How do you know who started the process?

fbio

I need to find a trial. When this process is established, it starts another one with the same name. I looked into the dispatcher, there's a process I need to start from the user, and another from the System. I need the process that came from the user. Is there any way to determine who started the process or is there a way easier?

rielyn

For windows https://stackoverflow.com/a/8992043/5533854

#include <comdef.h>
#define MAX_NAME 256
BOOL GetLogonFromToken (HANDLE hToken, _bstr_t& strUser, _bstr_t& strdomain) 
{
   DWORD dwSize = MAX_NAME;
   BOOL bSuccess = FALSE;
   DWORD dwLength = 0;
   strUser = "";
   strdomain = "";
   PTOKEN_USER ptu = NULL;
 //Verify the parameter passed in is not NULL.
    if (NULL == hToken)
        goto Cleanup;
   if (!GetTokenInformation(
     hToken,         // handle to the access token
     TokenUser,    // get information about the token's groups 
     (LPVOID) ptu,   // pointer to PTOKEN_USER buffer
     0,              // size of buffer
     &amp;dwLength       // receives required buffer size
  )) 

{

if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)

goto Cleanup;
  ptu = (PTOKEN_USER)HeapAlloc(GetProcessHeap(),
     HEAP_ZERO_MEMORY, dwLength);

  if (ptu == NULL)
     goto Cleanup;

}
if (!GetTokenInformation(
     hToken,         // handle to the access token
     TokenUser,    // get information about the token's groups 
     (LPVOID) ptu,   // pointer to PTOKEN_USER buffer
     dwLength,       // size of buffer
     &amp;dwLength       // receives required buffer size
     )) 

{

goto Cleanup;

}

SID_NAME_USE SidType;

char lpName[MAX_NAME];

char lpDomain[MAX_NAME];
if( !LookupAccountSid( NULL , ptu-&gt;User.Sid, lpName, &amp;dwSize, lpDomain, &amp;dwSize, &amp;SidType ) )                                    
{
    DWORD dwResult = GetLastError();
    if( dwResult == ERROR_NONE_MAPPED )
       strcpy (lpName, "NONE_MAPPED" );
    else 
    {
        printf("LookupAccountSid Error %u\n", GetLastError());
    }
}
else
{
    printf( "Current user is  %s\\%s\n", 
            lpDomain, lpName );
    strUser = lpName;
    strdomain = lpDomain;
    bSuccess = TRUE;
}

Cleanup:
if (ptu != NULL)

HeapFree(GetProcessHeap(), 0, (LPVOID)ptu);

return bSuccess;

}
HRESULT GetUserFromProcess(const DWORD procId,  _bstr_t& strUser, _bstr_t& strdomain)

{

HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,procId);

if(hProcess == NULL)

return E_FAIL;

HANDLE hToken = NULL;
if( !OpenProcessToken( hProcess, TOKEN_QUERY, &amp;hToken ) )
{
    CloseHandle( hProcess );
    return E_FAIL;
}
BOOL bres = GetLogonFromToken (hToken, strUser,  strdomain);

CloseHandle( hToken );
CloseHandle( hProcess );
return bres?S_OK:E_FAIL;

}