In the windows XP task manager, I can see which user created a process. Does anyone know how can I retrieve this information from a program?
Posted on 2003-01-13 09:04:09 by Qweerdy
Here's a piece of C++ that does just that:


PSID pSidOwner;
PSECURITY_DESCRIPTOR pSecurityDesc;

DWORD ret = GetSecurityInfo(GetCurrentProcess(),
SE_KERNEL_OBJECT,
OWNER_SECURITY_INFORMATION,
&pSidOwner,
NULL,
NULL,
NULL,
&pSecurityDesc);
if (ret==ERROR_SUCCESS)
{
char user[128],
domain[128];

DWORD lnUser = sizeof(user),
lnDomain = sizeof(domain);

SID_NAME_USE sidNameUse;

BOOL bRet = LookupAccountSid(NULL, pSidOwner,
user, &lnUser,
domain, &lnDomain,
&sidNameUse);
if (bRet)
{
ostringstream sstr;
sstr << "user: " << user << endl << "domain: " << domain;
MessageBox(NULL, sstr.str().c_str(), "GetUser", MB_OK);
}
LocalFree(pSecurityDesc);
}


Thomas
Posted on 2003-01-13 10:44:04 by Thomas
Thanks, that's what I was looking for!

Would this also be the best way to check if a process was created by the currently logged on user ( = on the current desktop), or is there a API for that too?
Posted on 2003-01-13 11:42:50 by Qweerdy
Probably the safest method is to get the current user's SID and compare it (EqualSID) with the SID retreived from the process handle, but I don't know how to get the current users's SID. Comparing usernames will probably do too, unless you need high security.

Thomas
Posted on 2003-01-13 12:06:00 by Thomas
Ok, thanks a lot! This whole API is new to me...
Posted on 2003-01-13 13:05:16 by Qweerdy