09
    Added
    • added windows firewall monitor to show blockes connection atempts
    • added network column to processes, showing if a process is or was using network sockets
    • added toolbar button to set persistence to 1h
    • added toolbar menu to quickly change item persistence
    • added kernel object tab to system panel, including the pool table and otehr informations
    • added nt object browser sub tab
    • added atom table view to the kernel objects tab
    Changed
    • The system info Drivers tab is now moved to a sub tab of the new kernel objects tab
    • the stack trace section of the thread window can now be colapsed
    Fixed
    • fixed issue disabling network adapter graphs did not work
    • fixed driver view module info was not loaded
     
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,717
    I have tried versions 0.4, 0.8.5 and lastly, v0.9 .

    I see this from Emsisoft, each time when installing the next new version. I allow it, otherwise the program will not install. Also, see the interaction from SAP, prior to Emsisoft popup appearing.

    Task Explorer v0.9.0_install_03.JPG

    Task Explorer v0.9.0_install_04.JPG
     
  4. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    290
    Location:
    Viena
    I think the issue is that nowadays everything that is not digitally signed with an expensive certificate is considered dangerous.

    Well that can be easily remedied, I just need to get like 500$/year at least on my https://www.patreon.com/DavidXanatos to be able to afford such a certificate. Okay may be not that easy given that its still at 5€/month LOL...
     
  5. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    290
    Location:
    Viena
    New release: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.9.25

    This releases added many small convenience features, as well as a few major once.
    It now has a DNS cache tab, and the date form the DNS cache are used to more reliably resolve the remote host mane to which a socket was opened. Instead of just using a reverse dns which in the age of CDN's, likecloud flare and blazing fast, is quite useless, the tool correlates new sockets with the system DNS cache this way resolving which host name the process actually requested.
    Task explorer can now use the Wait Chain Traversal feature of windows to debug deadlocks of processes.
    And as the version approaches 1.0 we have many bug fixed.

    [0.9.25] - 2019-09-15
    Added
    • added remote host names resolution for the socket's tabs
    • added dns cache viever with 60 min persistence
      -- the dns cache feature correlates the cached data with open sockets and provides a remote host name more reliable than reverse dns lookups
    • better formating when copying panels
    • added column reset option to all lists
    • added f5 full refresh options
    • added security explorer
    • all sub windows now save their geometry
    • addes Working Set Watch fature to count page faults
    • added a few more pool informations
    • added running object table view to kernel objects
    • added Wait Chain Traversal feature to detect deadlocks
    • added option to open thread tokens
    Changed
    • when a new process is seen in an ETW or FW event it is now created and some masic infos are loaded
    • copy cell now can copy multiple cels
    • when enabling/disablign columns a refresh is triggered right away to fill in the data (in caseuse has set a ver slow refresh rate)
    • improved menu layout
    Fixed
    • fixed on copy cell did not work properly with multiple items selected
    • fixed on cppy panel and row copying empty(hiden) columns
    • fixed process tree horizontal scroll bar position reset on selection in tree
    • fixed NtQueryInformationFile deadlock in windows 7 when querying \Device\VolMgrControl
    • fixed issue where some deltas caused a overflow when the counter reset
     
  6. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    290
    Location:
    Viena
    New release: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.9.50
    This new build features many usability improvements and some bug fixes.

    [0.9.50] - 2019-09-24
    Added
    • critical status added to processes state string
    • critical processes / threads have an own list color
    • trying to terminate a critical process or thread wil now display an additional confirmation mesage
    • ctrl+c now copys the selected rows
    • formating for copying panels can be set in settings
    • added additional mitigation informations
    • added additional informations to geneal process info
      -- details sub tab
      -- security sub tab
      -- app subtab
    • added job id to job tab
    • added app infos to process general tab
    Changed
    • resolving symbols for pool limits is only triggered once the kernel objects tab gets opened
    • all priority settings have now an own groupe in the process tree
    • no longer keeping a handle open to all threads when thay were not used recently
    • mitigation informtions are not more verbose
    Fixed
    • all unselected tabs are no longer unnececerly updated at startup
    • issue with private bytes displaying the wrong value
    • fixed crash bug in task menu action handling
    • fixed a minor issue with sid resolving
     
  7. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    241
    Location:
    Canada
    Saw this pop up on MajorGeeks and it points to your GitHub page, I don't have much to add other then you should really add some pictures and whatnot to GitHub that better shows off what this program actually is/does, or update the OP here with more of them and have GitHub point to this thread... maybe...

    And same goes for your other tools, like PrivateWin10, needs lots and lots of picture of like of every menu/submenu/setting/feature/etc. All IMO of course.
     
  8. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    290
    Location:
    Viena
    New release: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v0.9.75

    This release focuses on bugfixes many many bug fixes, and some usability improvements.

    [0.9.75] - 2019-09-29
    Added
    • priority columns now show text instead of numbers (except base priority)
    • added cert display to process security sub tab
    • ctrl+e now expands all process tree items
    • added driver config window
    • added verbose error's dialog
    • added more status informations
    Changed
    • reduced cpu usage of models
    • reduced cpu usage of rate counters
    • moved firewall status resolution to separate threa
    • reworked thread enumeration to save cpu usage
    • service and socket tabs are not longer updated when thay are not visible
    • gpu per proces stat update is now performed on a as needed basis
    • massivly reduced treeview cpu usage by adaping configuration
    Fixed
    • fixed an issue when on successfuly changing priority still an error was reported
    • when starting using UAC bypass the process ended up with lower priority,
      -- fixed by now always settign higher priority on startup
    • fixed bug with gpu usage column display
    • fixed issue "bring in front" was always disable din the process tree
    • fixed issue where thread start adresses were resolved multiple times unnececerly
    • fixed crash issue when logging out users
    • fixed service window not closing when ok was pressed
    • fixed issue with service to process association
    • fixed crash bug in reverse dns lookups on win 7
     
  9. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    492
    Any chance you could post your program to portableapps.com?
     
  10. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,677
    Location:
    Under a bushel ...
    Haven't tried your program (yet), but I was wondering if there were any significant differences or advantages over MiTeC Task Manager Deluxe: https://www.mitec.cz/tmx.html ?
     
  11. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    290
    Location:
    Viena
    sure I can try.

    Sure countless advantages to many to count, here a small selection of things I consider specially important:
    1. Task Explorer TE allows you to view the stack trace for every thread such that you can see that the thread is actually doing.
    2. TE's handle list can be filtered and searched in
    2b. the handle list shows much more information including file position and size, very useful to see what a process is doing.
    2c. you can close handles
    3. TE has a memory editor
    4. TE has much more columns with much more information's in pretty much EVERY list!
    5. TE can show GPU Usage!!!
    6. TE has a much more detailed system IO/ disk IO display
    7. TE has a much more detailed graph's bar.
    8. in TE you can search in EVERY list view
    9. in TE you can easily copy data from EVERY list view as text to clipboard
    10. TE shows informations about windows kernel internals, Pool, Loaded drivers, etc etc....

    etc etc etc...
     
  12. Special

    Special Registered Member

    Joined:
    Mar 23, 2016
    Posts:
    241
    Location:
    Canada
    I could never use MiTeC Task Manager Deluxe because it constantly "phoned home" to "something" on every startup, my farewall would constantly ask for rules when I had it set to "not automatically check for updates" etc. MiTeC Task Manager Deluxe is also not portable which is a no go for me nowadays too ( well you can get it portable but it wont save settings... so pointless.)

    Anyway I'm keeping tabs on this as it looks pretty good, and if you can make it "portable" that would be grand! also don't constantly "phone home" / "check for things" etc.
     
  13. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    290
    Location:
    Viena
    Well it already is portable in that sense that it does not need to be installed you can just download the zip release extract it on a usb stuck and voila "portable", it runs from any location just fine, settings are stored in a ini file if there is one in the app directory. otherwise it creates one C:\Users\[user]\AppData\Local\TaskExplorer\ to have it use one in its own rectory just create an empty text file and call it TaskExplorer.ini

    about network connections, disable the setting "download symbols" than it shouldn't make any, symbols are used to provide better stack traces of windows components.
     
  14. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    290
    Location:
    Viena
    New Release: https://github.com/DavidXanatos/TaskExplorer/releases/tag/v1.0


    Finally we arrived at the build v1.0, this build features a extended xprocesshacker.sys that can unprotect (PPL) protected processes.
    An other great new feature is a much better remote host name resolution for sockets, instead of just relying on reverse dns (which in the age of CDN's is not very reliable), we monitor ETW events emitted when a process issues a dns query. This way we know what domains every process requested and what IP's it got as answer, hence when observing a new socket we first check in this list for matching entries, when found it is almost certain the socket was opened with the intention to reach the captured domain.

    Added
    • xprocesshacker.sys can now unprotect and re protect protected processes (light)
    • using ETW Events to monitor what domains individual processes querry
      -- enabled more accurate remote hostname column display
    Changed
    • cleaned up PH directory
    • improved process display for the case when multiple processes are sellected
    • now using https://github.com/microsoft/krabsetw to monitor ETW events
    • reworked socket process association
    • when opening finder the search term ist selected such it can be replaced quickly
    Fixed
    • no longer trying to do reverse dns on adresses that returned no results
     
  15. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    290
    Location:
    Viena
    Maintenance Release with some bug fixes, see change-log.
    https://github.com/DavidXanatos/TaskExplorer/releases/tag/v1.0.1

    Changed
    • improved file handle info retrival
    • ewt monitoring button is now disabled when running without admin rights

    Fixed
    • memory leak occuring when updating per process handle list
    • fixed issue with service to process association
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.