[PATCH 1/4] ntdll: Set the process creation time in NtQuerySystemInformation(SystemProcessInformation).

Tue Jul 7 18:58:33 CDT 2020

Process Hacker displays this information.

Signed-off-by: Zebediah Figura <z.figura12 at gmail.com>
---
 dlls/ntdll/unix/system.c | 1 +
 server/process.c         | 1 +
 server/protocol.def      | 2 ++
 server/trace.c           | 3 ++-
 4 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/dlls/ntdll/unix/system.c b/dlls/ntdll/unix/system.c
index 29c133e6562..051bd37fa3d 100644
--- a/dlls/ntdll/unix/system.c
+++ b/dlls/ntdll/unix/system.c
@@ -2140,6 +2140,7 @@ NTSTATUS WINAPI NtQuerySystemInformation( SYSTEM_INFORMATION_CLASS class,
                 memset(nt_process, 0, sizeof(*nt_process));
                 if (i < process_count - 1)
                     nt_process->NextEntryOffset = proc_len;
+                nt_process->CreationTime.QuadPart = server_process->start_time;
                 nt_process->dwThreadCount = server_process->thread_count;
                 nt_process->dwBasePriority = server_process->priority;
                 nt_process->UniqueProcessId = UlongToHandle(server_process->pid);
diff --git a/server/process.c b/server/process.c
index 9482da98be5..8d57879cc19 100644
--- a/server/process.c
+++ b/server/process.c
@@ -1829,6 +1829,7 @@ DECL_HANDLER(list_processes)
 
         pos = (pos + 7) & ~7;
         process_info = (struct process_info *)(buffer + pos);
+        process_info->start_time = process->start_time;
         process_info->name_len = exe ? exe->namelen : 0;
         process_info->thread_count = process->running_threads;
         process_info->priority = process->priority;
diff --git a/server/protocol.def b/server/protocol.def
index bad8fef7903..bf91637e9de 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -1870,6 +1870,7 @@ struct thread_info
 
 struct process_info
 {
+    timeout_t       start_time;
     data_size_t     name_len;
     int             thread_count;
     int             priority;
@@ -1877,6 +1878,7 @@ struct process_info
     process_id_t    parent_pid;
     int             handle_count;
     int             unix_pid;
+    int             __pad;
     /* VARARG(name,unicode_str,name_len); */
     /* VARARG(threads,struct thread_info,thread_count); */
 };
diff --git a/server/trace.c b/server/trace.c
index dfb39300668..288dad718df 100644
--- a/server/trace.c
+++ b/server/trace.c
@@ -1113,7 +1113,8 @@ static void dump_varargs_process_info( const char *prefix, data_size_t size )
         process = (const struct process_info *)((const char *)cur_data + pos);
         if (size - pos < sizeof(*process)) break;
         if (pos) fputc( ',', stderr );
-        fprintf( stderr, "{thread_count=%u,priority=%d,pid=%04x,parent_pid=%04x,handle_count=%u,unix_pid=%d,",
+        dump_timeout( "{start_time=", &process->start_time );
+        fprintf( stderr, ",thread_count=%u,priority=%d,pid=%04x,parent_pid=%04x,handle_count=%u,unix_pid=%d,",
                  process->thread_count, process->priority, process->pid,
                  process->parent_pid, process->handle_count, process->unix_pid );
         pos += sizeof(*process);
-- 
2.27.0


