Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I determine the owner of a process in C#?

Tags:

c#

.net

process

I am looking for a process by the name of "MyApp.exe" and I want to make sure I get the process that is owned by a particular user.

I use the following code to get a list of the processes:

Process[] processes = Process.GetProcessesByName("MyApp"); 

This gives me a list of processes, but there does not appear to be a way in the Process class to determine who owns that process? Any thoughts on how I can do this?

like image 756
adeel825 Avatar asked Apr 22 '09 14:04

adeel825


People also ask

How do I find out the owner of a process?

Open the terminal window or app. To see only the processes owned by a specific user on Linux run: ps -u {USERNAME} Search for a Linux process by name run: pgrep -u {USERNAME} {processName} Another option to list processes by name is to run either top -U {userName} or htop -u {userName} commands.

Who owns PID?

The init process owns PID 1 and is solely responsible for starting and shutting down the system. Originally, process ID 1 was not specifically reserved for init by any technical measures: It simply had this ID as a natural consequence of being the first process that the kernel invoked.


2 Answers

You can use WMI to get the user owning a certain process. To use WMI you need to add a reference to the System.Management.dll to your project.

By process id:

public string GetProcessOwner(int processId) {     string query = "Select * From Win32_Process Where ProcessID = " + processId;     ManagementObjectSearcher searcher = new ManagementObjectSearcher(query);     ManagementObjectCollection processList = searcher.Get();      foreach (ManagementObject obj in processList)     {         string[] argList = new string[] { string.Empty, string.Empty };         int returnVal = Convert.ToInt32(obj.InvokeMethod("GetOwner", argList));         if (returnVal == 0)         {             // return DOMAIN\user             return argList[1] + "\\" + argList[0];         }     }      return "NO OWNER"; } 

By process name (finds the first process only, adjust accordingly):

public string GetProcessOwner(string processName) {     string query = "Select * from Win32_Process Where Name = \"" + processName + "\"";     ManagementObjectSearcher searcher = new ManagementObjectSearcher(query);     ManagementObjectCollection processList = searcher.Get();      foreach (ManagementObject obj in processList)     {         string[] argList = new string[] { string.Empty, string.Empty };         int returnVal = Convert.ToInt32(obj.InvokeMethod("GetOwner", argList));         if (returnVal == 0)         {             // return DOMAIN\user             string owner = argList[1] + "\\" + argList[0];             return owner;                }     }      return "NO OWNER"; } 
like image 67
Dirk Vollmar Avatar answered Oct 02 '22 14:10

Dirk Vollmar


Since WMI is not always a fast way of retrieving information, here is the native P/Invoke way of doing it:

The return value is null when unsuccessful. In order to get the names of processes running under the SYSTEM user, you need to execute this code as administrator.

private static string GetProcessUser(Process process) {     IntPtr processHandle = IntPtr.Zero;     try     {         OpenProcessToken(process.Handle, 8, out processHandle);         WindowsIdentity wi = new WindowsIdentity(processHandle);         string user = wi.Name;         return user.Contains(@"\") ? user.Substring(user.IndexOf(@"\") + 1) : user;     }     catch     {         return null;     }     finally     {         if (processHandle != IntPtr.Zero)         {             CloseHandle(processHandle);         }     } }  [DllImport("advapi32.dll", SetLastError = true)] private static extern bool OpenProcessToken(IntPtr ProcessHandle, uint DesiredAccess, out IntPtr TokenHandle); [DllImport("kernel32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool CloseHandle(IntPtr hObject); 
like image 32
bytecode77 Avatar answered Oct 02 '22 14:10

bytecode77