Re: Getting logged in user from a service?
- From: "Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx>
- Date: Tue, 5 Jun 2007 11:09:06 +0200
"JamesB" <james@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:466524af$0$27855$db0fefd9@xxxxxxxxxxxxxxxxx
"Nicholas Paldino [.NET/C# MVP]" <mvp@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:u%23E7pcrpHHA.4400@xxxxxxxxxxxxxxxxxxxxxxxJames,The "process" I have is Win32_Process (from following another example), so my code is as below, however my token is always zero.
I'm assuming you are using the Process class or something similar? If so, you can get the handle to the process through the Handle property.
Once you have that, you can call OpenProcessToken (through the P/Invoke layer) to open the process token for reading. Once you have that, you can then call the GetTokenInformation function (again through the P/Invoke layer) to get the SID of the user that began the process.
Finally, you can call the LookupAccountSid API function using the pointer to the SID to get the domain name, user name, etc, etc.
Make sure you call CloseHandle on the token you get from the call to GetTokenInformation.
Hope this helps.
The "Handle" property on the process object is a string, hence the conversion to Intptr to pass to the OpenProcessToken command, so perhaps it's not the same thing?
The process object I have also has GetOwner() and GetOwnerSid() methods, which would be ideal, however these always seem to return null! The process object must be correct in a sense though, as the start and stop events where I pass proc.ProcessID are indeed returning the correct PID as shown in Task Manager.
James.
private void OnEventArrived(object sender, System.Management.EventArrivedEventArgs e)
{
try
{
string eventName = e.NewEvent.ClassPath.ClassName;
//Create process obj
WMI.Win32.Process proc = new WMI.Win32.Process(e.NewEvent["TargetInstance"] as ManagementBaseObject);
//Get handle...
int ph = Convert.ToInt32(proc.Handle);
IntPtr pHandle = new IntPtr(ph);
IntPtr token = IntPtr.Zero;
//get processtoken
try
{
if (OpenProcessToken(pHandle, TOKEN_ACCESS.TOKEN_QUERY, out token) == 0)
{
//throw new ApplicationException("Can't open process token for: " + process.ProcessName);
}
CloseHandle(token);
}
catch (Exception ex)
{
System.Diagnostics.Debug.WriteLine(ex.Message);
}
String userAccount = "";
if (eventName.CompareTo("__InstanceCreationEvent")==0)
{
// Started
if (Started!=null)
Started(this, e, (Int16)proc.ProcessId, userAccount);
}
else if (eventName.CompareTo("__InstanceDeletionEvent")==0)
{
// Terminated
if (Terminated!=null)
Terminated(this, e, (Int16)proc.ProcessId, userAccount );
}
}
catch (Exception ex)
{
System.Diagnostics.Debug.WriteLine(ex.Message);
}
}
You should use "Win32_ProcessStartTrace" for this (supposing you are running XP or higher), take a look at my other reply in this thread for details.
Willy.
.
- Follow-Ups:
- Re: Getting logged in user from a service?
- From: JamesB
- Re: Getting logged in user from a service?
- References:
- Getting logged in user from a service?
- From: JamesB
- Re: Getting logged in user from a service?
- From: Nicholas Paldino [.NET/C# MVP]
- Re: Getting logged in user from a service?
- From: JamesB
- Getting logged in user from a service?
- Prev by Date: Re: C# DatePart() ?
- Next by Date: Redirecting keys using ActiveX RDP control in C#
- Previous by thread: Re: Getting logged in user from a service?
- Next by thread: Re: Getting logged in user from a service?
- Index(es):
Relevant Pages
|
Loading
