LPCTSTR GetProcessUserName(DWORD dwID) // 进程ID { HANDLE hProcess=OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwID); if( hProcess==NULL ) return NULL;
HANDLE hToken =NULL; BOOL bResult =FALSE; DWORD dwSize =0;
static TCHAR szUserName[256]={0}; TCHAR szDomain[256]={0}; DWORD dwDomainSize=256; DWORD dwNameSize=256;
SID_NAME_USE SNU; PTOKEN_USER pTokenUser=NULL; __try { if( !OpenProcessToken(hProcess,TOKEN_QUERY,&hToken) ) { bResult = FALSE; __leave; }
if( !GetTokenInformation(hToken,TokenUser,pTokenUser,dwSize,&dwSize) ) { if( GetLastError() != ERROR_INSUFFICIENT_BUFFER ) { bResult = FALSE ; __leave; } }
pTokenUser = NULL; pTokenUser = (PTOKEN_USER)malloc(dwSize); if( pTokenUser == NULL ) { bResult = FALSE; __leave; }
if( !GetTokenInformation(hToken,TokenUser,pTokenUser,dwSize,&dwSize) ) { bResult = FALSE; __leave; }
if( LookupAccountSid(NULL,pTokenUser->User.Sid,szUserName,&dwNameSize,szDomain,&dwDomainSize,&SNU) != 0 ) { return szUserName; } } __finally { if( pTokenUser!=NULL ) free(pTokenUser); }
return NULL; }
注:1.目前仅能获取Administrator,SYSTEM用户名。 2.LOCAL SERVICE 和 NETWORK SERVICE的用户名获取不到。//为什么不能获取呢?
发现是本程序的权限不够。所以调用如下方法提升权限。。。。
BOOL CDialog2::EnableDebugPrivilages(){ HANDLE hToken; LUID sedebugnameValue; TOKEN_PRIVILEGES tp; if (!::OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { return FALSE; } if (!::LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue )) { ::CloseHandle( hToken ); return FALSE; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = sedebugnameValue; tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if(AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL )) { ::CloseHandle(hToken); return FALSE; } return TRUE; }
//======================================================================//
上面的方法比较繁琐,下面有个简单办法。请看。
#include <windows.h>#include <iostream>using namespace std;
int main(){ DWORD dwProcessId = 1832; HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION , FALSE, dwProcessId); HANDLE hToken; if (NULL == hProcess) { wcout << L"OpenProcess is failed" << endl; }
BOOL bRet = OpenProcessToken(hProcess, TOKEN_QUERY, &hToken); if (FALSE == bRet) { wcout << L"OpenProcessToken is failed" << endl; }
TCHAR tkUser[MAX_PATH]; DWORD dwRetLen; // 第一次调用GetTokenInformation是为了获取PTOKEN_USER需要分配多大的空间 bRet = GetTokenInformation(hToken, TokenUser, NULL, 0, &dwRetLen);
PTOKEN_USER pToken = new TOKEN_USER[dwRetLen]; bRet = GetTokenInformation(hToken, TokenUser, pToken, dwRetLen, &dwRetLen);
TCHAR szUserName[MAX_PATH]; DWORD dwUserNameSize; TCHAR szDomainName[MAX_PATH]; DWORD dwDomainNameSize; SID_NAME_USE snu; bRet = LookupAccountSid(NULL, pToken->User.Sid, szUserName, &dwUserNameSize, szDomainName, &dwDomainNameSize, &snu);
wcout << szUserName << endl; wcout << szDomainName << endl; return 0; }
另外有2篇博文链接,比较好,我就直接帖地址了。
http://topic.csdn.net/u/20110429/16/62b2efea-0b3a-4bae-afb0-391c9e98814d.html
http://hi.baidu.com/tr0j4n/blog/item/7531a62a613e12f0e6cd400a.html
