TrueTree ChangeLog

Version 0.6

  • Major changes
    • Network details now captured and printed in the tree
  • Bugfixes
    • Changes made in version 0.5 repeating plist files responsible for running a binary. Changes were made to regroup all processes created by the same plist under a single plist entry in the tree (Bug did not affect accuracy of data. Just repeated plist files.)
  • Minor changes (added later)
    • better spacing on the help page
    • allows TrueTree to run without root password if applying the setuid bit to the executable

Version 0.5

Major code cleanup was done on TrueTree using a far more Swift friendly approach. Prior to these changes the code was nearly unbearable in the amount of dictionary and array iterations that were unnecessary. Other small additions were also added.

  • Tree was now ordered by timestamps resulting in both a more helpful and consistent tree (if run a second time)
  • –timeline argument was added which instead of displaying a tree will show all processes by their creation time

Version 0.4

Version 0.4 undid the changes made in 0.3 as for a period of time the macOS lsmp command had memory usage bugs when executed. These bugs went unfixed for a long time. A new approach was taken to get the true parents of processes (still primarily for the purpose of seeing around the runningboardd process) by using an undocumented Apple application_services api call. 

(Not overly important, but I believe the hardcoded version number in the binary was accidentally not updated.

Version 0.3

Version 0.3 was added around the time macOS introduced the runningboardd process. Runningboardd caused a block in TrueTree as it would be reported as the “true” parent of almost all opened applications. Version 0.3 attempted to use macOS’s lsmp to find the true parent instead. Relevant blogs posts for these changes can be seen here.

  • https://themittenmac.com/getting-stepped-on-by-runningboards/
  • https://themittenmac.com/hurdling-the-runningboards/

Version 0.1 - 0.2

Release notes were not originally documented. The following blog posts documented the need and initial creation.

  • https://themittenmac.com/the-truetree-concept/
  • https://themittenmac.com/incident-response-with-truetree/