I have a process handle with
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, THE_PROCESS_ID);
How can I get the username of the user that is running the process?
I am using unmanaged code (no .NET).
views:
226answers:
3
A:
WMI should be able to tell you that information. Otherwise you need to rely on undocumented fun in ntdll.dll. It appears others have found solutions that don't use ntdll.dll -- use them rather than undocumented stuff.
Billy ONeal
2010-04-21 19:52:12
Undocumented stuff in ntdll.dll is undocumented for a reason.
Stewart
2010-04-21 19:59:22
@Stewart: I agree. That's why I didn't go into specifics.
Billy ONeal
2010-04-21 20:05:23
+1
A:
WMI is probably the path of least resistance. You should also be able to get the token using OpenProcessToken, then GetTokenInformation to get the SID of the owner. You can then turn the SID into a user name.
Stewart
2010-04-21 19:59:01
+4
A:
Use OpenProcessToken to get the token (obviously), then GetTokenInformation with the TokenOwner flag to get the SID of the owner. Then you can use LookupAccountSid to get the username.
tyranid
2010-04-21 19:59:05
Worked great. I had to use TokenUser instead to get the user name. TokenOwner was returning the group name(Administrators).
modernzombie
2010-04-22 13:21:05