-
-
Save MPrtenjak/efe606738c5bf09d59f06417e1ed024a to your computer and use it in GitHub Desktop.
Detecting user name from process ID
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| How to get the username from process id in WINDOWS. | |
| With the help from stackoverflow: | |
| https://stackoverflow.com/questions/3172392/detecting-user-name-from-process-id | |
| https://stackoverflow.com/questions/777548/how-do-i-determine-the-owner-of-a-process-in-c | |
| */ | |
| using System; | |
| using System.Runtime.InteropServices; | |
| using System.Security.Principal; | |
| namespace ConsoleApp5 | |
| { | |
| public static class WinApi | |
| { | |
| public static string GetProcessOwnerByID(int processId) | |
| { | |
| IntPtr processHandle = IntPtr.Zero; | |
| IntPtr tokenHandle = IntPtr.Zero; | |
| try | |
| { | |
| processHandle = OpenProcess(PROCESS_QUERY_INFORMATION, false, processId); | |
| if (processHandle == IntPtr.Zero) | |
| return "NO ACCESS"; | |
| OpenProcessToken(processHandle, TOKEN_QUERY, out tokenHandle); | |
| using (WindowsIdentity wi = new WindowsIdentity(tokenHandle)) | |
| { | |
| string user = wi.Name; | |
| return user.Contains(@"\") ? user.Substring(user.IndexOf(@"\") + 1) : user; | |
| } | |
| } | |
| finally | |
| { | |
| if (tokenHandle != IntPtr.Zero) CloseHandle(tokenHandle); | |
| if (processHandle != IntPtr.Zero) CloseHandle(processHandle); | |
| } | |
| } | |
| [DllImport("kernel32.dll")] | |
| public static extern IntPtr OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId); | |
| [DllImport("advapi32.dll", SetLastError = true)] | |
| private static extern bool OpenProcessToken(IntPtr ProcessHandle, uint DesiredAccess, out IntPtr TokenHandle); | |
| [DllImport("kernel32.dll", SetLastError = true)] | |
| [return: MarshalAs(UnmanagedType.Bool)] | |
| private static extern bool CloseHandle(IntPtr hObject); | |
| private const UInt32 STANDARD_RIGHTS_REQUIRED = 0x000F0000; | |
| private const UInt32 SYNCHRONIZE = 0x00100000; | |
| private const UInt32 PROCESS_TERMINATE = 0x0001; | |
| private const UInt32 PROCESS_CREATE_THREAD = 0x0002; | |
| private const UInt32 PROCESS_SET_SESSIONID = 0x0004; | |
| private const UInt32 PROCESS_VM_OPERATION = 0x0008; | |
| private const UInt32 PROCESS_VM_READ = 0x0010; | |
| private const UInt32 PROCESS_VM_WRITE = 0x0020; | |
| private const UInt32 PROCESS_DUP_HANDLE = 0x0040; | |
| private const UInt32 PROCESS_CREATE_PROCESS = 0x0080; | |
| private const UInt32 PROCESS_SET_QUOTA = 0x0100; | |
| private const UInt32 PROCESS_SET_INFORMATION = 0x0200; | |
| private const UInt32 PROCESS_QUERY_INFORMATION = 0x0400; | |
| private const UInt32 PROCESS_SUSPEND_RESUME = 0x0800; | |
| private const UInt32 PROCESS_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF; | |
| private const UInt32 TOKEN_ASSIGN_PRIMARY = 0x0001; | |
| private const UInt32 TOKEN_DUPLICATE = 0x0002; | |
| private const UInt32 TOKEN_IMPERSONATE = 0x0004; | |
| private const UInt32 TOKEN_QUERY = 0x0008; | |
| private const UInt32 TOKEN_QUERY_SOURCE = 0x0010; | |
| private const UInt32 TOKEN_ADJUST_PRIVILEGES = 0x0020; | |
| private const UInt32 TOKEN_ADJUST_GROUPS = 0x0040; | |
| private const UInt32 TOKEN_ADJUST_DEFAULT = 0x0080; | |
| private const UInt32 TOKEN_ADJUST_SESSIONID = 0x0100; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment