从进程ID中检测用户名 [英] Detecting user name from process ID

问题描述

我该如何获取具有指定ID的进程运行的用户帐户名.是否有任何api函数?

Ho can i get user account name, that ran the process with specified id. Is there any api function for this?

我正在使用Windows，C ++.

I am using windows,c++.

推荐答案

没有直接执行此操作的API函数，但是您可以结合一些API调用来执行此操作.当然，您的程序将需要满足您感兴趣的检查过程所应用的所有ACL.

There is not an API function that does this directly, however you can combine a few API calls to do this. Of course your program will need to satisfy any ACLs that are applied to the process that you are interested in examining.

首先，给定进程ID，您需要打开该进程的句柄.您可以使用 OpenProcess 为此，请求 PROCESS_QUERY_INFORMATION 访问权限.

First, given the process ID, you'll need to open a handle to the process. You can use OpenProcess for that, requesting the PROCESS_QUERY_INFORMATION access right.

一旦有了该句柄，就可以调用 OpenProcessToken ，请求 TOKEN_QUERY 访问权限.

Once you have that handle, you can call OpenProcessToken, requesting the TOKEN_QUERY access right.

最后，您可以调用 GetTokenInformation ，请求 TokenUser 信息类，这将为您提供令牌的用户帐户.此信息以 SID 的形式提供给您.要将 SID 转换为帐户的实际名称，可以调用

Finally, you can then call GetTokenInformation, requesting the TokenUser information class, which will give you the user account of the token. This information is provided to you in the form of a SID. To convert the SID to the actual name of the account, you can call LookupAccountSid.

别忘了致电 CloseHandle .

Don't forget to call CloseHandle on both the process handle and the token handle once you're finished with them.

这篇关于从进程ID中检测用户名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！