How to get process's user and domain without WMI
-
I am trying to get the user and domain of a running process. I can do it using the WMI, but this has various problems (it's slow, it needs to run wmiprvse.exe). There must be a way of getting this information without using the WMI - does anyone know it? (I'm using C# under .NET2.0, but that should be irrelevant, any answer is going to involve a p-invoke, I'm sure)
Dave
-
I am trying to get the user and domain of a running process. I can do it using the WMI, but this has various problems (it's slow, it needs to run wmiprvse.exe). There must be a way of getting this information without using the WMI - does anyone know it? (I'm using C# under .NET2.0, but that should be irrelevant, any answer is going to involve a p-invoke, I'm sure)
Dave
The Windows API calls you will need are:
OpenProcessto get a handle to the process (ask forPROCESS_QUERY_INFORMATIONrights),OpenProcessTokento get a handle to the process's token (ask forTOKEN_QUERYrights), andGetTokenInformationto get the user account associated with the token (passTokenUseras the second parameter). That will get you the user's security identifier (SID). You then need to use theLookupAccountSidAPI to turn that back into a username and domain. You can find sample P/Invoke declarations at www.pinvoke.net[^].Stability. What an interesting concept. -- Chris Maunder
-
The Windows API calls you will need are:
OpenProcessto get a handle to the process (ask forPROCESS_QUERY_INFORMATIONrights),OpenProcessTokento get a handle to the process's token (ask forTOKEN_QUERYrights), andGetTokenInformationto get the user account associated with the token (passTokenUseras the second parameter). That will get you the user's security identifier (SID). You then need to use theLookupAccountSidAPI to turn that back into a username and domain. You can find sample P/Invoke declarations at www.pinvoke.net[^].Stability. What an interesting concept. -- Chris Maunder
Thanks Mike, that's just what I needed.
Dave