From e2818d47730ea798b910e6b6e52396269dc859d5 Mon Sep 17 00:00:00 2001
From: t0asts <11411551+t0asts@users.noreply.github.com>
Date: Sat, 28 Mar 2026 20:02:03 -0400
Subject: [PATCH] Add command line column to log window

---
 SystemInformer/include/phapp.h |  2 ++
 SystemInformer/log.c           | 11 ++++++++++-
 SystemInformer/logwnd.c        | 23 +++++++++++++++++++++++
 SystemInformer/mwpgproc.c      |  3 ++-
 4 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/SystemInformer/include/phapp.h b/SystemInformer/include/phapp.h
index 57b66bb69274..83d3cd03e9a2 100644
--- a/SystemInformer/include/phapp.h
+++ b/SystemInformer/include/phapp.h
@@ -197,6 +197,7 @@ typedef struct _PH_LOG_ENTRY
             PPH_STRING Name;
             HANDLE ParentProcessId;
             PPH_STRING ParentName;
+            PPH_STRING CommandLine;
             NTSTATUS ExitStatus;
         } Process;
         struct
@@ -230,6 +231,7 @@ VOID PhLogProcessEntry(
     _In_ PPH_STRING Name,
     _In_opt_ HANDLE ParentProcessId,
     _In_opt_ PPH_STRING ParentName,
+    _In_opt_ PPH_STRING CommandLine,
     _In_opt_ ULONG Status
     );
 
diff --git a/SystemInformer/log.c b/SystemInformer/log.c
index 95646996fa66..89cba5799ec0 100644
--- a/SystemInformer/log.c
+++ b/SystemInformer/log.c
@@ -52,6 +52,7 @@ VOID PhpFreeLogEntry(
     {
         PhDereferenceObject(Entry->Process.Name);
         if (Entry->Process.ParentName) PhDereferenceObject(Entry->Process.ParentName);
+        if (Entry->Process.CommandLine) PhDereferenceObject(Entry->Process.CommandLine);
     }
     else if (Entry->Type >= PH_LOG_ENTRY_SERVICE_FIRST && Entry->Type <= PH_LOG_ENTRY_SERVICE_LAST)
     {
@@ -72,6 +73,7 @@ PPH_LOG_ENTRY PhpCreateProcessLogEntry(
     _In_ PPH_STRING Name,
     _In_opt_ HANDLE ParentProcessId,
     _In_opt_ PPH_STRING ParentName,
+    _In_opt_ PPH_STRING CommandLine,
     _In_opt_ ULONG Status
     )
 {
@@ -90,6 +92,12 @@ PPH_LOG_ENTRY PhpCreateProcessLogEntry(
         entry->Process.ParentName = ParentName;
     }
 
+    if (!PhIsNullOrEmptyString(CommandLine))
+    {
+        PhReferenceObject(CommandLine);
+        entry->Process.CommandLine = CommandLine;
+    }
+
     entry->Process.ExitStatus = Status;
 
     return entry;
@@ -179,10 +187,11 @@ VOID PhLogProcessEntry(
     _In_ PPH_STRING Name,
     _In_opt_ HANDLE ParentProcessId,
     _In_opt_ PPH_STRING ParentName,
+    _In_opt_ PPH_STRING CommandLine,
     _In_opt_ ULONG Status
     )
 {
-    PhpLogEntry(PhpCreateProcessLogEntry(Type, ProcessId, Name, ParentProcessId, ParentName, Status));
+    PhpLogEntry(PhpCreateProcessLogEntry(Type, ProcessId, Name, ParentProcessId, ParentName, CommandLine, Status));
 }
 
 VOID PhLogServiceEntry(
diff --git a/SystemInformer/logwnd.c b/SystemInformer/logwnd.c
index cd9d8cccff7a..ca32b596e038 100644
--- a/SystemInformer/logwnd.c
+++ b/SystemInformer/logwnd.c
@@ -138,6 +138,14 @@ static PPH_STRING PhpGetStringForSelectedLogEntries(
         temp = PhFormatLogEntry(entry);
         PhAppendStringBuilder(&stringBuilder, &temp->sr);
         PhDereferenceObject(temp);
+
+        if (entry->Type >= PH_LOG_ENTRY_PROCESS_FIRST && entry->Type <= PH_LOG_ENTRY_PROCESS_LAST && !PhIsNullOrEmptyString(entry->Process.CommandLine))
+        {
+            PhAppendStringBuilder2(&stringBuilder, L" [");
+            PhAppendStringBuilder(&stringBuilder, &entry->Process.CommandLine->sr);
+            PhAppendStringBuilder2(&stringBuilder, L"]");
+        }
+
         PhAppendStringBuilder2(&stringBuilder, L"\r\n");
 
 ContinueLoop:
@@ -174,6 +182,7 @@ INT_PTR CALLBACK PhpLogDlgProc(
             PhListView_AddColumn(ListViewContext, 0, 0, 0, LVCFMT_LEFT, 140, L"Time");
             PhListView_AddColumn(ListViewContext, 1, 1, 1, LVCFMT_LEFT, 140, L"Type");
             PhListView_AddColumn(ListViewContext, 2, 2, 2, LVCFMT_LEFT, 260, L"Message");
+            PhListView_AddColumn(ListViewContext, 3, 3, 3, LVCFMT_LEFT, 300, L"Command Line");
             PhLoadListViewColumnsFromSetting(SETTING_LOG_LIST_VIEW_COLUMNS, ListViewHandle);
 
             PhInitializeLayoutManager(&WindowLayoutManager, hwndDlg);
@@ -362,6 +371,20 @@ INT_PTR CALLBACK PhpLogDlgProc(
                             PhDereferenceObject(string);
                         }
                     }
+                    else if (dispInfo->item.iSubItem == 3)
+                    {
+                        if (FlagOn(dispInfo->item.mask, LVIF_TEXT))
+                        {
+                            if (entry->Type >= PH_LOG_ENTRY_PROCESS_FIRST && entry->Type <= PH_LOG_ENTRY_PROCESS_LAST && !PhIsNullOrEmptyString(entry->Process.CommandLine))
+                            {
+                                wcsncpy_s(dispInfo->item.pszText, dispInfo->item.cchTextMax, entry->Process.CommandLine->Buffer, _TRUNCATE);
+                            }
+                            else
+                            {
+                                dispInfo->item.pszText[0] = UNICODE_NULL;
+                            }
+                        }
+                    }
                 }
                 break;
             }
diff --git a/SystemInformer/mwpgproc.c b/SystemInformer/mwpgproc.c
index 44c1e3ef15e1..f966a6f08af4 100644
--- a/SystemInformer/mwpgproc.c
+++ b/SystemInformer/mwpgproc.c
@@ -1121,6 +1121,7 @@ VOID PhMwpOnProcessAdded(
             ProcessItem->ProcessName,
             parentProcessId,
             parentName,
+            ProcessItem->CommandLine,
             0
             );
 
@@ -1205,7 +1206,7 @@ VOID PhMwpOnProcessRemoved(
         }
     }
 
-    PhLogProcessEntry(PH_LOG_ENTRY_PROCESS_DELETE, ProcessItem->ProcessId, ProcessItem->ProcessName, NULL, NULL, exitStatus);
+    PhLogProcessEntry(PH_LOG_ENTRY_PROCESS_DELETE, ProcessItem->ProcessId, ProcessItem->ProcessName, NULL, NULL, ProcessItem->CommandLine, exitStatus);
 
     if (PhMwpNotifyIconNotifyMask & PH_NOTIFY_PROCESS_DELETE)
     {