#include#include #include #include using namespace std; int main() { HRESULT hres; IWbemLocator* pLoc = NULL; hres = CoInitializeEx(0, COINIT_MULTITHREADED); hres = CoCreateInstance(CLSID_WbemLocator, 0, CLSCTX_INPROC_SERVER, IID_IWbemLocator, (LPVOID*)&pLoc); IWbemServices* pSvc = NULL; hres = pLoc->ConnectServer(_bstr_t(L"ROOT\\CIMV2"), NULL, NULL, 0, NULL, 0, 0, &pSvc); hres = CoSetProxyBlanket(pSvc, RPC_C_AUTHN_DEFAULT, RPC_C_AUTHZ_DEFAULT, NULL, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE); IEnumWbemClassObject* pEnumerator = NULL; hres = pSvc->ExecQuery(bstr_t("WQL"), bstr_t("SELECT * FROM Win32_Process"), WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY, NULL, &pEnumerator); IWbemClassObject* pclsObj = NULL; ULONG uReturn = 0; while (pEnumerator) { hres = pEnumerator->Next(WBEM_INFINITE, 1, &pclsObj, &uReturn); if (uReturn == 0) break; VARIANT var; hres = pclsObj->Get(L"Handle", 0, &var, NULL, NULL); LONG pid; HANDLE hProcess; sscanf_s(var.bstrVal, L"%d", &pid); hProcess = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pid); WCHAR owner[1024]; DWORD cchOwner = 1024; if (hProcess && GetProcessHandleOwner(hProcess, owner, &cchOwner)) { wcout << L"Process Owner: " << owner << endl; } CloseHandle(hProcess); VariantClear(&var); } pSvc->Release(); pLoc->Release(); pEnumerator->Release(); pclsObj->Release(); CoUninitialize(); return 0; }
#includeThe GetOwner method is a part of the Wbemcli.lib package library.#include #include using namespace std; int main() { HRESULT hres; IWbemLocator* pLoc = NULL; hres = CoInitializeEx(0, COINIT_MULTITHREADED); hres = CoCreateInstance(CLSID_WbemLocator, 0, CLSCTX_INPROC_SERVER, IID_IWbemLocator, (LPVOID*)&pLoc); IWbemServices* pSvc = NULL; hres = pLoc->ConnectServer(_bstr_t(L"ROOT\\CIMV2"), NULL, NULL, 0, NULL, 0, 0, &pSvc); hres = CoSetProxyBlanket(pSvc, RPC_C_AUTHN_DEFAULT, RPC_C_AUTHZ_DEFAULT, NULL, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE); IWbemClassObject* pclsObj = NULL; hres = pSvc->GetObject(L"CIM_DataFile", 0, NULL, &pclsObj, NULL); IWbemClassObject* pclsInstance = NULL; hres = pclsObj->SpawnInstance(0, &pclsInstance); VARIANT vtProp; VariantInit(&vtProp); vtProp.vt = VT_BSTR; vtProp.bstrVal = SysAllocString(L"C:\\Windows\\notepad.exe"); hres = pclsInstance->Put(L"Name", 0, &vtProp, CIM_STRING); hres = pclsInstance->Put(L"FileType", 0, &vtProp, CIM_STRING); hres = pSvc->ExecMethod(_bstr_t(L"CIM_DataFile"), _bstr_t(L"GetSecurityDescriptor"), 0, NULL, pclsInstance, NULL, NULL); VARIANT vtSecurityDescriptor; VariantInit(&vtSecurityDescriptor); hres = pclsInstance->Get(L"Descriptor", 0, &vtSecurityDescriptor, NULL, NULL); PSID pOwnerSid = NULL; DWORD dwOwnerSize = 0; if (GetSecurityDescriptorOwner(vtSecurityDescriptor.bstrVal, &pOwnerSid, &dwOwnerSize)) { WCHAR szUserName[1024], szDomainName[1024]; DWORD dwNameSize = 1024; if (LookupAccountSid(NULL, pOwnerSid, szUserName, &dwNameSize, szDomainName, &dwNameSize, NULL)) { wcout << L"File Owner: " << szDomainName << "\\" << szUserName << endl; } LocalFree(pOwnerSid); } VariantClear(&vtProp); VariantClear(&vtSecurityDescriptor); pclsObj->Release(); pclsInstance->Release(); pSvc->Release(); pLoc->Release(); CoUninitialize(); return 0; }