Hi there,
How could I get the owner of a process (the user name that started the process)?
Thank you!
Shannon
get owner of a process
Hi Mathias,
It seems that I can do that with the method posted in madRemote forum... however, I wonder this:
In the EnumProcesses procedure, I always get sid = empty string. Why?
Thanks.
It seems that I can do that with the method posted in madRemote forum... however, I wonder this:
Code: Select all
TDAProcess = array of record
id : dword; // process id
exeFile : string; // exe file (9x = full path; nt = name only)
session : dword; // session id
sid : string; // user sid
end;
Thanks.
"Sid" is currently not filled.
You can use this:
This will give you the sid of the specified process. Don't forget to call "LocalFree(dword(saa))", after you're done.
When having the sid, you can call LookupAccountName to get the user name belonging to that sid.
You can use this:
Code: Select all
function GetProcessSid(processHandle: dword; var saa: PSidAndAttributes) : boolean;
var token, size : dword;
begin
result := false;
if OpenProcessToken(processHandle, TOKEN_QUERY, token) then begin
size := 0;
GetTokenInformation(token, TokenUser, nil, 0, size);
dword(saa) := LocalAlloc(LPTR, size * 2);
if GetTokenInformation(token, TokenUser, saa, size * 2, size) then
result := true
else LocalFree(dword(saa));
CloseHandle(token);
end;
end;
When having the sid, you can call LookupAccountName to get the user name belonging to that sid.