CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    Join Date
    Sep 2004
    Posts
    1,361

    Finding the user that owns a process.

    I have OpenProcess(...) and OpenProcessToken(...) and I can get all sorts of information about a process, except the user name of who's process it is.

    Basically this is part of a long painful process of figuring out how to launch a program as another user (you do not have their user-name or password). I have found out that ImpersonateUser() doesn't allow me to launch things as that other user for reasons I do not understand.

    Currently I need to load the users profile, but for that to work I need the username and I do not know how to get it. Any help would greatly be appreciated.

  2. #2
    Join Date
    Jun 2008
    Posts
    43

    Re: Finding the user that owns a process.


  3. #3
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,620

    Re: Finding the user that owns a process.

    Quote Originally Posted by DeepT View Post
    I have OpenProcess(...) and OpenProcessToken(...) and I can get all sorts of information about a process, except the user name of who's process it is.

    Basically this is part of a long painful process of figuring out how to launch a program as another user (you do not have their user-name or password). I have found out that ImpersonateUser() doesn't allow me to launch things as that other user for reasons I do not understand.

    Currently I need to load the users profile, but for that to work I need the username and I do not know how to get it. Any help would greatly be appreciated.
    CreateProcessAsUser never requires for something else but token... that you already have.

    Anyway, GetTokenInformation + TokenUser gives you user's SID, that can be resolved to user account name by LookupAccountSid.
    Last edited by Igor Vartanov; March 5th, 2009 at 05:16 AM.
    Best regards,
    Igor

  4. #4
    Join Date
    Sep 2004
    Posts
    1,361

    Re: Finding the user that owns a process.

    Yeah, but CreateProcessAsUser does not load the user's profile, which does require the user's name. Thanks for this info though. I did go down that path, but then I tried something using a different users account in another session. I could open their process, but I could not open their process token. I was running at a higher privilege then they were.

    Basically on vista I created another "normal" account, that is a non-admin account. I opened notepad.exe. I switched to my account, where dev studio is running as Admin, and then I ran into the wall about opening their process token. I needed enough to duplicate it and create a new primary token to launch something, but could never get their token.

    Any ideas on that?

    All this trouble is because someone demanded I run my installer from an MSI package and that runs it as system which launches my programs as system so I need a way to counter that effect.
    Last edited by DeepT; March 5th, 2009 at 05:46 PM.

  5. #5
    Arjay's Avatar
    Arjay is offline Moderator / EX MS MVP Power Poster
    Join Date
    Aug 2004
    Posts
    13,490

    Re: Finding the user that owns a process.

    Search the web for using NtQuerySystemInformation. This is what task manager uses internally to retrieve the process owner names.

  6. #6
    Join Date
    Sep 2004
    Posts
    1,361

    Re: Finding the user that owns a process.

    But I still need to open the process token to invoke a process as that user, which I can't for other users in other sessions. Now maybe if Dev studio was running as local system it would work, but it is kind of hard to debug with no GUI.

    Actually, I remember trying something like this years ago and asking about it. How do you start a process as another user in another session. IE: You are service in session 0 running as SYSTEM, how do you launch NotePad.exe for the user, as the user, in session 1?

    I think in the end, it was not possible. People said it was, but nobody ever gave a working example. I even went on the MSDN forums, and some MSVP posted some code to do it. I compiled it, and it did not work. It ran alright, but the program was as SYSTEM in session 0, not as UserX in session 1.

  7. #7
    Arjay's Avatar
    Arjay is offline Moderator / EX MS MVP Power Poster
    Join Date
    Aug 2004
    Posts
    13,490

    Re: Finding the user that owns a process.

    Quote Originally Posted by DeepT View Post
    All this trouble is because someone demanded I run my installer from an MSI package and that runs it as system which launches my programs as system so I need a way to counter that effect.
    Can you give system the right to install programs by adjusting a group policy?

  8. #8
    Join Date
    Sep 2004
    Posts
    1,361

    Re: Finding the user that owns a process.

    I do not really understand that. This is a request from "above". I have no idea how active directory works, or even MSIs beyond this very basic wrapper I created. Maybe if my program was running as SYSTEM those API calls would work for me, but they fail even running as an elevated Admin against a non-admin account, so I have no way to test this since I can't even get a process token (not handle) from another user in another session. Oddly I can open it with Full Privileges, which then I would assume would grant me the right to get an access token with Full or even some privileges, yet even the most minor requests, like Query is denied.

  9. #9
    Arjay's Avatar
    Arjay is offline Moderator / EX MS MVP Power Poster
    Join Date
    Aug 2004
    Posts
    13,490

    Re: Finding the user that owns a process.

    It's not really clear to me what you are trying to do. From what I understand you are trying to launch a separate process (which installs an msi package) from a system process that runs in a non-admin user account.

    If so, that is going to fail because the non-admin user account won't have the priviledges to install the msi package.

    As far as 'this coming from above'.... keep in mind that all ideas or approaches that come from above aren't necessarily good ones.

  10. #10
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,620

    Re: Finding the user that owns a process.

    Quote Originally Posted by DeepT View Post
    How do you start a process as another user in another session. IE: You are service in session 0 running as SYSTEM, how do you launch NotePad.exe for the user, as the user, in session 1?

    I think in the end, it was not possible. People said it was, but nobody ever gave a working example.
    Okay, let's close the gap a bit. See the sample attached. It finds the first notepad.exe, obtains its token and runs calc.exe side by side in the same session interactively. I have verified it with my Vista sp1, and it woks alright.

    The scenario is as follows:
    • Switch to another user account and run notepad.exe
    • Switch back to your development account (no notepad running in)
    • make
    • setup (this is where finally "you're service in session 0 running as SYSTEM")
    • run_calc
    • see mysvcx.log
    • make sure the calc.exe of the PID specifed is running
    • switch to the account running notepad and make sure a calculator instance is running there
    • close calc and switch back to your development account
    • setup -u

    In the log finally you have something like that:
    Code:
    [03/10/09 00:39:23] ++ Start ++
    [03/10/09 00:39:26] [PID:5280] Path: C:\Windows\System32\notepad.exe
    [03/10/09 00:39:26] [5280] Token: 0000007C
    [03/10/09 00:39:26] [5280] uSID: S-1-5-21-3531474516-4049177484-105061100-1002
    [03/10/09 00:39:26] [5280] User: IVARTANOV-VISTA\dummy
    [03/10/09 00:39:26] Duplicating token handle...
    [03/10/09 00:39:26] Impersonating logged on user...
    [03/10/09 00:39:26] Running executable...
    [03/10/09 00:39:26] C:\Windows\system32\calc.exe
    [03/10/09 00:39:26] [PID:8136] Process was run successfully. Waiting for stop...
    [03/10/09 00:39:49] Cleanup after process stop...
    [03/10/09 00:39:49] Quitting thread...
    [03/10/09 00:40:07] -- Stop --
    EDIT: Sample updated to support Win7 as well. Please see the difference: it searches for explorer.exe running particular user account.
    Last edited by Igor Vartanov; April 12th, 2013 at 03:56 AM.
    Best regards,
    Igor

  11. #11
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,620

    Re: Finding the user that owns a process.

    Quote Originally Posted by DeepT View Post
    Yeah, but CreateProcessAsUser does not load the user's profile, which does require the user's name. Thanks for this info though. I did go down that path, but then I tried something using a different users account in another session. I could open their process, but I could not open their process token. I was running at a higher privilege then they were.

    Basically on vista I created another "normal" account, that is a non-admin account. I opened notepad.exe. I switched to my account, where dev studio is running as Admin, and then I ran into the wall about opening their process token. I needed enough to duplicate it and create a new primary token to launch something, but could never get their token.

    Any ideas on that?

    All this trouble is because someone demanded I run my installer from an MSI package and that runs it as system which launches my programs as system so I need a way to counter that effect.
    Frankly, all this description looks like a mess... I don't get how all the things you mention relate to each other.

    Yeah, CreateProcessAsUser does not load the user's profile. And?.. Since you're talking about impersonating user in session 1, I can get from this the user is already logged in. And if yes, why do you need to load the profile that is already loaded???

    And regarding the open token thing. Are you talking about interactive process or SYSTEM? According to my sample I gave, LocalSystem account has no problem with opening tokens in user sessions.
    Best regards,
    Igor

  12. #12
    Join Date
    Sep 2004
    Posts
    1,361

    Re: Finding the user that owns a process.

    Ill look at this project you sent me, maybe it will clear it all up. However, in order to try and clear up what is going on, although your comment about loading a profile may be relevant.

    A LONG TIME AGO... (not in a galaxy far far away) I had an application that ran in user-space on windows XP. Then Vista was going to come out, clearly big changes were needed. So I decided to make my application a service since it would need higher privileges and not be bothered by UAC.

    My application communicated to the user via web pages. It is a network access control tool and the server (A Linux box) would tell me (the service) which pages to show. For example a page might say, "You do not have anti-virus software installed. The network admin requires anti-virus software. Here is a link or links to some free or site-licensed AV packages you can install."

    This had two major problems:
    1. Services ran in session 0 and session 0 had no GUI.
    2. If the services DID launch a web browser, it would be running as SYSTEM which is a BAD thing.

    At the time I tried to figure out how to launch an app as a service. I asked here and I asked on the official MSDN forums. I got code from a MSDN MVP. I tried it, and it DID NOT WORK.

    I tried impersonating a logged on user, then doing "shell execute" of the URL and guess what happened? A web browser opened, in session 0, which suddenly got a temporary GUI running as SYSTEM. This was using the exact code provided to my by this MVP guy. This was pre-service pack 1 vista.

    So I split my service into two parts. A client that ran in user space, which would be invoked by the startup menu when the user logged in, and then the service which started when the system booted up. The client launched web pages and gave me information from the user's point of view, like what his name was, was he remoting in, etc...

    Meanwhile we had been using install-shield. Install-shield sucks, but we paid like 1500 bucks for it AND they update the version 2x a year. They only support one previous version. Their installer was huge and took like 2 minutes to install our product and was not Vista compatable.

    I decide to write my own installer. In a few days I have it. It takes less then 1 second to install the product after you hit the install button, and the uninstaller is even faster and can be invoked via Add / Remove programs. So everything is cool. BTW part of the install is to invoke the client app and start the service.

    Now lets jump to a few weeks ago: Some admins want a MSI version of our installer. I do not know MSI and I do not have time to try and learn it. If I knew it, I could tell it to invoke an application as a user and not have this issue.

    So I wrap my installer in a very simple MSI package which will just run my installer with a /s switch meaning silent. Then we notice that my client is running as SYSTEM and thus begins the problem of how to launch my client as non-system, but as the user.

    Now this MSI for testing, is being run from my user space, not being pushed down in AD, so somehow it does launch my client in my session as SYSTEM.

    I use my own processes for testing and use impersonate user. There is a problem though. I can't tell if an application is running as an elevated version of me, or a non elevated version of me. BTW I am just testing my installer "raw" and not using the MSI because it would greatly slow down things. So I have an idea, create a non-admin user account, run notepad.exe in it, and do the same things I did for my user test I did before.

    Only this time, OpenProcess fails. I find out I need to assign myself debug prives, which I do and now I can OpenProcess on the other user's notepad.exe asking for full access. Next thing on the list: Get the process token.

    I can not open the process token no matter what I do. No token = No impersonation. Then I look at CreateProcessAsUser() it warns about not loading the user's profile which is why I asked about the user-name since LoadUserProfile needs a PROFILEINFO structure with a user name.

    OK so that part is moot. No longer needed as you have pointed it out. Now I am stuck on getting that process token. Maybe elevated Admin is not allowed to get a token from a "lesser" user in another session and all this would work if I were running as system.

    Anyhow, I have that zip file and ill look at when I get a chance, and if it works it will answer a question I have had for a long time. Maybe Vista SP1 did fix something, but I know before SP1, there was nothing on god's green earth I could do from a service to launch something in another user's session, as that user. I had lots of examples, when compiled and run, totally fail.

  13. #13
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,620

    Re: Finding the user that owns a process.

    There are several points in this. I replied to only first one: how to run a process from service in interactive session.

    Regarding InstallShield. I'm not sure what is 'Vista compatible', but still use IS7 packages in Vista as well and have no problem with this. Maybe you meant 'Vista certified'?

    I'm not MSI pro, so I have no guess about AD and all the stuff.

    And about Vista. I have tested the solution only on my home system, so I intend to test it once again on my workplace, in a few minutes.
    Best regards,
    Igor

  14. #14
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,620

    Re: Finding the user that owns a process.

    As it was supposed, all worked fine once again.
    Best regards,
    Igor

  15. #15
    Join Date
    Sep 2004
    Posts
    1,361

    Re: Finding the user that owns a process.

    I am sure it will work fine and Ill learn a lot. Ill probably put it in a folder for things to never forget. I am just really busy with other peoples problems and this is not a high priority anymore I guess.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured