From f9c1fbe53bd231159ff036b5afacde3fc677e7b3 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Wed, 11 Feb 2026 08:17:45 -0500 Subject: [PATCH 1/8] feat: make it case insensitive and work without an extension --- main.cpp | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/main.cpp b/main.cpp index 4b3c7f4..debd045 100644 --- a/main.cpp +++ b/main.cpp @@ -2011,7 +2011,23 @@ ProcInfos findMyProc(const char *procname) { // and exit if unsuccessful while (hResult) { // if we find the process: return process ID - if (strcmp(procname, WideToString(pe.szExeFile).c_str()) == 0) { + std::string exeName = WideToString(pe.szExeFile); + std::transform(exeName.begin(), exeName.end(), exeName.begin(), + [](unsigned char c){ return std::tolower(c); }); + // for the comparison make it lowercase so that it does the thingy mammombbers insensitiviityness case + // this is only for the compariason either way + std::transform(procname.begin(), procname.end(), procname.begin(), + [](unsigned char c){ return std::tolower(c); });// same lowercasing as the otther + std::string ex = procname; + if (!exeName.ends_with(".exe") {// no joke i almost typed endsWith here, the J*vaScript mind virus is spreading + ex += ".exe"; + } + + + + + + if (exeName == ex || exeName == procname) { result.names.push_back(WideToString(pe.szExeFile)); // let me cook // while you might think its less performant to waste all this // on storing related names for no reason @@ -2027,7 +2043,7 @@ ProcInfos findMyProc(const char *procname) { CloseHandle(hSnapshot); return result; } -// The above function is taken from https://cocomelonc.github.io/pentest/2021/09/29/findmyprocess.html , modified simply to use WideToString for the process name comparison among other things. +// The above function is taken from https://cocomelonc.github.io/pentest/2021/09/29/findmyprocess.html, modified simply to use WideToString for the process name comparison among other things. // Thanks! From 271c09a50d3758f9eeb8deeb450334f93a5f5b15 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Wed, 11 Feb 2026 08:19:24 -0500 Subject: [PATCH 2/8] ci: remove extensions --- tests/process/process.ps1 | 43 ++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/tests/process/process.ps1 b/tests/process/process.ps1 index d92c4d7..b69049a 100644 --- a/tests/process/process.ps1 +++ b/tests/process/process.ps1 @@ -1,71 +1,72 @@ -$time = Measure-Command { win-witr winlogon.exe | Out-Default } +$time = Measure-Command { win-witr winlogon | Out-Default } "winlogon.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr lsass.exe | Out-Default } +$time = Measure-Command { win-witr lsass | Out-Default } "lsass.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr win-witr.exe | Out-Default } +$time = Measure-Command { win-witr win-witr | Out-Default } "win-witr.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr wininit.exe | Out-Default } +$time = Measure-Command { win-witr wininit | Out-Default } "wininit.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr explorer.exe | Out-Default } +$time = Measure-Command { win-witr explorer | Out-Default } "explorer.exe check took {0} ms" -f $time.TotalMilliseconds $time = Measure-Command { win-witr Registry | Out-Default } "Registry check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr csrss.exe | Out-Default } +$time = Measure-Command { win-witr csrss | Out-Default } "csrss.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr fontdrvhost.exe | Out-Default } +$time = Measure-Command { win-witr fontdrvhost | Out-Default } "fontdrvhost.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr svchost.exe | Out-Default } +$time = Measure-Command { win-witr svchost | Out-Default } "svchost.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr smss.exe | Out-Default } +$time = Measure-Command { win-witr smss | Out-Default } "smss.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr services.exe | Out-Default } +$time = Measure-Command { win-witr services | Out-Default } "services.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr powershell.exe | Out-Default } +$time = Measure-Command { win-witr powershell | Out-Default } "powershell.exe check took {0} ms" -f $time.TotalMilliseconds $time = Measure-Command { win-witr Runner.Listener.exe | Out-Default } "Runner.Listener.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr cmd.exe | Out-Default } +$time = Measure-Command { win-witr cmd | Out-Default } "cmd.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr pwsh.exe | Out-Default } +$time = Measure-Command { win-witr pwsh | Out-Default } "pwsh.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr Runner.Worker.exe | Out-Default } +$time = Measure-Command { win-witr Runner.Worker | Out-Default } "Runner.Worker.exe check took {0} ms" -f $time.TotalMilliseconds $time = Measure-Command { win-witr hosted-compute-agent | Out-Default } "hosted-compute-agent check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr conhost.exe | Out-Default } +$time = Measure-Command { win-witr conhost | Out-Default } "conhost.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr dwm.exe | Out-Default } +$time = Measure-Command { win-witr dwm | Out-Default } "dwm.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr RuntimeBroker.exe | Out-Default } +$time = Measure-Command { win-witr RuntimeBroker | Out-Default } "RuntimeBroker.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr SearchIndexer.exe | Out-Default } +$time = Measure-Command { win-witr SearchIndexer | Out-Default } "SearchIndexer.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr spoolsv.exe | Out-Default } +$time = Measure-Command { win-witr spoolsv | Out-Default } "spoolsv.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr taskhostw.exe | Out-Default } +$time = Measure-Command { win-witr taskhostw | Out-Default } "taskhostw.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr dllhost.exe | Out-Default } +$time = Measure-Command { win-witr dllhost | Out-Default } "dllhost.exe check took {0} ms" -f $time.TotalMilliseconds + From 253d8b260d30331d79ed9f87a4a721ccc0a2e4b7 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Wed, 11 Feb 2026 08:21:02 -0500 Subject: [PATCH 3/8] fix: move --- main.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/main.cpp b/main.cpp index debd045..1930b3e 100644 --- a/main.cpp +++ b/main.cpp @@ -2009,8 +2009,7 @@ ProcInfos findMyProc(const char *procname) { // retrieve information about the processes // and exit if unsuccessful - while (hResult) { - // if we find the process: return process ID + // if we find the process: return process ID std::string exeName = WideToString(pe.szExeFile); std::transform(exeName.begin(), exeName.end(), exeName.begin(), [](unsigned char c){ return std::tolower(c); }); @@ -2022,6 +2021,8 @@ ProcInfos findMyProc(const char *procname) { if (!exeName.ends_with(".exe") {// no joke i almost typed endsWith here, the J*vaScript mind virus is spreading ex += ".exe"; } + while (hResult) { + From 34a82c041a323f090d0c926b01315a1452df603a Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Wed, 11 Feb 2026 08:23:16 -0500 Subject: [PATCH 4/8] fix: add mising parenthehsesssersrseesrsereserseserserserseseserserserser --- main.cpp | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/main.cpp b/main.cpp index 1930b3e..6697572 100644 --- a/main.cpp +++ b/main.cpp @@ -2011,14 +2011,12 @@ ProcInfos findMyProc(const char *procname) { // and exit if unsuccessful // if we find the process: return process ID std::string exeName = WideToString(pe.szExeFile); - std::transform(exeName.begin(), exeName.end(), exeName.begin(), - [](unsigned char c){ return std::tolower(c); }); + std::transform(exeName.begin(), exeName.end(), exeName.begin(), [](unsigned char c){ return std::tolower(c); }); // for the comparison make it lowercase so that it does the thingy mammombbers insensitiviityness case // this is only for the compariason either way - std::transform(procname.begin(), procname.end(), procname.begin(), - [](unsigned char c){ return std::tolower(c); });// same lowercasing as the otther + std::transform(procname.begin(), procname.end(), procname.begin(), [](unsigned char c){ return std::tolower(c); });// same lowercasing as the otther std::string ex = procname; - if (!exeName.ends_with(".exe") {// no joke i almost typed endsWith here, the J*vaScript mind virus is spreading + if (!exeName.ends_with(".exe")) {// no joke i almost typed endsWith here, the J*vaScript mind virus is spreading ex += ".exe"; } while (hResult) { From 0f7cc06528bbc17f6f88d6dd507f945cd89c57b4 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Wed, 11 Feb 2026 08:26:39 -0500 Subject: [PATCH 5/8] fix: convert procname to string --- main.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/main.cpp b/main.cpp index 6697572..62d8809 100644 --- a/main.cpp +++ b/main.cpp @@ -2006,7 +2006,7 @@ ProcInfos findMyProc(const char *procname) { // info about first process encountered in a system snapshot hResult = Process32First(hSnapshot, &pe); - + std::string procstr = procname; // retrieve information about the processes // and exit if unsuccessful // if we find the process: return process ID @@ -2014,8 +2014,8 @@ ProcInfos findMyProc(const char *procname) { std::transform(exeName.begin(), exeName.end(), exeName.begin(), [](unsigned char c){ return std::tolower(c); }); // for the comparison make it lowercase so that it does the thingy mammombbers insensitiviityness case // this is only for the compariason either way - std::transform(procname.begin(), procname.end(), procname.begin(), [](unsigned char c){ return std::tolower(c); });// same lowercasing as the otther - std::string ex = procname; + std::transform(procstr.begin(), procstr.end(), procstr.begin(), [](unsigned char c){ return std::tolower(c); });// same lowercasing as the otther + std::string ex = procstr; if (!exeName.ends_with(".exe")) {// no joke i almost typed endsWith here, the J*vaScript mind virus is spreading ex += ".exe"; } @@ -2026,7 +2026,7 @@ ProcInfos findMyProc(const char *procname) { - if (exeName == ex || exeName == procname) { + if (exeName == ex || exeName == procstr) { result.names.push_back(WideToString(pe.szExeFile)); // let me cook // while you might think its less performant to waste all this // on storing related names for no reason From bcd3e1df2d70657359118770d8edc0e074136fe1 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Wed, 11 Feb 2026 08:28:42 -0500 Subject: [PATCH 6/8] aaaaaaaaaaaaaaaa --- main.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.cpp b/main.cpp index 62d8809..2452498 100644 --- a/main.cpp +++ b/main.cpp @@ -2016,7 +2016,7 @@ ProcInfos findMyProc(const char *procname) { // this is only for the compariason either way std::transform(procstr.begin(), procstr.end(), procstr.begin(), [](unsigned char c){ return std::tolower(c); });// same lowercasing as the otther std::string ex = procstr; - if (!exeName.ends_with(".exe")) {// no joke i almost typed endsWith here, the J*vaScript mind virus is spreading + if (!procstr.ends_with(".exe")) {// no joke i almost typed endsWith here, the J*vaScript mind virus is spreading ex += ".exe"; } while (hResult) { From a89f8343fae6b52df946740c1682eec6b70001dd Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Wed, 11 Feb 2026 08:32:50 -0500 Subject: [PATCH 7/8] fix: recompute exename inside loop or elese --- main.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/main.cpp b/main.cpp index 2452498..429fe48 100644 --- a/main.cpp +++ b/main.cpp @@ -2010,10 +2010,8 @@ ProcInfos findMyProc(const char *procname) { // retrieve information about the processes // and exit if unsuccessful // if we find the process: return process ID - std::string exeName = WideToString(pe.szExeFile); - std::transform(exeName.begin(), exeName.end(), exeName.begin(), [](unsigned char c){ return std::tolower(c); }); - // for the comparison make it lowercase so that it does the thingy mammombbers insensitiviityness case - // this is only for the compariason either way + + std::transform(procstr.begin(), procstr.end(), procstr.begin(), [](unsigned char c){ return std::tolower(c); });// same lowercasing as the otther std::string ex = procstr; if (!procstr.ends_with(".exe")) {// no joke i almost typed endsWith here, the J*vaScript mind virus is spreading @@ -2022,8 +2020,10 @@ ProcInfos findMyProc(const char *procname) { while (hResult) { - - + std::string exeName = WideToString(pe.szExeFile); + std::transform(exeName.begin(), exeName.end(), exeName.begin(), [](unsigned char c){ return std::tolower(c); }); + // for the comparison make it lowercase so that it does the thingy mammombbers insensitiviityness case + // this is only for the compariason either way if (exeName == ex || exeName == procstr) { From 13fd625e1a3c4e08694bfd4640d75d52a954d854 Mon Sep 17 00:00:00 2001 From: supervoidcoder <88671013+supervoidcoder@users.noreply.github.com> Date: Wed, 11 Feb 2026 08:35:31 -0500 Subject: [PATCH 8/8] Update process.ps1 --- tests/process/process.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/process/process.ps1 b/tests/process/process.ps1 index b69049a..2b9849f 100644 --- a/tests/process/process.ps1 +++ b/tests/process/process.ps1 @@ -67,6 +67,5 @@ $time = Measure-Command { win-witr spoolsv | Out-Default } $time = Measure-Command { win-witr taskhostw | Out-Default } "taskhostw.exe check took {0} ms" -f $time.TotalMilliseconds -$time = Measure-Command { win-witr dllhost | Out-Default } -"dllhost.exe check took {0} ms" -f $time.TotalMilliseconds +