Process Owner and Parent

jparsons

I know I'm missing something obvious. I'm writing a tool that does some dianostics on processes. I can't seem to figure out how to locate the name of the user running a process or the id of the parent process. Can someone please point me in the correct direction. Thanks Jared jparsons@jparsons.org www.prism.gatech.edu/~gte477n

Heath Stewart

One way ( without digging into the debugging APIs :eek: ) is to P/Invoke the native functions in the following order: OpenProcessToken, GetTokenInformation, then LookupAccountName. You pass Process.Handle to OpenProcessToken to get an access token. You then get a TOKEN_USER struct by calling GetTokenInformation. Finally, use the SID parameter from TOKEN_USER and call LookupAccountName. This also seems to be partly what taskmgr.exe and tasklist.exe (in Windows XP) are doing. There is actually only tree functions you have to P/Invoke and only a couple structs you have to redefine. I'm sorry that I couldn't find a way to get the parent process ID. In fact, I couldn't find anything common that does on Windows, not to say it isn't possible.

-----BEGIN GEEK CODE BLOCK----- Version: 3.21 GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++ -----END GEEK CODE BLOCK-----

Jose Fco Bonnin

If WMI is an option for your tool you can get all that information from it. Just take a look to the class "Win32_Process". I remember some nice articles about WMI in codeproject. If you don't find them let me know.