nimforum mirror - How to get process owner by pid?

Aquilao (orginal) [2022-03-10T07:37:44+01:00] view original

Hello,

I'm trying to use process id to query process owner on Windows. First I tried to use psutil-nim, but it seems to have stopped maintenance and related methods have failed. Then I tried to use GetOwner method of the Win32_Process class to do the job , although I can query the process name, and the GetOwner method returns 0 (success), but I don't know how to get the process owner from it.

this is my code

import winim/com

var user: string
var domain: string

echo "Getting processes"
var wmi = GetObject(r"winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
for i in wmi.execQuery("select * from win32_process"):
    echo i.handle, ", ", i.name
    echo i.GetOwner(user, domain)
    echo user, domain             # Does not print owner and domain, but returns empty string~

output：


......
9084, svchost.exe
0

7360, taskhostw.exe
0

1260, svchost.exe
0

6476, svchost.exe
0

9044, ctfmon.exe
0

9296, explorer.exe
0

9628, NVIDIA Web Helper.exe
0

9752, conhost.exe
0

9864, ChsIME.exe
0

9968, svchost.exe
0

10048, svchost.exe
0

......

I would like to know how to take out the process owner from this code, or if there is another way to achieve my purpose.

Thanks!

kobi (orginal) [2022-03-10T09:18:32+01:00] view original

I don't have windows here, but have you tried passing the variables by ref?

    echo i.GetOwner(ref user, ref domain)

ref

Aquilao (orginal) [2022-03-10T11:23:30+01:00] view original

First of all thank you for your help. I tried echo i.GetOwner(ref user, ref domain) ，but can't compile


Error: type expected

This is the modified code, can you point out the problem if it's convenient for you

import winim/com

var user: string
# var user: ref string
var domain: string
# var domain: ref string

echo "Getting processes"
var wmi = GetObject(r"winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
for i in wmi.execQuery("select * from win32_process"):
    echo i.handle, ", ", i.name
    echo i.GetOwner(ref user, ref domain)
    echo user, domain

Lecale (orginal) [2022-03-10T15:29:35+01:00] view original

I wasn't winim was supporting that. So you can actually get the holy trinity of processid, commandline, and processname through wmi. Sweet, I'd been wanting to get those with nim. Sadly I have no idea how to extract the strings you want, if you're getting a 0 return code that means success right?

Lecale (orginal) [2022-03-10T23:42:13+01:00] view original

I was just checking out the microsoft docs, and I think that this does the trick. Not sure f there is supposed to be a difference between Handle and ProcessId. But ParentProcessID should fit your needs, right?

#https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-process
import winim/com

var user: string
var domain: string

echo "Getting processes"
var wmi = GetObject(r"winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
for i in wmi.execQuery("select * from win32_process"):
    try:
        echo i.handle, ", ", i.name
        echo "PID:", i.ProcessId
        echo "ParentPID: ", i.ParentProcessId
        echo i.CommandLine
    except: discard

Aquilao (orginal) [2022-03-11T03:54:31+01:00] view original

Thank you for your help, but the parent process ID can't meet my needs, I need is the process owner, such as system, administrator, etc.

Msdn docs show me a method of the win32_process class can help us achieve this, but I can't get owner. even though return 0, it means success.

https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/getowner-method-in-class-win32-process

Mirror of forum.nim-lang.org

8995 :: How to get process owner by pid?