Tuesday, April 5, 2011

Detecting user name from process ID

Ho can i get user account name, that ran the process with specified id. Is there any api function for this?

I am using windows,c++.

From stackoverflow

  • There is not an API function that does this directly, however you can combine a few API calls to do this. Of course your program will need to satisfy any ACLs that are applied to the process that you are interested in examining.

    First, given the process ID, you'll need to open a handle to the process. You can use OpenProcess for that, requesting the PROCESS_QUERY_INFORMATION access right.

    Once you have that handle, you can call OpenProcessToken, requesting the TOKEN_QUERY access right.

    Finally, you can then call GetTokenInformation, requesting the TokenUser information class, which will give you the user account of the token. This information is provided to you in the form of a SID. To convert the SID to the actual name of the account, you can call LookupAccountSid.

    Don't forget to call CloseHandle on both the process handle and the token handle once you're finished with them.

Posted by Ku XI at 7:36 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)