search

winsiderss / systeminformer

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
https://systeminformer.sourceforge.io
MIT License
10.88k stars 1.38k forks source link

Expose ProcessStartKey #2021

Closed jxy-s closed 5 months ago

jxy-s commented 6 months ago

Description of the feature, modification, idea or suggestion

System informer should have a column that displays the ProcessStartKey when available. We already have an API for this. And when the driver is enabled it will return the OS-driven start key before the syscall info class was exposed, it will fall back to a synthetic one managed by the driver on very old OSes:

https://github.com/winsiderss/systeminformer/blob/1cadbde537cdbcc56e7b870c5dea58b0cc4aa30f/phlib/native.c#L14789-L14823

A note here, there is also ProcessSequenceNumber but that is already conveyed in the ProcessStartKey. So displaying both is realistically unnecessary.

Proposed implementation details (optional)

Column in the process tree should display the process start key from PhGetProcessStartKey.

diversenok commented 6 months ago

Both ProcessSequenceNumber and ProcessStartKey values are also exposed as part of PROCESS_TELEMETRY_ID_INFORMATION which is available as early as Windows 10 1507 (compared to 1803 for the ProcessSequenceNumber info class).

jxy-s commented 6 months ago

Nice, I'll add this as a fallback.