Changelog

Build 47 (Version 1.1)

Fixed: Reused TIDs are now matched correctly
Fixed: With "Process Start"- and "Thread Create"-events the TID was also added to the new process
Fixed: Problems with filter manager and characters like "|" and "="
Fixed: The fix in build 46 working for Windows triggered a "PNG not found"-bug under Linux
New: Consider "Process Exit"s as edges
New: Consider file rename operations as edges
New: Edge label modes (find it under options)
New: Now "old" processes can also be chosen as launcher

Fixed: Temporary paths/files with included blanks prevent successful execution of dot (thx to Adhityo Seno Aji for reporting)

Changed: Workingfiles in temp-folder have now randomly generated names instead of fixed ones
New: Multiple instances of ProcDOT are possible now. However, do not generate graphs in parallel (this behavior may change in a later build, though)!
New: Bugreporter - An easy way to create complete bug-reports
New: Other TCP/UDP operations are now considered as send (accept is handled as receive)
New: Files that have been written by a process and are read by another one tag the according process as relevant
New: Registry values being set which look like an executable file (i.e. abc.exe) tag the according process as relevant

Fixed: "'" in paths messed up .dot syntax (thx to bartblaze for reporting)
Changed: For better usability compressed mode doesn't compress autostart registry-keys anymore
Changed: Some more file extensions have been added to compressed mode

Fixed: Performance issues when generating graphs (depending on the actual content of the procmon logs)
New: Plugin path can be modified/specifically set via "pluginspath" keyword in preferences file

Fixed: Crash because of not ignoring Plugins that have been internally deactivated during the initial verification step
Fixed: RelevantBecauseOfProcmonLines is now showing the correct linenumber(s)
Fixed: Show original timestamp for frames was not stored
Fixed: Zeroing of original timestamps
New: Full Unicode support (not only replacing UTF-8 characters with "@" as it was done so far, however, the latter is still available by clicking the unicode/ascii button close to the Procmon file selection)
New: Logoutput during graph generation (can be expanded/viewed by a click on the "+") specifically for cases with graphs with many nodes where the "dot"-program can take really long to finish
New: Graph generation can be cancelled
New: Consider current DPI settings

Fixed: OnlyInPcap attribute (server nodes) is now correct
Fixed: Add filter for IP/Domain sometimes showed wrong caption
Fixed: Problems with Scintilla sharing
New: Now IP addresses only in PCAP without being a result of an DNS request are shown
New: IP addresses only in PCAP are now visually tagged by a cluster
New: All timestamps are now treated according to the set option original/nulled
New: Automatically loaded/stored layouts now consider the current desktop scenario in terms of desktops/monitors and their actual resolutions
New: Short filename to long filename (SFn2LFn) file is now obsolete due to an automation algorithm

Fixed: Mainmenuitem plugins were usable though deactivation due to automatical configuration check
Fixed: Lots of bugs with listview windows
Fixed: Some bugs with dynamic layout engine
New: "loads" edges visualize additionally loaded modules besides the "based on" ones (relevant for DLL injection stuff)
New: Plugins can now output results in TXT format using the environment variable "PROCDOTPLUGIN_ResultTXT"
New: Plugins can now output results in CSV format using the environment variable "PROCDOTPLUGIN_ResultCSV"
New: Plugins now also support a "Description" (field)
New: Opt-in for update-check also for betas

Fixed: Missing IP address in details of servers when no domain is available
Fixed: UTF-8 handling (previously saved launchers may need to be re-selected) (thx to Rob Ayers for reporting)
Fixed: Some bugs with ListIconRequester control
Changed: Add filter window now has its initial focus on the ok button
Changed: Revised b-spline highlighting
New: Hint markers for seconds and 5 seconds in the timeline
New: Option to hide hint markers for seconds and 5 seconds in timeline
New: Frame timestamps in the statusbar
New: Option to switch frame timestamps between original and zeroed
New: Plugin engine
New: Plugin manager
New: Bitmap exporter
New: Session based filters and global filters
New: Filter manager

Internal dev-builds

Fixed: Order of the file-types in the selection dialog for PCAP or TXT (thx to Rob Ayers for reporting)
Changed: Titles of detail windows
Changed: "\\" to "\" in path labels
Fixed: The current approach of internally converting PCAP to TXT sometimes leads to using an accordingly old TXT file (thx to Rob Ayers for reporting)

Internal dev-build

Fixed: Additional columns in Procmon CSVs are ignored now to not fool ProcDOT anymore - Fixed launcher signature (thx to Rob Ayers for reporting)

Fixed: Additional columns in Procmon CSVs are ignored now to not fool ProcDOT anymore (thx to Rob Ayers for reporting)
New: Added .ico files to category "GRAFX"

Internal dev-build

Fixed: LastReadTimes
Fixed: Bug with internal relevance-flags when handling injections
Fixed: Corrected original linenumbers
Fixed: <F1> now works again for displaying the legend window
Changed: Removed disabling of filter string gadget
Changed: Performance boost for "procmon2dot"
Changed: No more sticky windows
Changed: Main window state is saved/restored for current desktop resolution
New: Render option "Read only files" which let one also display files that are only read. So, ie to detect stealing of data or even loading of DLLs (incl. multistaged). => Of course this produces a lot more noise but also more truth (loaded DLLs, based-on for modules that already existed, etc.) => because of the noise I decided to have his option deactivated by default, so you have to activate it on demand.
New: Items in the details dialog can now be epanded or copied to clipboard by a right-click (cell, line, column, table)
New: Searchfield for processname in launcher-selection dialog

New: Autorecognition for column-order of Procmon-CSVs (thx to llothsedai for reporting)

Keep main window responsive to Windows messages during execution of component programs
Put a border around progress requester
Revised zoom algorithms (real 10%-steps)
A right doubleclick now fits the graph to the canvas
Graphs can now be smaller than the canvas
Implemented a caching for zoom steps
Created an according message in the improbable case of a crash
Fixed a crash based on malformed registry keys (thx to Michal Mistina for reporting and testing)

Internal dev-build