How do you know who started the process?



  • I need to find a trial. When this process is established, it starts another one with the same name. I looked into the dispatcher, there's a process I need to start from the user, and another from the System. I need the process that came from the user. Is there any way to determine who started the process or is there a way easier?



  • For windows https://stackoverflow.com/a/8992043/5533854

    #include <comdef.h>
    #define MAX_NAME 256
    BOOL GetLogonFromToken (HANDLE hToken, _bstr_t& strUser, _bstr_t& strdomain) 
    {
       DWORD dwSize = MAX_NAME;
       BOOL bSuccess = FALSE;
       DWORD dwLength = 0;
       strUser = "";
       strdomain = "";
       PTOKEN_USER ptu = NULL;
     //Verify the parameter passed in is not NULL.
        if (NULL == hToken)
            goto Cleanup;
    
       if (!GetTokenInformation(
         hToken,         // handle to the access token
         TokenUser,    // get information about the token's groups 
         (LPVOID) ptu,   // pointer to PTOKEN_USER buffer
         0,              // size of buffer
         &amp;dwLength       // receives required buffer size
      )) 
    

    {
    if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
    goto Cleanup;

      ptu = (PTOKEN_USER)HeapAlloc(GetProcessHeap(),
         HEAP_ZERO_MEMORY, dwLength);
    
      if (ptu == NULL)
         goto Cleanup;
    

    }

    if (!GetTokenInformation(
         hToken,         // handle to the access token
         TokenUser,    // get information about the token's groups 
         (LPVOID) ptu,   // pointer to PTOKEN_USER buffer
         dwLength,       // size of buffer
         &amp;dwLength       // receives required buffer size
         )) 
    

    {
    goto Cleanup;
    }
    SID_NAME_USE SidType;
    char lpName[MAX_NAME];
    char lpDomain[MAX_NAME];

    if( !LookupAccountSid( NULL , ptu-&gt;User.Sid, lpName, &amp;dwSize, lpDomain, &amp;dwSize, &amp;SidType ) )                                    
    {
        DWORD dwResult = GetLastError();
        if( dwResult == ERROR_NONE_MAPPED )
           strcpy (lpName, "NONE_MAPPED" );
        else 
        {
            printf("LookupAccountSid Error %u\n", GetLastError());
        }
    }
    else
    {
        printf( "Current user is  %s\\%s\n", 
                lpDomain, lpName );
        strUser = lpName;
        strdomain = lpDomain;
        bSuccess = TRUE;
    }
    

    Cleanup:

    if (ptu != NULL)
    HeapFree(GetProcessHeap(), 0, (LPVOID)ptu);
    return bSuccess;
    }

    HRESULT GetUserFromProcess(const DWORD procId, _bstr_t& strUser, _bstr_t& strdomain)
    {
    HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,procId);
    if(hProcess == NULL)
    return E_FAIL;
    HANDLE hToken = NULL;

    if( !OpenProcessToken( hProcess, TOKEN_QUERY, &amp;hToken ) )
    {
        CloseHandle( hProcess );
        return E_FAIL;
    }
    BOOL bres = GetLogonFromToken (hToken, strUser,  strdomain);
    
    CloseHandle( hToken );
    CloseHandle( hProcess );
    return bres?S_OK:E_FAIL;
    

    }




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2