Welcome! Log In Create A New Profile

Advanced

Find windows user of a process

Posted by Stefano Giavardi 
Forum List Message List New Topic
Stefano Giavardi
Find windows user of a process
September 23, 2018 06:41PM
Hi.

Is there a simple way / function for finding the user of a process?

I mean..
ExeListProcess find the list of running processes
ExeGetPID find the PID of "myself" application
How can I find the user in windows of a running EXE, even "myself"? Who is running the app, the user name in task manager.

Thank you.
Reply Quote
Peter Holemans
Re: Find windows user of a process
September 24, 2018 11:58AM
Hi Stefano,

Either by API calls on the 'kernel32' and 'advapi32.dll' Windows libraries… Wrote such a thing more than10 years ago but cannot find anything back.


Nowadays there's WMI (Windows Managament Instrumentation) which is way easier to interrogate the OS so I guess you could import the DotNet library (System.Management.dll) and translate the below C# code to get the process owners either by Process ID either by Process Name. You can vary the query to get information via other means. Also make sure the user has sufficient privileges to query WMI.

By Process Id 
public string GetProcessOwner(int processId)
{
    string query = "Select * From Win32_Process Where ProcessID = " + processId;
    ManagementObjectSearcher searcher = new ManagementObjectSearcher(query);
    ManagementObjectCollection processList = searcher.Get();

    foreach (ManagementObject obj in processList)
    {
        string[] argList = new string[] { string.Empty, string.Empty };
        int returnVal = Convert.ToInt32(obj.InvokeMethod("GetOwner", argList));
        if (returnVal == 0)
        {
            // return DOMAIN\user
            return argList[1] + "\\" + argList[0];
        }
    }

    return "NO OWNER";
}


By Process Owner 
public string GetProcessOwner(string processName)
{
    string query = "Select * from Win32_Process Where Name = \"" + processName + "\"";
    ManagementObjectSearcher searcher = new ManagementObjectSearcher(query);
    ManagementObjectCollection processList = searcher.Get();

    foreach (ManagementObject obj in processList)
    {
        string[] argList = new string[] { string.Empty, string.Empty };
        int returnVal = Convert.ToInt32(obj.InvokeMethod("GetOwner", argList));
        if (returnVal == 0)
        {
            // return DOMAIN\user
            string owner = argList[1] + "\\" + argList[0];
            return owner;       
        }
    }

    return "NO OWNER";
}

Cheers,

Peter Holemans


PS: Taken this code in one of my projects from here
Reply Quote
Newer Topic Older Topic
Author:

Your Email:


Subject:
Spam prevention:
Please, enter the code that you see below in the input field. This is for blocking bots that try to post this form automatically. If the code is hard to read, then just try to guess it right. If you enter the wrong code, a new image is created and you get another chance to enter it right.
Message: