get owner of a process

delphi package - easy access to kernel objects etc.
Post Reply
xrfang
Posts: 68
Joined: Mon Feb 28, 2005 7:29 am

get owner of a process

Post by xrfang »

Hi there,

How could I get the owner of a process (the user name that started the process)?

Thank you!

Shannon
xrfang
Posts: 68
Joined: Mon Feb 28, 2005 7:29 am

Post by xrfang »

Hi Mathias,

It seems that I can do that with the method posted in madRemote forum... however, I wonder this:

Code: Select all

  TDAProcess = array of record
    id      : dword;    // process id
    exeFile : string;   // exe file (9x = full path; nt = name only)
    session : dword;    // session id
    sid     : string;   // user sid
  end;
In the EnumProcesses procedure, I always get sid = empty string. Why?

Thanks.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

"Sid" is currently not filled.

You can use this:

Code: Select all

function GetProcessSid(processHandle: dword; var saa: PSidAndAttributes) : boolean;
var token, size : dword;
begin
  result := false;
  if OpenProcessToken(processHandle, TOKEN_QUERY, token) then begin
    size := 0;
    GetTokenInformation(token, TokenUser, nil, 0, size);
    dword(saa) := LocalAlloc(LPTR, size * 2);
    if GetTokenInformation(token, TokenUser, saa, size * 2, size) then
         result := true
    else LocalFree(dword(saa));
    CloseHandle(token);
  end;
end;
This will give you the sid of the specified process. Don't forget to call "LocalFree(dword(saa))", after you're done.

When having the sid, you can call LookupAccountName to get the user name belonging to that sid.
xrfang
Posts: 68
Joined: Mon Feb 28, 2005 7:29 am

Post by xrfang »

Hi Mathias,

Thanks for the code! I found similar one on the net, which uses same method. One question:

In my code I use GetMem/FreeMem, but you use LocalAlloc/LocalFree, what are the difference?

Thanks!
Shannon
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

It doesn't matter, you can use either one.
Post Reply