Get account name associated with a running process.

M

Moses M

I posted this a short while ago , but I don't think I explained the problem
clearly. Task Manager lists processes running on a local system, including a
"user name" associated with each process (e.g. SYSTEM). My application
needs to check if a particular process is running, and if so get the
associated "owner". I am really trying to determine the security context in
which the process was started. Thanks for any input.

-- Moses
 
B

Bob Grommes

Hm. I'm not aware of a way to get the process owner. You can certainly
find the process using the static Process.GetProcesses() or
Process.GetProcessByName() methods, and you can determine the machine it's
running on using the MachineName property of a particular Process instance.
From there, I suppose you'd have to have access to the running machine's
Active Directory and find some way to track down process ownership from
there.

If you don't really need to know who the owner is, but just whether YOU own
it or not, you can perhaps find some non-destructive method call against a
Process instance that is disallowed for non-owners, and execute it in a try
block. I know that Kill() and Close() require that you have ownership, but
obviously those wouldn't be methods you'd call to test if you have
ownership. Maybe an attempt to read the Threads collection or something
like that.

Just some random ideas that might suggest an avenue of exporation for you.

--Bob
 
M

Moses M

Thanks Bob. I will keep poking around. A friend suggested I use
OpenProcessToken() which looks to me like "backsliding" into unamaged code!
-- Moses
 
B

Bob Grommes

Don't feel guilty; sometimes a little backsliding is just what the doctor
ordered.

P/Invoke and COM Interop are designed, in part, to allow you to get on with
your work even in those areas that .NET doesn't have a managed interface
for. For example, the CLR has virtually no implementation for multimedia
APIs, so you have to resort to P/Invoke to do a simple console beep.

If the truth were known, a lot of the CLR methods are just fig leaves over
P/Invoke calls anyway. How do you think they implement file I/O?

--Bob
 
M

Moses M

Thanks guys for all the input. I got OpenProcessToken() to work OK for a
local system, but it throws an exception for remote systems (says "Feature
is not supported for remote machines"). Severe limitation for my needs.
Grateful for any more suggestions. Meanwhile I will keep searching among the
thorns and thistles!

-- Moses
 
W

Willy Denoyette [MVP]

Use System.Management and the Win32_Process class.
Here's a sample...

using System;
using System.Management;
using System.Diagnostics;
class App {
public static void Main() {
GetProcessInfo(Process.GetCurrentProcess().Handle.ToInt32());
}

static void GetProcessInfo(int handle)
{
using(ManagementObject proc = new
ManagementObject("Win32_Process.Handle='" + handle.ToString() + "'"))
{
proc.Get();
string[] s = new String[2];
//Invoke the method and populate the array with the user name and domain
proc.InvokeMethod("GetOwner",(object[])s);
Console.WriteLine("User: " + s[1]+ "\\" + s[0]);
}
}
}

Willy.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User name a ssociated with a runningn process 2
Get owner of a process 1
Anyone know how to start a process with low integrity from a process with higher integrity? 0
Killing a Process if no App. 4
Outlook wont open, process running 26
get the username associated with a process 2
Get all users with Process running 1
Process.Start() and Process.WaitForExit() 1

Top