Process Hacker Discussion Forum

 
wfunction
Member
Posts: 147
Joined: 19 Mar 2011 20:17

Hide "NT AUTHORITY\" and "<computer>\" from User Name

20 Mar 2011 01:35

I think a great feature would be an option to hide the prefix "NT AUTHORITY\" from the User Name column, as well as hiding the name of the local computer. It uses up screen estate that could be used for other columns, and it's a bit distracting and makes things harder to spot.

Thanks for the amazing program, by the way... I just discovered this a few hours ago, and it's got _every_ feature I've ever wanted in Process Explorer, and then some -- topped off with the fact that it's open-source. THANK YOU! :D
 
User avatar
wj32
Founder
Posts: 948
Joined: 17 Jan 2011 05:19
OS: Windows
Contact:

Re: Hide "NT AUTHORITY\" and "<computer>\" from User Name

20 Mar 2011 06:06

This has been requested before. I'll try to implement it soon.
 
wfunction
Member
Posts: 147
Joined: 19 Mar 2011 20:17

Re: Hide "NT AUTHORITY\" and "<computer>\" from User Name

20 Mar 2011 09:22

Ah, I did not know that. Thank you! :)
 
wfunction
Member
Posts: 147
Joined: 19 Mar 2011 20:17

Re: Hide "NT AUTHORITY\" and "<computer>\" from User Name

20 Mar 2011 19:23

So apparently if you just say:
if (IncludeDomain && names[0].DomainIndex >= 0 && Sid != &PhSeLocalSystemSid)
instead of
if (IncludeDomain && names[0].DomainIndex >= 0)
in line 409 of lsa.c, It'll filter out the "NT AUTHORITY\" part. That's a one-liner. :) Now let me see if I can figure out the local computer part...
 
User avatar
wj32
Founder
Posts: 948
Joined: 17 Jan 2011 05:19
OS: Windows
Contact:

Re: Hide "NT AUTHORITY\" and "<computer>\" from User Name

20 Mar 2011 19:33

Actually, what you want is to hide the domain. So just set IncludeDomain to FALSE.
 
wfunction
Member
Posts: 147
Joined: 19 Mar 2011 20:17

Re: Hide "NT AUTHORITY\" and "<computer>\" from User Name

20 Mar 2011 19:52

Is it possible that the domain name is for some reason different from the local computer name? I only want to hide the local computer name, but nothing that might be happening remotely.

I found a longer fix that only works for local domains:
1. In PhGetLookupPolicyHandle(), add the POLICY_VIEW_LOCAL_INFORMATION access to the call to PhOpenLsaPolicy().
2. Change PhGetSidFullName() to this:
if (IncludeDomain && names[0].DomainIndex >= 0 && !RtlEqualSid(Sid, &PhSeLocalSystemSid) && !RtlEqualSid(Sid, &PhSeLocalServiceSid) && !RtlEqualSid(Sid, &PhSeNetworkServiceSid))
	{
		PLSA_TRUST_INFORMATION trustInfo;
		NTSTATUS currentDomainNameStatus;
		PPOLICY_ACCOUNT_DOMAIN_INFO pInfo;
					
		trustInfo = &referencedDomains->Domains[names[0].DomainIndex];
		currentDomainNameStatus = LsaQueryInformationPolicy(policyHandle, PolicyAccountDomainInformation, &pInfo);
		__try
		{
			if (!NT_SUCCESS(currentDomainNameStatus) || !RtlEqualSid(trustInfo->Sid, pInfo->DomainSid))
			{
				domainNameBuffer = trustInfo->Name.Buffer;
				domainNameLength = trustInfo->Name.Length;
			}
			else
			{
				domainNameBuffer = NULL;
				domainNameLength = 0;
			}
		}
		__finally { if (NT_SUCCESS(currentDomainNameStatus)) { LsaFreeMemory(pInfo); } }
	}
	else
	{
		domainNameBuffer = NULL;
		domainNameLength = 0;
	}
 
User avatar
wj32
Founder
Posts: 948
Joined: 17 Jan 2011 05:19
OS: Windows
Contact:

Re: Hide "NT AUTHORITY\" and "<computer>\" from User Name

21 Mar 2011 05:51

That's very inconsistent and imprecise. The only thing I can do is to have an option to disable display of domain names in the User Name column. Nothing more complex.
 
wfunction
Member
Posts: 147
Joined: 19 Mar 2011 20:17

Re: Hide "NT AUTHORITY\" and "<computer>\" from User Name

21 Mar 2011 19:01

Huh, okay, that would probably work too. (Not sure why you mean it's inconsistent or imprecise, though; I compiled my own version with this change and it seems to be working well. That's what's so great about open source! :D)
Anyway, thanks for the program!