lesnuages/main.go

## main.go
package main

import (
	"fmt"
	"log"
	"syscall"
	"unsafe"
)

// getInfo retrieves a specified type of information about an access token.
func getInfo(t syscall.Token, class uint32, initSize int) (unsafe.Pointer, error) {
	n := uint32(initSize)
	for {
		b := make([]byte, n)
		e := syscall.GetTokenInformation(t, class, &b[0], uint32(len(b)), &n)
		if e == nil {
			return unsafe.Pointer(&b[0]), nil
		}
		if e != syscall.ERROR_INSUFFICIENT_BUFFER {
			return nil, e
		}
		if n <= uint32(len(b)) {
			return nil, e
		}
	}
}

// getTokenOwner retrieves access token t owner account information.
func getTokenOwner(t syscall.Token) (*syscall.Tokenuser, error) {
	i, e := getInfo(t, syscall.TokenOwner, 50)
	if e != nil {
		return nil, e
	}
	return (*syscall.Tokenuser)(i), nil
}

func getProcessOwner(pid int) (owner string, err error) {
	handle, err := syscall.OpenProcess(syscall.PROCESS_QUERY_INFORMATION, false, uint32(pid))
	if err != nil {
		log.Printf("[%d] OpenProcess failed: %s\n", pid, err)
		return
	}
	var token syscall.Token
	if err = syscall.OpenProcessToken(handle, syscall.TOKEN_QUERY, &token); err != nil {
		log.Printf("[%d] OpenProcessToken failed: %s\n", pid, err)
		return
	}
	tokenUser, err := getTokenOwner(token)
	if err != nil {
		log.Printf("[%d] GetTokenUser failed: %s\n", pid, err)
		return
	}
	owner, domain, _, err := tokenUser.User.Sid.LookupAccount("")
	if err != nil {
		log.Printf("[%d] LookupAccount failed: %s\n", pid, err)
	}
	owner = fmt.Sprintf("%s\\%s", domain, owner)
	return
}

func main() {
	pid := syscall.Getpid()
	owner, err := getProcessOwner(pid)
	if err != nil {
		fmt.Println(err)
	}
	fmt.Println(owner)
}
	package main

	import (
	"fmt"
	"log"
	"syscall"
	"unsafe"
	)

	// getInfo retrieves a specified type of information about an access token.
	func getInfo(t syscall.Token, class uint32, initSize int) (unsafe.Pointer, error) {
	n := uint32(initSize)
	for {
	b := make([]byte, n)
	e := syscall.GetTokenInformation(t, class, &b[0], uint32(len(b)), &n)
	if e == nil {
	return unsafe.Pointer(&b[0]), nil
	}
	if e != syscall.ERROR_INSUFFICIENT_BUFFER {
	return nil, e
	}
	if n <= uint32(len(b)) {
	return nil, e
	}
	}
	}

	// getTokenOwner retrieves access token t owner account information.
	func getTokenOwner(t syscall.Token) (*syscall.Tokenuser, error) {
	i, e := getInfo(t, syscall.TokenOwner, 50)
	if e != nil {
	return nil, e
	}
	return (*syscall.Tokenuser)(i), nil
	}

	func getProcessOwner(pid int) (owner string, err error) {
	handle, err := syscall.OpenProcess(syscall.PROCESS_QUERY_INFORMATION, false, uint32(pid))
	if err != nil {
	log.Printf("[%d] OpenProcess failed: %s\n", pid, err)
	return
	}
	var token syscall.Token
	if err = syscall.OpenProcessToken(handle, syscall.TOKEN_QUERY, &token); err != nil {
	log.Printf("[%d] OpenProcessToken failed: %s\n", pid, err)
	return
	}
	tokenUser, err := getTokenOwner(token)
	if err != nil {
	log.Printf("[%d] GetTokenUser failed: %s\n", pid, err)
	return
	}
	owner, domain, _, err := tokenUser.User.Sid.LookupAccount("")
	if err != nil {
	log.Printf("[%d] LookupAccount failed: %s\n", pid, err)
	}
	owner = fmt.Sprintf("%s\\%s", domain, owner)
	return
	}

	func main() {
	pid := syscall.Getpid()
	owner, err := getProcessOwner(pid)
	if err != nil {
	fmt.Println(err)
	}
	fmt.Println(owner)
	}