How to get the owner of a process?

From: Sudhakar Govindavajhala (sudhakarg79_re_move_me_at_hotmail.com)
Date: 06/15/05 

Date: Wed, 15 Jun 2005 01:44:02 -0700

Hi there,

I am having trouble in finding out who the owner of a process is,
orogrammatically. Can someone help? I am admin of the machine and I am
running with debug privilege enabled. I am not able to open the process
token for me to query it.

This is my code:

int main(int argc, char **argv )
{

        if( argc != 2 ) {
                cerr << " usage: " << argv[0] << " <pid> " << endl;
                exit(1);
        }

        DWORD pid = atoi(argv[1]);

        HANDLE currentProcessToken = NULL ;
        

        if (!OpenProcessToken(GetCurrentProcess(),
                              TOKEN_ADJUST_PRIVILEGES,
                              &currentProcessToken ))
        {
                fprintf(stderr,"Failed OpenProcessToken\n");
                return FALSE;
        }
        

        BOOL ret = _SetPrivilege(currentProcessToken, "SeDebugPrivilege",
                            TRUE);

        if ( ret != TRUE ) {
                cerr << "setpriv failure in getting DebugPrivilege \n";
                CloseHandle(currentProcessToken);
                return FALSE;
        }

        HANDLE process = OpenProcess(PROCESS_ALL_ACCESS|PROCESS_QUERY_INFORMATION,
                        FALSE, // Do not inheric handle
                        pid);

        if ( process == NULL ) {
                cerr << "OpemProcess failed\n";
                exit(1);
        }

        cout << "Open Process works.. \n";

        HANDLE processToken = NULL;

        if ( OpenProcessToken(process, TOKEN_QUERY,
                              &processToken) == 0 ) {

                cerr << "OpenProcessToken failed";
                exit(1);
                
                
        }
        
        cout << "openprocesstoken works \n" ;

}

It works for lsass.exe. But it fails for alg.exe owned by NT Auth\Local
service. I get access denied error for alg.exe

thanks,
Sudhakar.

Can anyone guide me as to whats going on?

thanks,
Sudhakar.

Relevant Pages

  • Re: Question on XP network security
    ... I agree with you that giving them this access is a recipe for trouble. ... What type of script do you use, ... If you give everyone Admin access to the local machine ... >>security and support hasn't been an issue. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Locking an "Administrator" out of a directory.
    ... If someone takes ownership away from that person ... creator is no longer the owner. ... the admin could put the ownership back is to log in as that user (make them ... None of this involves the logs. ...
    (microsoft.public.win2000.security)
  • Re: Maybe its not the KVM
    ... > not the KVM at all. ... you have trouble determining what time the machine crashes. ... this the admin stayed late to try and figure out what was happening. ... what was wrong the vacuuming stopped and the cleaning person unplugged ...
    (Fedora)
  • Re: Cannot save link
    ... AumHa VSOP & Admin; DTS-L.org ... dialogue I see my Desktop in Explorer window! ... Other users on this computer do not have the trouble. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: system.mdw
    ... Id, give admin all the rights, and he would be able to do about anything EVEN ... thanks again....very helpful just to know that the owner was stored ... user, modified the user group permissions, etc. ... open my project, if the default mdw file is the "system.mdw", then ...
    (microsoft.public.access.security)