We help IT Professionals succeed at work.

Getting User ID/Name for processes

acmy
acmy asked
on
Medium Priority
1,484 Views
Last Modified: 2013-12-03
Hey,

I need to be able to get the user id/name of a process.
Once I have the PID I attempt to do the following:

OpenProcess()                  - using the pid
GetUserObjectSecurity()            - using the resulting handle
GetSecurityDescriptorOwner()      - using the found security Descriptor
LookupAccountSid()      - to find the Account Name for the found SID

My problem is that LookupAccountSid() always returns with a value of
1332 - ERROR_NONE_MAPPED (No mapping between account names and
security IDs was done)

Can someone tell me what I've done wrong? Is there an easier way to do
want I want than the above? The actual code follows - be warned that I
haven't bothered neatening it up to much - I'm just playing atm.

dwpid has been defined and set elsewhere in the code.

any help is appreciated

---- start code ----

   HANDLE hProcess;
   SECURITY_INFORMATION SecurityInfo = OWNER_SECURITY_INFORMATION;
   SECURITY_DESCRIPTOR SecurityDesc;
   SID_NAME_USE Use = SidTypeUser;
   PSID  pSid;
   LPTSTR wsAccountName;
   LPTSTR wsDomainName;
   DWORD dwSecurityDescLength = BUFSIZ;
   DWORD dwAccountLen = BUFSIZ;
   DWORD dwDomainLen = BUFSIZ;
   BOOL  bOwnerDefaulted;
   char sAccountName[30];
   char sDomainName[30];
   int rc;

   if ((hProcess = OpenProcess(PROCESS_ALL_ACCESS,
                          FALSE,
                          (DWORD)dwpid)) == NULL)
      rc = GetLastError();
   if (GetUserObjectSecurity(hProcess,
                             &SecurityInfo,
                             &SecurityDesc,
                             dwSecurityDescLength,
                             &dwSecurityDescLength))
   {
      if (GetSecurityDescriptorOwner(&SecurityDesc,
                                     &pSid,
                                     &bOwnerDefaulted))
      {
         wsAccountName = (LPTSTR) malloc (dwAccountLen);
         wsDomainName = (LPTSTR) malloc (dwDomainLen);
         if (LookupAccountSid(NULL,
                              pSid,
                              wsAccountName,
                              &dwAccountLen,
                              wsDomainName,
                              &dwDomainLen,
                              &Use))
         {
            WideCharToMultiByte(CP_ACP,
                                NULL,
                                wsAccountName,
                                dwAccountLen,
                                sAccountName,
                                sizeof(sAccountName),
                                NULL,
                                NULL);
            WideCharToMultiByte(CP_ACP,
                                NULL,
                                wsDomainName,
                                dwDomainLen,
                                sDomainName,
                                sizeof(sDomainName),
                                NULL,
                                NULL);
         }
         else
            rc = GetLastError();
      }
      else
         rc = GetLastError();
   }
   else
      rc = GetLastError();

---- end code ----
Comment
Watch Question

Commented:
I've used the following piece of code several times when
I want to get user and domain information:

---[snip]---
DWORD dwUserNameOnlyLength = 1000;
char lpszUserNameOnly[1000];

DWORD dwDomainLength = 1000;
char lpszDomain[1000];

SID_NAME_USE snu;
UCHAR   InfoBuffer[1000];
PTOKEN_USER pTokenUser = (PTOKEN_USER)InfoBuffer;
DWORD   dwInfoBufferSize, dwAccountSize = 200, dwDomainSize = 128;
HANDLE  hProcess, hAccessToken;
hProcess = GetCurrentProcess();
OpenProcessToken(hProcess, TOKEN_READ, &hAccessToken);
GetTokenInformation(hAccessToken, TokenUser, InfoBuffer, 1000, &dwInfoBufferSize);
LookupAccountSid(NULL, pTokenUser->User.Sid, lpszUserNameOnly, &dwUserNameOnlyLength, lpszDomain, &dwDomainLength, &snu);

---[snip]---

Hope it helps!

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Thanks Daniel that did help - once I'd modified it to handle unicode and used OpenProcess() instead of GetCurrentProcess() it worked.

However, I'm still not clear on why it did not work the way I tried it. Was I simply using the wrong API's to get process info?

Thanks again

Commented:
It didn't work with GetCurrentProcess()? Hmm...
I don't know much about these APIs, so I can't tell you what you
did wrong. Why don't you single-step through both codes and
compare results, that would probably give you a good idea on
what you missed.

Author

Commented:
GetCurrentProcess probably would've worked. It's just not what I wanted. I'm looping through currently running processes and attempting to find out who they are owned. GetCurrentProcess would've only worked for my process
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.