C ++ Get username from process

Question

C ++ Get username from process

I have a process handle with

HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, THE_PROCESS_ID);

How can I get the name of the user performing this process?

I am using unmanaged code (no .NET).

+7

c ++ process winapi

modernzombie Apr 21 '10 at 19:49

source share

4 answers

if WMI is not an option, then use GetUserFromProcess below, which takes the process identifier as an input parameter and returns the username and domain:

 #include <comdef.h> #define MAX_NAME 256 BOOL GetLogonFromToken (HANDLE hToken, _bstr_t& strUser, _bstr_t& strdomain) { DWORD dwSize = MAX_NAME; BOOL bSuccess = FALSE; DWORD dwLength = 0; strUser = ""; strdomain = ""; PTOKEN_USER ptu = NULL; //Verify the parameter passed in is not NULL. if (NULL == hToken) goto Cleanup; if (!GetTokenInformation( hToken, // handle to the access token TokenUser, // get information about the token groups (LPVOID) ptu, // pointer to PTOKEN_USER buffer 0, // size of buffer &dwLength // receives required buffer size )) { if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) goto Cleanup; ptu = (PTOKEN_USER)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength); if (ptu == NULL) goto Cleanup; } if (!GetTokenInformation( hToken, // handle to the access token TokenUser, // get information about the token groups (LPVOID) ptu, // pointer to PTOKEN_USER buffer dwLength, // size of buffer &dwLength // receives required buffer size )) { goto Cleanup; } SID_NAME_USE SidType; char lpName[MAX_NAME]; char lpDomain[MAX_NAME]; if( !LookupAccountSid( NULL , ptu->User.Sid, lpName, &dwSize, lpDomain, &dwSize, &SidType ) ) { DWORD dwResult = GetLastError(); if( dwResult == ERROR_NONE_MAPPED ) strcpy (lpName, "NONE_MAPPED" ); else { printf("LookupAccountSid Error %u\n", GetLastError()); } } else { printf( "Current user is %s\\%s\n", lpDomain, lpName ); strUser = lpName; strdomain = lpDomain; bSuccess = TRUE; } Cleanup: if (ptu != NULL) HeapFree(GetProcessHeap(), 0, (LPVOID)ptu); return bSuccess; } HRESULT GetUserFromProcess(const DWORD procId, _bstr_t& strUser, _bstr_t& strdomain) { HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,procId); if(hProcess == NULL) return E_FAIL; HANDLE hToken = NULL; if( !OpenProcessToken( hProcess, TOKEN_QUERY, &hToken ) ) { CloseHandle( hProcess ); return E_FAIL; } BOOL bres = GetLogonFromToken (hToken, strUser, strdomain); CloseHandle( hToken ); CloseHandle( hProcess ); return bres?S_OK:E_FAIL; }

+3

dmihailescu Jan 24 '12 at 18:28

source share

WMI is probably the path of least resistance. You must also get the token using the OpenProcessToken and then GetTokenInformation to get the owner SID. You can then include the SID in the username.

+1

Stewart Apr 21 '10 at 19:59

source share

WMI should be able to tell you this information. ~~Otherwise, you need to rely on undocumented pleasure in the ntdll.dll file.~~ Others seem to have found solutions that do not use ntdll.dll - use them, not the undocumented materials.

0

Billy oneal Apr 21 '10 at 19:52

source share

tyranid · Accepted Answer · 2010-04-21T19:59:05+0000

Use OpenProcessToken to get the token (obviously), then GetTokenInformation with the TokenOwner flag TokenOwner get the owner SID. Then you can use LookupAccountSid to get the username.

C ++ Get username from process

More articles: