Alternative psutil.Process (pid) .name

You mentioned that this is for windows. I looked at what psutil does for windows. It looks like psutil.Process (). Name uses the Windows Help API. If you look at the psutil Process code and trace.name, it will look in get_name () in process_info.c . It goes through all the parts of your system until it finds the one you are looking for. I think this may be a limitation of the dashboard API. But therefore, it is slower than .exe, which uses a different API path, which (as you indicated) requires additional privileges.

The solution I came across is to use ctypes and ctypes.windll to directly call windows ntapi. For this, you only need PROCESS_QUERY_INFORMATION, which is different from PROCESS_ALL_ACCESS:

 import ctypes import os.path # duplicate the UNICODE_STRING structure from the windows API class UNICODE_STRING(ctypes.Structure): _fields_ = [ ('Length', ctypes.c_short), ('MaximumLength', ctypes.c_short), ('Buffer', ctypes.c_wchar_p) ] # args pid = 8000 # put your pid here # define some constants; from windows API reference MAX_TOTAL_PATH_CHARS = 32767 PROCESS_QUERY_INFORMATION = 0x0400 PROCESS_IMAGE_FILE_NAME = 27 # open handles ntdll = ctypes.windll.LoadLibrary('ntdll.dll') process = ctypes.windll.kernel32.OpenProcess(PROCESS_QUERY_INFORMATION, False, pid) # allocate memory buflen = (((MAX_TOTAL_PATH_CHARS + 1) * ctypes.sizeof(ctypes.c_wchar)) + ctypes.sizeof(UNICODE_STRING)) buffer = ctypes.c_char_p(' ' * buflen) # query process image filename and parse for process "name" ntdll.NtQueryInformationProcess(process, PROCESS_IMAGE_FILE_NAME, buffer, buflen, None) pustr = ctypes.cast(buffer, ctypes.POINTER(UNICODE_STRING)) print os.path.split(pustr.contents.Buffer)[-1] # cleanup ctypes.windll.kernel32.CloseHandle(process) ctypes.windll.kernel32.FreeLibrary(ntdll._handle)