search

winsiderss / systeminformer

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
https://systeminformer.sourceforge.io
MIT License
10.9k stars 1.39k forks source link

[Feature Request]: Make window title more dynamic with Session + WinSta + Desktop (and more) < Code provided> #1277

Open AltF5 opened 2 years ago

AltF5 commented 2 years ago

Description of the feature, modification, idea or suggestion

Add more details to System Informer's window title to support showing the Session \ Window Station \ Desktop, and perhaps some textual cues for if the driver was loaded / connected or not 4

Proposed implementation details (optional)

At : if (PhGetIntegerSetting(L"EnableWindowText")) in mainwnd.c

        if (PhGetIntegerSetting(L"EnableWindowText"))
    {
        PH_STRING_BUILDER stringBuilder;
        PPH_STRING currentUserName;

        PhInitializeStringBuilder(&stringBuilder, 100);
        PhAppendStringBuilder2(&stringBuilder, L"System Informer");

        // DWORD to String
        DWORD myPID = GetCurrentProcessId();
        WCHAR myPIDStrArr[PH_INT32_STR_LEN_1];
        PhPrintUInt32(myPIDStrArr, (ULONG)myPID);
        PhAppendStringBuilder2(&stringBuilder, L" ");
        PhAppendStringBuilder2(&stringBuilder, myPIDStrArr);
        PhAppendStringBuilder2(&stringBuilder, L" ");

        BOOL isRunningAsSystem = FALSE;

        if (currentUserName = PhGetSidFullName(PhGetOwnTokenAttributes().TokenSid, TRUE, NULL))
        {
            PPH_STRING strSystemUsername = PhCreateString(L"NT Authority\\System");
            isRunningAsSystem = (PhCompareString(currentUserName, strSystemUsername, TRUE) == 0);
            PhDereferenceObject(strSystemUsername);

            if (KphIsConnected())
                PhAppendStringBuilder2(&stringBuilder, L" <Driver-Connected>");
            else
                PhAppendStringBuilder2(&stringBuilder, L" <No-Driver>");

            PhDereferenceObject(currentUserName);
        }

        // Session ID\WindowStation\Desktop ...

        PhAppendStringBuilder2(&stringBuilder, L" : ");
        ULONG sessionID;
        PhGetProcessSessionId(GetCurrentProcess(), &sessionID);

        // Convert ULONG to string (PWCHAR aka WCHAR array)
        WCHAR SessionIdString[PH_INT32_STR_LEN_1]; 
        PhPrintUInt32(SessionIdString, sessionID);
        PhAppendStringBuilder2(&stringBuilder, SessionIdString);
        PhAppendStringBuilder2(&stringBuilder, L"\\");

        // Read the desktop name of this current process -- This will suffice for now
        //      Would instead be better to open the handle to this desktop and Read the object name, since this string could be blank)
        PPH_STRING strDesktopinfo;
        if (NT_SUCCESS(PhGetProcessDesktopInfo(GetCurrentProcess(), &strDesktopinfo)))
        {
            PhAppendStringBuilder(&stringBuilder, &strDesktopinfo->sr);
            PhDereferenceObject(strDesktopinfo);
        }

        BOOL isHighILOrGreater = FALSE;
        MANDATORY_LEVEL integrityLevel;
        PWSTR integrityString;
        if (NT_SUCCESS(PhGetTokenIntegrityLevel(PhGetOwnTokenAttributes().TokenHandle, &integrityLevel, &integrityString)))
        {
            isHighILOrGreater = (integrityLevel >= MandatoryLevelHigh);
        }

        //
        //      Note: Elevation attribute wont be set for NT Authority\System (unclear why) -- may be better to check for High or greater integrity
        //
        if (PhGetOwnTokenAttributes().ElevationType == TokenElevationTypeFull || isRunningAsSystem || isHighILOrGreater)
            PhAppendStringBuilder2(&stringBuilder, L" (Elevated)");
        else
            PhAppendStringBuilder2(&stringBuilder, L" (Not Elevated)");

        if (IsDebuggerPresent())
        {
            PhAppendStringBuilder2(&stringBuilder, L"     ** BEING DEBUGGED **");
        }

        windowName = PhFinalStringBuilderString(&stringBuilder);
    }
jxy-s commented 2 years ago

I would use this, seems useful to me. Although I suggest to hide them behind an advanced options so users can turn them on/off as they want them. For example:

    if (PhGetIntegerSetting(L"EnableWindowTextDriverConnection"))
    {
        if (KphIsConnected())
        PhAppendStringBuilder2(&stringBuilder, L" <Driver-Connected>");
    else
        PhAppendStringBuilder2(&stringBuilder, L" <No-Driver>");
    }
AltF5 commented 2 years ago

I like that. Glad this seems of use too. Do you want me to implement this via a Pull Req, or would you like to another time?

(I need to figure out branching and commit undoing, etc for my own branch first if I am to)

jxy-s commented 2 years ago

Feel free to PR it. Please default the new settings to "off".