Mit meiner Standard-Funktion komme ich nicht an den Account vom System-Prozeß;<br>
"Zugriff verweigert" bei OpenProcessToken;<br>
deswegen meine Frage, ob jemand andere Wege kennt als über das User-Token.<p>
Die Funktion der vollständigkeithalber...<p>
<pre><p><b>function</b> GetTokenUserAndDomain(Token: THandle; <b>out</b> Name, Domain: <b>string</b>): BOOL;
<b>type</b>
PTokenUser = ^TTokenUser;
TTokenUser = <b>record</b>
User: TSIDAndAttributes;
<b>end</b>;
<b>var</b>
Heap: THandle;
User: PTokenUser;
Size: DWORD;
NLen: DWORD;
DLen: DWORD;
SUse: SID_NAME_USE;
<b>begin</b>
Result := False;
Name := '';
Domain := '';
Heap := GetProcessHeap;
Size := 0;
<b>if</b> (Heap <> 0) <b>and not</b> GetTokenInformation(Token, TokenUser, <b>nil</b>, 0, Size) <b>and</b>
(GetLastError = ERROR_INSUFFICIENT_BUFFER) <b>and</b> (Size > 0) <b>then</b>
<b>begin</b>
User := HeapAlloc(Heap, 0, Size);
<b>if</b> User <> <b>nil then</b>
<b>try</b>
<b>if</b> GetTokenInformation(Token, TokenUser, User, Size, Size) <b>then</b>
<b>begin</b>
NLen := 0;
DLen := 0;
LookupAccountSid(<b>nil</b>, User.User.Sid, <b>nil</b>, NLen, <b>nil</b>, DLen, SUse);
<b>if</b> (NLen > 0) <b>and</b> (DLen > 0) <b>then</b>
<b>begin</b>
SetLength(Name, NLen);
SetLength(Domain, DLen);
Result := LookupAccountSid(<b>nil</b>, User.User.Sid, @Name[1], NLen,
@Domain[1], DLen, SUse);
<b>if not</b> Result <b>then</b>
<b>begin</b>
NLen := 0;
DLen := 0;
<b>end</b>;
SetLength(Name, NLen);
SetLength(Domain, DLen);
<b>end</b>;
<b>end</b>;
<b>finally</b>
HeapFree(Heap, 0, User);
<b>end</b>;
<b>end</b>;
<b>end</b>;
<p>
<b>function</b> GetProcessAccountAsString(ProcessId: DWORD): <b>string</b>;
<b>var</b>
Process: THandle;
Token: THandle;
Domain: <b>string</b>;
Username: <b>string</b>;
<b>begin</b>
Result := '';
Process := OpenProcess(PROCESS_QUERY_INFORMATION, False, ProcessId);
<b>if</b> Process <> 0 <b>then</b>
<b>try</b>
<b>if</b> OpenProcessToken(Process, TOKEN_QUERY, Token) <b>then</b>
<b>try</b>
<b>if</b> GetTokenUserAndDomain(Token, Username, Domain) <b>then</b>
Result := Domain + '\' + Username;
<b>finally</b>
CloseHandle(Token);
<b>end</b>;
<b>finally</b>
CloseHandle(Process);
<b>end</b>;
<b>end</b>;
<p>
<i>// test</i>
<b>procedure</b> TForm1.Button1Click(Sender: TObject);
<b>begin</b>
ShowMessage(GetProcessAccountAsString(GetCurrentPr ocessId));
<b>end</b>;<p></pre>
Gruß Nico
"Zugriff verweigert" bei OpenProcessToken;<br>
deswegen meine Frage, ob jemand andere Wege kennt als über das User-Token.<p>
Die Funktion der vollständigkeithalber...<p>
<pre><p><b>function</b> GetTokenUserAndDomain(Token: THandle; <b>out</b> Name, Domain: <b>string</b>): BOOL;
<b>type</b>
PTokenUser = ^TTokenUser;
TTokenUser = <b>record</b>
User: TSIDAndAttributes;
<b>end</b>;
<b>var</b>
Heap: THandle;
User: PTokenUser;
Size: DWORD;
NLen: DWORD;
DLen: DWORD;
SUse: SID_NAME_USE;
<b>begin</b>
Result := False;
Name := '';
Domain := '';
Heap := GetProcessHeap;
Size := 0;
<b>if</b> (Heap <> 0) <b>and not</b> GetTokenInformation(Token, TokenUser, <b>nil</b>, 0, Size) <b>and</b>
(GetLastError = ERROR_INSUFFICIENT_BUFFER) <b>and</b> (Size > 0) <b>then</b>
<b>begin</b>
User := HeapAlloc(Heap, 0, Size);
<b>if</b> User <> <b>nil then</b>
<b>try</b>
<b>if</b> GetTokenInformation(Token, TokenUser, User, Size, Size) <b>then</b>
<b>begin</b>
NLen := 0;
DLen := 0;
LookupAccountSid(<b>nil</b>, User.User.Sid, <b>nil</b>, NLen, <b>nil</b>, DLen, SUse);
<b>if</b> (NLen > 0) <b>and</b> (DLen > 0) <b>then</b>
<b>begin</b>
SetLength(Name, NLen);
SetLength(Domain, DLen);
Result := LookupAccountSid(<b>nil</b>, User.User.Sid, @Name[1], NLen,
@Domain[1], DLen, SUse);
<b>if not</b> Result <b>then</b>
<b>begin</b>
NLen := 0;
DLen := 0;
<b>end</b>;
SetLength(Name, NLen);
SetLength(Domain, DLen);
<b>end</b>;
<b>end</b>;
<b>finally</b>
HeapFree(Heap, 0, User);
<b>end</b>;
<b>end</b>;
<b>end</b>;
<p>
<b>function</b> GetProcessAccountAsString(ProcessId: DWORD): <b>string</b>;
<b>var</b>
Process: THandle;
Token: THandle;
Domain: <b>string</b>;
Username: <b>string</b>;
<b>begin</b>
Result := '';
Process := OpenProcess(PROCESS_QUERY_INFORMATION, False, ProcessId);
<b>if</b> Process <> 0 <b>then</b>
<b>try</b>
<b>if</b> OpenProcessToken(Process, TOKEN_QUERY, Token) <b>then</b>
<b>try</b>
<b>if</b> GetTokenUserAndDomain(Token, Username, Domain) <b>then</b>
Result := Domain + '\' + Username;
<b>finally</b>
CloseHandle(Token);
<b>end</b>;
<b>finally</b>
CloseHandle(Process);
<b>end</b>;
<b>end</b>;
<p>
<i>// test</i>
<b>procedure</b> TForm1.Button1Click(Sender: TObject);
<b>begin</b>
ShowMessage(GetProcessAccountAsString(GetCurrentPr ocessId));
<b>end</b>;<p></pre>
Gruß Nico
Comment