diff --git a/SystemInformer/include/proctree.h b/SystemInformer/include/proctree.h index 963df2df529e..6fba93925e2f 100644 --- a/SystemInformer/include/proctree.h +++ b/SystemInformer/include/proctree.h @@ -129,8 +129,9 @@ #define PHPRTLC_START_KEY 104 #define PHPRTLC_MITIGATION_POLICIES 105 #define PHPRTLC_SERVICES 106 +#define PHPRTLC_SHORT_USERNAME 107 -#define PHPRTLC_MAXIMUM 107 +#define PHPRTLC_MAXIMUM 108 #define PHPRTLC_IOGROUP_COUNT 9 #define PHPN_WSCOUNTERS 0x1 @@ -159,6 +160,7 @@ #define PHPN_STARTKEY 0x800000 #define PHPN_SERVICES 0x1000000 #define PHPN_USERHANDLES 0x2000000 +#define PHPN_SHORTUSERNAME 0x4000000 // begin_phapppub typedef struct _PH_PROCESS_NODE @@ -309,6 +311,7 @@ typedef struct _PH_PROCESS_NODE PPH_STRING MitigationPoliciesText; PPH_STRING ServicesText; PPH_STRING ServerSiloText; + PPH_STRING ShortUsernameText; // Graph buffers PH_GRAPH_BUFFERS CpuGraphBuffers; diff --git a/SystemInformer/proctree.c b/SystemInformer/proctree.c index 7d48bf4be8c0..02137c0a3bb4 100644 --- a/SystemInformer/proctree.c +++ b/SystemInformer/proctree.c @@ -233,6 +233,7 @@ VOID PhInitializeProcessTreeList( PhAddTreeNewColumn(hwnd, PHPRTLC_START_KEY, FALSE, L"Start key", 120, PH_ALIGN_LEFT, ULONG_MAX, 0); PhAddTreeNewColumn(hwnd, PHPRTLC_MITIGATION_POLICIES, FALSE, L"Mitigation policies", 180, PH_ALIGN_LEFT, ULONG_MAX, 0); PhAddTreeNewColumn(hwnd, PHPRTLC_SERVICES, FALSE, L"Services", 180, PH_ALIGN_LEFT, ULONG_MAX, 0); + PhAddTreeNewColumn(hwnd, PHPRTLC_SHORT_USERNAME, FALSE, L"Short user name", 140, PH_ALIGN_LEFT, ULONG_MAX, 0); PhCmInitializeManager(&ProcessTreeListCm, hwnd, PHPRTLC_MAXIMUM, PhpProcessTreeNewPostSortFunction); PhInitializeTreeNewFilterSupport(&FilterSupport, hwnd, ProcessNodeList); @@ -693,6 +694,7 @@ VOID PhpRemoveProcessNode( PhClearReference(&ProcessNode->ProcessStartKeyText); PhClearReference(&ProcessNode->MitigationPoliciesText); PhClearReference(&ProcessNode->ServicesText); + PhClearReference(&ProcessNode->ShortUsernameText); PhDeleteGraphBuffers(&ProcessNode->CpuGraphBuffers); PhDeleteGraphBuffers(&ProcessNode->PrivateGraphBuffers); @@ -1910,6 +1912,27 @@ static VOID PhpUpdateProcessNodeServices( } } +static VOID PhpUpdateProcessNodeShortUsername( + _Inout_ PPH_PROCESS_NODE ProcessNode +) +{ + if (!FlagOn(ProcessNode->ValidMask, PHPN_SHORTUSERNAME)) + { + PhClearReference(&ProcessNode->ShortUsernameText); + + if (ProcessNode->ProcessItem->UserName) + { + wchar_t* backslash = wcsrchr(ProcessNode->ProcessItem->UserName->Buffer, L'\\'); + if (backslash) + ProcessNode->ShortUsernameText = PhCreateString(backslash + 1); + else + ProcessNode->ShortUsernameText = PhCreateString(ProcessNode->ProcessItem->UserName->Buffer); + } + + SetFlag(ProcessNode->ValidMask, PHPN_SHORTUSERNAME); + } +} + #define SORT_FUNCTION(Column) PhpProcessTreeNewCompare##Column #define BEGIN_SORT_FUNCTION(Column) static int __cdecl PhpProcessTreeNewCompare##Column( \ _In_ const void *_elem1, \ @@ -2976,6 +2999,19 @@ BEGIN_SORT_FUNCTION(Services) } END_SORT_FUNCTION +BEGIN_SORT_FUNCTION(ShortUserName) +{ + PhpUpdateProcessNodeShortUsername(node1); + PhpUpdateProcessNodeShortUsername(node2); + sortResult = PhCompareStringWithNullSortOrder( + node1->ShortUsernameText, + node2->ShortUsernameText, + ProcessTreeListSortOrder, + TRUE + ); +} +END_SORT_FUNCTION + BOOLEAN NTAPI PhpProcessTreeNewCallback( _In_ HWND hwnd, _In_ PH_TREENEW_MESSAGE Message, @@ -3163,6 +3199,7 @@ BOOLEAN NTAPI PhpProcessTreeNewCallback( SORT_FUNCTION(StartKey), SORT_FUNCTION(MitigationPolicies), SORT_FUNCTION(Services), + SORT_FUNCTION(ShortUserName), }; _CoreCrtNonSecureSearchSortCompareFunction sortFunction; @@ -4698,6 +4735,16 @@ BOOLEAN NTAPI PhpProcessTreeNewCallback( } } break; + case PHPRTLC_SHORT_USERNAME: + { + PhpUpdateProcessNodeShortUsername(node); + + if (node->ShortUsernameText) + { + getCellText->Text = PhGetStringRef(node->ShortUsernameText); + } + } + break; default: return FALSE; }