0

i am writing a code to search whether the given .exe file is running under the specific user account or not. Is there any API to get the list of process running under the specific user. or else can we get the user name of the process from the process in C++.

I did some search from the internet and found that "CreateToolhelp32Snapshot" will help. But its returning all the process that runs under all users in the system. I want the process that runs under the specific user to be printed.

walnut
  • 21,629
  • 4
  • 23
  • 59
KALYAN
  • 83
  • 1
  • 6
  • 1
    Please avoid the term "C/C++". There is no such language, and many of us old-timers actively dislike it. If you're writing a C++ program, then use only the `c++` tag. – Some programmer dude Aug 26 '19 at 06:25
  • Does [this](https://stackoverflow.com/questions/939778/linux-api-to-list-running-processes) help? – hoo2 Aug 26 '19 at 06:33
  • @uneven_mark... I am looking for windows specific. – KALYAN Aug 26 '19 at 06:44
  • Using Win32_Process WMI Class you get the process runing and with the GetOwner command you will get the user id of each process. See this link to know how to access to WMI [link](https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-c---application-examples) – SuperG280 Aug 26 '19 at 08:30
  • you need under same user sid ? under same logon session ? – RbMm Aug 26 '19 at 10:36
  • @SuperG280 - what sense use wmi at all when possible direct use api which use wmi ? – RbMm Aug 26 '19 at 10:37
  • and `GetOwner` (if it query *TokenOwner*) absolute wrong. need look for *TokenUser* if need user sid – RbMm Aug 26 '19 at 10:44
  • 1
    Keep in mind, that a user can rename an executable image. Whatever you had planned to identify that executable is probably not going to work. With that, this totally reads like an [XY Problem](http://xyproblem.info). What are you ultimately trying to accomplish? – IInspectable Aug 26 '19 at 10:59

1 Answers1

3

I am writing a code to search whether the given .exe file is running under the specific user account or not.

Use OpenProcessToken to get the token (obviously), then GetTokenInformation with the TokenUser flag to get the SID of the owner. Then you can use LsaLookupSids2 to get the username.

Is there any API to get the list of process running under the specific user... But CreateToolhelp32Snapshot returning all the process that runs under all users in the system.

You can filter out the specified user from it by the above method.

Drake Wu
  • 6,927
  • 1
  • 7
  • 30
  • why *TokenOwner* when we need *TokenUser* here. if want get user account. and `LookupAccountSid` not good by design api, better use `LsaLookupSids` – RbMm Aug 26 '19 at 10:21
  • @RbMm, Thanks for pointer out, fixed. And used the `LsaLookupSids2 ` instead of `LsaLookupSids` since It may be altered or unavailable in subsequent versions. – Drake Wu Aug 26 '19 at 14:31