locked
How to get user of the running process? RRS feed

  • Question

  • Hello All,

    I am having trouble in finding out the user of the running process. Following explanation(steps) should make the picture clear:

    1. Login in to a restricted user account & run any process.(e.g notepad.exe)

    2. Then I run my tool which is procuser.exe in administrator context by using the "Run as" facility of windows.

    (It takes PID of the process - notepad.exe in this case, as command line argument).

    3. What I am interested in is the user of the process. (The one which we see in task manager)

    For this very purpose I have followed a very traditional path... That is first I enable SeDebugPrivilege for my process so that I can get handle of notepad.exe without any trouble which does happens.But the thing is OpenProcessToken always fails by throwing error as "Access Denied".

    Does anybody know how to get around this... I have searched a lot and have found nothing...

    I am following another approach mentioned here:

    http://social.msdn.microsoft.com/forums/en-US/windowssdk/thread/68783a59-c553-4c1b-8697-d78c5a4ca8af/

    But again problem persists as in many cases it simply gives the name of user as "Buitin\Administrators"

    Again I have searched a lot keeping this second approach in mind, but haven't found anything fruitful...

    (This is all happening on WIN XP - SP2 32-bit)

    Hoping to receive useful info on this...


    Nikhil Chudekar
    • Moved by Cloud_TS Wednesday, February 9, 2011 8:26 AM move to applicable forum (From:Windows 7 Security)
    Monday, February 7, 2011 6:23 AM