Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Process User Name
#1
Is there a way to get the user name of the process owner (like what is shown in Task Manager)?
An old blog on QM coding and automation.

The Macro Hook
#2
Member function str.GetProcessUserName
Code:
Copy      Help
function$ pid [flags] ;;flags: 1 with domain

;Gets process user name.
;QM must be running as admin.

;pid - process id. Use ProcessNameToId to get id from name.


__Handle hProcess hToken
str st sd

this.all
SetPrivilege("SeDebugPrivilege")
hProcess=OpenProcess(PROCESS_QUERY_INFORMATION 0 pid); if(!hProcess) ret
if(!OpenProcessToken(hProcess TOKEN_QUERY &hToken)) ret
if(!GetTokenInformation(hToken TokenUser st.all(300) 300 &_i) or !_i) ret

TOKEN_USER* pt=st
this.all(300); sd.all(300)
int ul(300) dl(300)
if(!LookupAccountSid(0 pt.User.Sid this &ul sd &dl &_i)) ret
this.fix(ul)
if(flags&1) this.from(sd.lpstr "/" this)
ret this

Macro Macro1386
Code:
Copy      Help
str s
int pid=ProcessNameToId("mspaint")
out pid
if(!s.GetProcessUserName(pid 1)) ret
out s

If need for all processes, faster would be WTSEnumerateProcesses.
#3
works like a charm. THANKS!!!
An old blog on QM coding and automation.

The Macro Hook
#4
Hello,

I found the above example and would like the ability to output the Client Name found under the Users tab in Windows Task Manager instead of the User.

Im trying to display the application used by a remote user (remote desktop) to other users that connect afterwards.

For example:
User1 connect to a remote server and opens ms paint, then when User2 connected to the same server, I would like the screen to flash "MSPAINT used by User1" on User2's screen.

I have the following script working so far with the above example and Member function str.GetProcessUserName

Macro
Code:
Copy      Help
out
str s

rep()
    if(ProcessNameToId("mspaint") = 0)
        wait 2
        out "Paint is not used"
    else
        if(!s.GetProcessUserName(ProcessNameToId("mspaint") 1)) ret
        wait 2
        OnScreenDisplay(F"Paint used by {s}" 1 0 1 "comic sans ms" 25 0x0000ff 0 "FF_Start")

If im going about this completely wrong, please help me get back on track.

Thanks!!!


Forum Jump:


Users browsing this thread: 1 Guest(s)