From 29331fb1237491c79cbd48d390443e47694363a4 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Thu, 22 Jan 2026 10:24:10 -0500 Subject: [PATCH 01/23] feat: start doing it (not done or testde) --- main.cpp | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/main.cpp b/main.cpp index bbba898..7b85a6b 100644 --- a/main.cpp +++ b/main.cpp @@ -218,6 +218,8 @@ UPDATE: This is done now!! DWORD parentPid = 0; HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hSnapshot == INVALID_HANDLE_VALUE) return; + DWORD targetpid = pid; // the function already passes pid into us, but + // just to be safe that pid doesn't get overwritten in the loop below std::string exeName = "Unknown/Dead Process"; std::vector exeNames; std::vector exeTimes; // sorry for the crap code but idk how to make multidimensional arrays yet 😭😭😭 @@ -258,7 +260,40 @@ UPDATE: This is done now!! if (!found) break; } -CloseHandle(hSnapshot); + // we're close... but not done yet. we need to find the CHILDREN of the process now. + // We can create another loop, but this time going downwards, checking if a process + // tells us that our target pid is it's parent. This time, we don't have to worry about + // Checking if the parent is alive, because, well, since the target IS the parent, + // it must be alive. + if (Process32First(hSnapshot, &pe32)) { + do { + if (pe32.th32ProcessID == pid) { + // this time, our target pid is already stored at the very top of our list. + // this means we don't have to add target pid stuff. + // TODO: (for future optimization) we should probably move this before the + // the previous loop, since emplacing to the front requires shifting the entire list + // and therefore is inefficient, robbing us of a couple milliseconds of precious cpu time :( + + if (pe32.th32ParentProcessID == targetpid) { + exeName = WideToString(pe32.szExeFile); // this stores the name of our pid we're looking at in a var + exeNames.emplace(exeNames.begin(), exeName); // this adds this to the front of the list + // in this case, we are adding stuff to the front of the list, since we're looking at children + // you might've noticed this doesn't have an emplace_front() like emplace_back() since + // it's inefficient and the creators of the vector lib didn't do it + ULONGLONG parentTime = GetProcessCreationTime(pe32); + + } + + + found = true; + break; + } + } while (Process32Next(hSnapshot, &pe32)); + + } + + +CloseHandle(hSnapshot); // we're only closing the handle until we finish messing with the snapshot //phew thankfully we're done with that mess // now we need to reverse all the vector lists we made so // that the ancestry tree is correctly diisplayed from root to children like witr From 247d2fa5ea38fb123bb6c22e2c2566dccfad810a Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Thu, 22 Jan 2026 10:44:42 -0500 Subject: [PATCH 02/23] fix: remove leftover from copied loop (will continue working later) --- main.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.cpp b/main.cpp index 7b85a6b..64d5a9e 100644 --- a/main.cpp +++ b/main.cpp @@ -280,7 +280,7 @@ UPDATE: This is done now!! // in this case, we are adding stuff to the front of the list, since we're looking at children // you might've noticed this doesn't have an emplace_front() like emplace_back() since // it's inefficient and the creators of the vector lib didn't do it - ULONGLONG parentTime = GetProcessCreationTime(pe32); + pidNames.emplace(pidNames.begin(), pe32.th32ProcessID) } From c39999664c91c37a449f1a246c9c15ad4fe3968f Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Thu, 22 Jan 2026 11:10:23 -0500 Subject: [PATCH 03/23] fix:syntax error --- main.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.cpp b/main.cpp index 64d5a9e..78650eb 100644 --- a/main.cpp +++ b/main.cpp @@ -280,7 +280,7 @@ UPDATE: This is done now!! // in this case, we are adding stuff to the front of the list, since we're looking at children // you might've noticed this doesn't have an emplace_front() like emplace_back() since // it's inefficient and the creators of the vector lib didn't do it - pidNames.emplace(pidNames.begin(), pe32.th32ProcessID) + pidNames.emplace(pidNames.begin(), pe32.th32ProcessID); } From c6f7ea329f90daf73592f263fcd155dc5e5e9500 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Thu, 22 Jan 2026 11:35:48 -0500 Subject: [PATCH 04/23] =?UTF-8?q?feat:=20magenta=20=E2=94=94=E2=94=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- main.cpp | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/main.cpp b/main.cpp index 78650eb..4cdccdd 100644 --- a/main.cpp +++ b/main.cpp @@ -267,7 +267,7 @@ UPDATE: This is done now!! // it must be alive. if (Process32First(hSnapshot, &pe32)) { do { - if (pe32.th32ProcessID == pid) { + // this time, our target pid is already stored at the very top of our list. // this means we don't have to add target pid stuff. // TODO: (for future optimization) we should probably move this before the @@ -281,13 +281,13 @@ UPDATE: This is done now!! // you might've noticed this doesn't have an emplace_front() like emplace_back() since // it's inefficient and the creators of the vector lib didn't do it pidNames.emplace(pidNames.begin(), pe32.th32ProcessID); - + ULONGLONG childTime == GetProcessCreationTime(pe32.th32ProcessID) } found = true; break; - } + } while (Process32Next(hSnapshot, &pe32)); } @@ -313,9 +313,13 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing std::cout << " "; // this adds indentation } if (i > 0) { - - std::cout << "└─ "; // it's the little thingy thing └─ unicode from witr + if (IsVirtualTerminalModeEnabled) { + std::cout << "\033[35m└─\033[0m "; // it's the little thingy thing └─ unicode from witr + } else { + std::cout << "└─ "; + } } + std::cout << exeNames[i] << " (PID " << pidNames[i] << ")" << std::endl; } From 931ab81b6c89f7cc258b1eb2b4f06bbcc4f64118 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Thu, 22 Jan 2026 11:47:25 -0500 Subject: [PATCH 05/23] feat: keep track of children --- main.cpp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/main.cpp b/main.cpp index 4cdccdd..fa946e1 100644 --- a/main.cpp +++ b/main.cpp @@ -265,6 +265,7 @@ UPDATE: This is done now!! // tells us that our target pid is it's parent. This time, we don't have to worry about // Checking if the parent is alive, because, well, since the target IS the parent, // it must be alive. + int children = 0 // i wonder what would happen if you could set an emoji as var name if (Process32First(hSnapshot, &pe32)) { do { @@ -282,6 +283,10 @@ UPDATE: This is done now!! // it's inefficient and the creators of the vector lib didn't do it pidNames.emplace(pidNames.begin(), pe32.th32ProcessID); ULONGLONG childTime == GetProcessCreationTime(pe32.th32ProcessID) + exeTimes.emplace(exeTimes.begin(), childTime) // we don't even use this but we need to keep all the vectors the same length + parentPids.emplace(parentPids.begin(), pe32.th32ProcessID) // just fill it up, we aren't using it + children++; // keeps track of how many children we have (that sounds wrong when you say it) + } @@ -318,9 +323,10 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing } else { std::cout << "└─ "; } - } - + } // peak indentation + if (IsVirtualTerminalModeEnabled) { std::cout << exeNames[i] << " (PID " << pidNames[i] << ")" << std::endl; + } } From d01e60eff6a65adcc19dba5b82e66a27f06c56a0 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 08:39:33 -0500 Subject: [PATCH 06/23] feat: highlight target pid --- main.cpp | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/main.cpp b/main.cpp index fa946e1..c4a360b 100644 --- a/main.cpp +++ b/main.cpp @@ -325,7 +325,19 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing } } // peak indentation if (IsVirtualTerminalModeEnabled) { - std::cout << exeNames[i] << " (PID " << pidNames[i] << ")" << std::endl; + if (targetpid == pidNames[i]) { + std::cout << "\033[1;32m" << exeNames[i] << " (PID " << pidNames[i] << ")" << "\033[0m" << std::endl; + } else { + std::cout << exeNames[i] << " (PID " << pidNames[i] << ") ⬅" << std::endl; + + // since we don't have virtual terminal colors to highlight it, + // we're gonna use arrows + } else{ + std::cout << exeNames[i] << " (PID " << pidNames[i] << ")" << std::endl; + } + + + } } From 95329275d90a5c666f2d7a6485a43421fd3fb2ed Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 08:44:23 -0500 Subject: [PATCH 07/23] feat: this will probably work (made it so that it can do the um children) --- main.cpp | 6 ++++-- tests/process/process.bat | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/main.cpp b/main.cpp index c4a360b..88afcae 100644 --- a/main.cpp +++ b/main.cpp @@ -290,8 +290,7 @@ UPDATE: This is done now!! } - found = true; - break; + } while (Process32Next(hSnapshot, &pe32)); @@ -350,7 +349,10 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing if (lastParentPid != 0 && lastParentPid != 4 && (lastParentTime == 0 || lastParentTime >= lastChildTime)) { for (size_t j = 0; j < nameSize; j++) { + if (children > 0) { std::cout << " "; + children--; + } } std::cout << "└─ [Parent Process Exited]" << std::endl; } diff --git a/tests/process/process.bat b/tests/process/process.bat index 06ecc9a..fddac5c 100644 --- a/tests/process/process.bat +++ b/tests/process/process.bat @@ -1,3 +1,4 @@ win-witr winlogon.exe win-witr lsass.exe -win-witr win-witr.exe \ No newline at end of file +win-witr win-witr.exe +win-witr wininit.exe \ No newline at end of file From b94b9d2a5dcdba8e062a9d4f931db3a5c8b7c40d Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 08:45:44 -0500 Subject: [PATCH 08/23] fix: i keep forgetting to add semicolons --- main.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/main.cpp b/main.cpp index 88afcae..98b355e 100644 --- a/main.cpp +++ b/main.cpp @@ -265,7 +265,7 @@ UPDATE: This is done now!! // tells us that our target pid is it's parent. This time, we don't have to worry about // Checking if the parent is alive, because, well, since the target IS the parent, // it must be alive. - int children = 0 // i wonder what would happen if you could set an emoji as var name + int children = 0; // i wonder what would happen if you could set an emoji as var name if (Process32First(hSnapshot, &pe32)) { do { @@ -282,9 +282,9 @@ UPDATE: This is done now!! // you might've noticed this doesn't have an emplace_front() like emplace_back() since // it's inefficient and the creators of the vector lib didn't do it pidNames.emplace(pidNames.begin(), pe32.th32ProcessID); - ULONGLONG childTime == GetProcessCreationTime(pe32.th32ProcessID) - exeTimes.emplace(exeTimes.begin(), childTime) // we don't even use this but we need to keep all the vectors the same length - parentPids.emplace(parentPids.begin(), pe32.th32ProcessID) // just fill it up, we aren't using it + ULONGLONG childTime == GetProcessCreationTime(pe32.th32ProcessID); + exeTimes.emplace(exeTimes.begin(), childTime); // we don't even use this but we need to keep all the vectors the same length + parentPids.emplace(parentPids.begin(), pe32.th32ProcessID); // just fill it up, we aren't using it children++; // keeps track of how many children we have (that sounds wrong when you say it) } From 43ddf1a631067a316441e19d54d67fa81e735a96 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 08:48:15 -0500 Subject: [PATCH 09/23] fix: main.cpp(320): warning C4551: function call missing argument list main.cpp(334): error C2181: illegal else without matching if --- main.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/main.cpp b/main.cpp index 98b355e..4998209 100644 --- a/main.cpp +++ b/main.cpp @@ -317,13 +317,13 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing std::cout << " "; // this adds indentation } if (i > 0) { - if (IsVirtualTerminalModeEnabled) { + if (IsVirtualTerminalModeEnabled()) { std::cout << "\033[35m└─\033[0m "; // it's the little thingy thing └─ unicode from witr } else { std::cout << "└─ "; } } // peak indentation - if (IsVirtualTerminalModeEnabled) { + if (IsVirtualTerminalModeEnabled()) { if (targetpid == pidNames[i]) { std::cout << "\033[1;32m" << exeNames[i] << " (PID " << pidNames[i] << ")" << "\033[0m" << std::endl; } else { @@ -331,9 +331,9 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing // since we don't have virtual terminal colors to highlight it, // we're gonna use arrows - } else{ + } + }else { std::cout << exeNames[i] << " (PID " << pidNames[i] << ")" << std::endl; - } From 4bd5ea5438c5dde091186a68ca76d85de1d44690 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 08:50:09 -0500 Subject: [PATCH 10/23] fix: main.cpp(285): error C2143: syntax error: missing ';' before '==' accidentally used == instead of = --- main.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.cpp b/main.cpp index 4998209..6b4a624 100644 --- a/main.cpp +++ b/main.cpp @@ -282,7 +282,7 @@ UPDATE: This is done now!! // you might've noticed this doesn't have an emplace_front() like emplace_back() since // it's inefficient and the creators of the vector lib didn't do it pidNames.emplace(pidNames.begin(), pe32.th32ProcessID); - ULONGLONG childTime == GetProcessCreationTime(pe32.th32ProcessID); + ULONGLONG childTime = GetProcessCreationTime(pe32.th32ProcessID); exeTimes.emplace(exeTimes.begin(), childTime); // we don't even use this but we need to keep all the vectors the same length parentPids.emplace(parentPids.begin(), pe32.th32ProcessID); // just fill it up, we aren't using it children++; // keeps track of how many children we have (that sounds wrong when you say it) From afa19946828943c3a83668f9d4dcd9313270a8f8 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 08:59:50 -0500 Subject: [PATCH 11/23] fix: logic ahh error --- main.cpp | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/main.cpp b/main.cpp index 6b4a624..b22cb44 100644 --- a/main.cpp +++ b/main.cpp @@ -314,6 +314,7 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing // surprise we have nested for loops for (size_t j = 0; j < i; j++) { + if (i > pidNames.size() - children) { std::cout << " "; // this adds indentation } if (i > 0) { @@ -327,13 +328,20 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing if (targetpid == pidNames[i]) { std::cout << "\033[1;32m" << exeNames[i] << " (PID " << pidNames[i] << ")" << "\033[0m" << std::endl; } else { - std::cout << exeNames[i] << " (PID " << pidNames[i] << ") ⬅" << std::endl; + std::cout << exeNames[i] << " (PID " << pidNames[i] << ")" << std::endl; + } + }else { + if (targetpid == pidNames[i]) { + std::cout << exeNames[i] << " (PID " << pidNames[i] << ") ⬅" << std::endl; // since we don't have virtual terminal colors to highlight it, // we're gonna use arrows - } - }else { - std::cout << exeNames[i] << " (PID " << pidNames[i] << ")" << std::endl; + } + else { + std::cout << exeNames[i] << " (PID " << pidNames[i] << ")" << std::endl; + } + + @@ -349,9 +357,9 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing if (lastParentPid != 0 && lastParentPid != 4 && (lastParentTime == 0 || lastParentTime >= lastChildTime)) { for (size_t j = 0; j < nameSize; j++) { - if (children > 0) { + std::cout << " "; - children--; + } } std::cout << "└─ [Parent Process Exited]" << std::endl; From 7715300ba60249577275c2c2d7ac8d1e8e84e8ee Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 09:04:55 -0500 Subject: [PATCH 12/23] fix: mangled brazes --- main.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/main.cpp b/main.cpp index b22cb44..5d081b3 100644 --- a/main.cpp +++ b/main.cpp @@ -317,6 +317,7 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing if (i > pidNames.size() - children) { std::cout << " "; // this adds indentation } + } if (i > 0) { if (IsVirtualTerminalModeEnabled()) { std::cout << "\033[35m└─\033[0m "; // it's the little thingy thing └─ unicode from witr From 0b4d1d4e99b497589dfa0057b0ef419257b3b94e Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 09:10:06 -0500 Subject: [PATCH 13/23] fa --- main.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main.cpp b/main.cpp index 5d081b3..d205a73 100644 --- a/main.cpp +++ b/main.cpp @@ -317,7 +317,8 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing if (i > pidNames.size() - children) { std::cout << " "; // this adds indentation } - } + + if (i > 0) { if (IsVirtualTerminalModeEnabled()) { std::cout << "\033[35m└─\033[0m "; // it's the little thingy thing └─ unicode from witr From d92dc1e0ea5989bc3b25f1a88ebff76bcd7eb76d Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 09:10:33 -0500 Subject: [PATCH 14/23] h --- main.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/main.cpp b/main.cpp index d205a73..85f8c94 100644 --- a/main.cpp +++ b/main.cpp @@ -317,7 +317,10 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing if (i > pidNames.size() - children) { std::cout << " "; // this adds indentation } + else { + } + } if (i > 0) { if (IsVirtualTerminalModeEnabled()) { @@ -368,7 +371,7 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing } } } - +} From c93f975dee834c9eb21a5437263e45e3b49e8874 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 09:17:58 -0500 Subject: [PATCH 15/23] n --- main.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.cpp b/main.cpp index 85f8c94..872ad0a 100644 --- a/main.cpp +++ b/main.cpp @@ -371,7 +371,7 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing } } } -} +}} From 39457037a82c9985755e2f80fea1d37e60b358b9 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 09:33:48 -0500 Subject: [PATCH 16/23] b --- main.cpp | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/main.cpp b/main.cpp index 872ad0a..30ae29d 100644 --- a/main.cpp +++ b/main.cpp @@ -314,14 +314,9 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing // surprise we have nested for loops for (size_t j = 0; j < i; j++) { - if (i > pidNames.size() - children) { + std::cout << " "; // this adds indentation - } - else { - - } - } - + if (i > 0) { if (IsVirtualTerminalModeEnabled()) { std::cout << "\033[35m└─\033[0m "; // it's the little thingy thing └─ unicode from witr @@ -371,7 +366,7 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing } } } -}} + From 93da5fb970a6b0e503e4b387a3204f0d926b9bee Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 10:25:48 -0500 Subject: [PATCH 17/23] fix: test if it fixed --- main.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/main.cpp b/main.cpp index 30ae29d..a2ac251 100644 --- a/main.cpp +++ b/main.cpp @@ -314,16 +314,17 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing // surprise we have nested for loops for (size_t j = 0; j < i; j++) { - + if (i > pidNames.size() - children) { std::cout << " "; // this adds indentation - + } + } if (i > 0) { if (IsVirtualTerminalModeEnabled()) { std::cout << "\033[35m└─\033[0m "; // it's the little thingy thing └─ unicode from witr } else { std::cout << "└─ "; } - } // peak indentation + // peak indentation if (IsVirtualTerminalModeEnabled()) { if (targetpid == pidNames[i]) { std::cout << "\033[1;32m" << exeNames[i] << " (PID " << pidNames[i] << ")" << "\033[0m" << std::endl; @@ -348,6 +349,7 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing } } +} if (nameSize > 0) { DWORD lastParentPid = parentPids.back(); From ac8b6c501e588bb2bf85636cd438a742fc201d05 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 10:27:17 -0500 Subject: [PATCH 18/23] brackeys pls help --- main.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/main.cpp b/main.cpp index a2ac251..0bf370c 100644 --- a/main.cpp +++ b/main.cpp @@ -319,12 +319,13 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing } } if (i > 0) { + if (IsVirtualTerminalModeEnabled()) { - std::cout << "\033[35m└─\033[0m "; // it's the little thingy thing └─ unicode from witr + std::cout << "\033[35m└─\033[0m "; // it's the little thingy thing └─ unicode from witr } else { - std::cout << "└─ "; + std::cout << "└─ "; } - // peak indentation + if (IsVirtualTerminalModeEnabled()) { if (targetpid == pidNames[i]) { std::cout << "\033[1;32m" << exeNames[i] << " (PID " << pidNames[i] << ")" << "\033[0m" << std::endl; @@ -349,7 +350,6 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing } } -} if (nameSize > 0) { DWORD lastParentPid = parentPids.back(); From fcf24d9e8dd504d3839c697db920d3e21cd72fea Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 15:34:05 -0500 Subject: [PATCH 19/23] fix: indentation and formatting (probably) --- main.cpp | 25 +++++++++---------------- 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/main.cpp b/main.cpp index 0bf370c..ec8b2c2 100644 --- a/main.cpp +++ b/main.cpp @@ -308,13 +308,20 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing std::reverse(parentPids.begin(), parentPids.end()); // now get the size of one of the lists to know how many we got (they should all be the same length) size_t nameSize = exeNames.size(); + if (nameSize > 0) { + DWORD lastParentPid = parentPids.front(); + ULONGLONG lastParentTime = GetProcessCreationTime(lastParentPid); + ULONGLONG lastChildTime = exeTimes.front(); + + std::cout << "[Parent Process Exited]" << std::endl; + } for (size_t i = 0; i < nameSize; i++ ){ // size_t is an unsigned integer designed to be ridiculously big to handle monstrosities, // idk just in case some psycho has a gazillion nested procs // surprise we have nested for loops for (size_t j = 0; j < i; j++) { - if (i > pidNames.size() - children) { + if (i < nameSize - children) { std::cout << " "; // this adds indentation } } @@ -351,21 +358,7 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing } - if (nameSize > 0) { - DWORD lastParentPid = parentPids.back(); - ULONGLONG lastParentTime = GetProcessCreationTime(lastParentPid); - ULONGLONG lastChildTime = exeTimes.back(); - - if (lastParentPid != 0 && lastParentPid != 4 && - (lastParentTime == 0 || lastParentTime >= lastChildTime)) { - for (size_t j = 0; j < nameSize; j++) { - - std::cout << " "; - - } - } - std::cout << "└─ [Parent Process Exited]" << std::endl; - } + } } From c762e4e224ac882b5f83f906f0069f14d7b09240 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 15:40:30 -0500 Subject: [PATCH 20/23] fix: not showing top process --- main.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.cpp b/main.cpp index ec8b2c2..a86ee18 100644 --- a/main.cpp +++ b/main.cpp @@ -331,7 +331,7 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing std::cout << "\033[35m└─\033[0m "; // it's the little thingy thing └─ unicode from witr } else { std::cout << "└─ "; - } + }} if (IsVirtualTerminalModeEnabled()) { if (targetpid == pidNames[i]) { @@ -356,7 +356,7 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing } - } + } From 94db26ac2b9e40e6faef4c24742e024e1f6b04ad Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 15:44:46 -0500 Subject: [PATCH 21/23] =?UTF-8?q?feat:=20add=20one=20indentation=20so=20it?= =?UTF-8?q?=20looks=20cleaner=20=20=F0=9F=A4=A4=F0=9F=A7=BC=F0=9F=AB=A7?= =?UTF-8?q?=F0=9F=A7=B9=F0=9F=AA=A5=F0=9F=A7=BD=F0=9F=9A=BF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- main.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.cpp b/main.cpp index a86ee18..3539ff6 100644 --- a/main.cpp +++ b/main.cpp @@ -318,7 +318,7 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing for (size_t i = 0; i < nameSize; i++ ){ // size_t is an unsigned integer designed to be ridiculously big to handle monstrosities, // idk just in case some psycho has a gazillion nested procs - + std::cout << " "; // add one indentation so it looks cleaner // surprise we have nested for loops for (size_t j = 0; j < i; j++) { if (i < nameSize - children) { From 596a6139411d3b976c10f0be7f5ad3b257e8d49f Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 15:47:03 -0500 Subject: [PATCH 22/23] fix: wrong place lol --- main.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main.cpp b/main.cpp index 3539ff6..9f8f8c4 100644 --- a/main.cpp +++ b/main.cpp @@ -318,7 +318,7 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing for (size_t i = 0; i < nameSize; i++ ){ // size_t is an unsigned integer designed to be ridiculously big to handle monstrosities, // idk just in case some psycho has a gazillion nested procs - std::cout << " "; // add one indentation so it looks cleaner + // surprise we have nested for loops for (size_t j = 0; j < i; j++) { if (i < nameSize - children) { @@ -327,6 +327,7 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing } if (i > 0) { + std::cout << " "; // add one indentation att start so it looks cleaner if (IsVirtualTerminalModeEnabled()) { std::cout << "\033[35m└─\033[0m "; // it's the little thingy thing └─ unicode from witr } else { From 790ac4ac95c46fcc8fcdc6cd07a8b40095b63cce Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Fri, 23 Jan 2026 16:15:40 -0500 Subject: [PATCH 23/23] fix: addreess code review issues --- main.cpp | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/main.cpp b/main.cpp index 9f8f8c4..49b549e 100644 --- a/main.cpp +++ b/main.cpp @@ -308,20 +308,15 @@ CloseHandle(hSnapshot); // we're only closing the handle until we finish messing std::reverse(parentPids.begin(), parentPids.end()); // now get the size of one of the lists to know how many we got (they should all be the same length) size_t nameSize = exeNames.size(); - if (nameSize > 0) { - DWORD lastParentPid = parentPids.front(); - ULONGLONG lastParentTime = GetProcessCreationTime(lastParentPid); - ULONGLONG lastChildTime = exeTimes.front(); - - std::cout << "[Parent Process Exited]" << std::endl; - } + for (size_t i = 0; i < nameSize; i++ ){ // size_t is an unsigned integer designed to be ridiculously big to handle monstrosities, // idk just in case some psycho has a gazillion nested procs // surprise we have nested for loops for (size_t j = 0; j < i; j++) { - if (i < nameSize - children) { + size_t targetIndex = nameSize - children - 1; + if (i < nameSize - children || j < targetIndex) { std::cout << " "; // this adds indentation } }