AutoHotkey Community

d = `n  ; string separator
s := 4096  ; size of buffers and arrays (4 KB)

Process, Exist  ; sets ErrorLevel to the PID of this running script
; Get the handle of this script with PROCESS_QUERY_INFORMATION (0x0400)
h := DllCall("OpenProcess", "UInt", 0x0400, "Int", false, "UInt", ErrorLevel)
; Open an adjustable access token with this process (TOKEN_ADJUST_PRIVILEGES = 32)
DllCall("Advapi32.dll\OpenProcessToken", "UInt", h, "UInt", 32, "UIntP", t)
VarSetCapacity(ti, 16, 0)  ; structure of privileges
NumPut(1, ti, 0, 4)  ; one entry in the privileges array...
; Retrieves the locally unique identifier of the debug privilege:
DllCall("Advapi32.dll\LookupPrivilegeValueA", "UInt", 0, "Str", "SeDebugPrivilege", "UIntP", luid)
NumPut(luid, ti, 4, 8)
NumPut(2, ti, 12, 4)  ; enable this privilege: SE_PRIVILEGE_ENABLED = 2
; Update the privileges of this process with the new access token:
DllCall("Advapi32.dll\AdjustTokenPrivileges", "UInt", t, "Int", false, "UInt", &ti, "UInt", 0, "UInt", 0, "UInt", 0)
DllCall("CloseHandle", "UInt", h)  ; close this process handle to save memory

MySIDsize:=255, VarSetCapacity(MySID,MySIDsize,0)
sDomainSize:=255, VarSetCapacity(sDomain,sDomainSize,0)
if( !dllCall("advapi32\LookupAccountNameA"   ,"uint",0,"str",A_UserName
   ,"uint",&MySID,"uint*",MySIDsize,"str",sDomain,"uint*",sDomainSize,"uint*",SIDtype))
   msgbox Cannot obtain SID for "%A_UserName%"

hModule := DllCall("LoadLibrary", "Str", "Psapi.dll")  ; increase performance by preloading the libaray
s := VarSetCapacity(a, s)  ; an array that receives the list of process identifiers:
DllCall("Psapi.dll\EnumProcesses", "UInt", &a, "UInt", s, "UIntP", r)
Loop, % r // 4  ; parse array for identifiers as DWORDs (32 bits):
{
   id := NumGet(a, A_Index * 4)
   ; open process with: PROCESS_QUERY_INFORMATION (0x0400) | PROCESS_VM_READ (0x0010) | READ_CONTROL
   h := DllCall("OpenProcess", "UInt", 0x0010 | 0x0400 | 0x20000, "Int", false, "UInt", id)

   bMyProcess=0
   if(0=dllcall("advapi32\GetSecurityInfo","uint",h, "uint",6,"uint",1
      ,"uintP",ppSIDowner,"uint",0,"uint",0,"uint",0,"uintP",ppSecuDsc))
      if ppSecuDsc
      {  bMyProcess:=DllCall("advapi32\EqualSid","uint",&MySID,"uint",ppSIDowner)
         dllCall("LocalFree","uint",ppSecuDsc)
      }

   if bMyProcess
   {
      s := VarSetCapacity(m, 2 << 9) ; for array of modules:
      DllCall("Psapi.dll\EnumProcessModules", "UInt", h, "UInt", &m, "UInt", s, "UIntP", r)
      s := VarSetCapacity(n, 32) ; for module base name:
      e := DllCall("Psapi.dll\GetModuleBaseNameA", "UInt", h, "UInt", m, "Str", n, "Chr", s)
      If n ; if image is not null add to list:
         l = %l%%n%%d%
   }
   DllCall("CloseHandle", "UInt", h) ; close process handle to save memory
}
DllCall("FreeLibrary", "UInt", hModule)  ; unload the library to free memory
; Remove the first and last items in the list (possibly ASCII signitures)
StringMid, l, l, InStr(l, d) + 1, InStr(l, d, false, 0) - 2 - InStr(l, d)
StringReplace, l, l, %d%, %d%, UseErrorLevel  ; gets the number of processes
;Sort, l, C  ; uncomment this line to sort the list alphabetically
MsgBox, 0, %ErrorLevel% Processes, %l%

SE_UNKNOWN_OBJECT_TYPE

    Unknown object type.
SE_FILE_OBJECT

    Indicates a file or directory. The name string that identifies a file or directory object can be in one of the following formats:

        * A relative path, such as FileName.dat or ..\FileName
        * An absolute path, such as FileName.dat, C:\DirectoryName\FileName.dat, or G:\RemoteDirectoryName\FileName.dat.
        * A UNC name, such as \\ComputerName\ShareName\FileName.dat.
        * A local file system root, such as \\\\.\\C:. Security set on a file system root does not persist when the system is restarted.

SE_SERVICE

    Indicates a Windows service. A service object can be a local service, such as ServiceName, or a remote service, such as \\ComputerName\ServiceName.
SE_PRINTER

    Indicates a printer. A printer object can be a local printer, such as PrinterName, or a remote printer, such as \\ComputerName\PrinterName.
SE_REGISTRY_KEY

    Indicates a registry key. A registry key object can be in the local registry, such as CLASSES_ROOT\SomePath or in a remote registry, such as \\ComputerName\CLASSES_ROOT\SomePath.

    The names of registry keys must use the following literal strings to identify the predefined registry keys: "CLASSES_ROOT", "CURRENT_USER", "MACHINE", and "USERS".
SE_LMSHARE

    Indicates a network share. A share object can be local, such as ShareName, or remote, such as \\ComputerName\ShareName.
SE_KERNEL_OBJECT

    Indicates a local kernel object.

    The GetSecurityInfo and SetSecurityInfo functions support all types of kernel objects. The GetNamedSecurityInfo and SetNamedSecurityInfo functions work only with the following kernel objects: semaphore, event, mutex, waitable timer, and file mapping.
SE_WINDOW_OBJECT

    Indicates a window station or desktop object on the local computer. You cannot use GetNamedSecurityInfo and SetNamedSecurityInfo with these objects because the names of window stations or desktops are not unique.
SE_DS_OBJECT

    Indicates a directory service object or a property set or property of a directory service object. The name string for a directory service object must be in X.500 form, for example:

    CN=SomeObject,OU=ou2,OU=ou1,DC=DomainName,DC=CompanyName,DC=com,O=internet
SE_DS_OBJECT_ALL

    Indicates a directory service object and all of its property sets and properties.
SE_PROVIDER_DEFINED_OBJECT

    Indicates a provider-defined object.
SE_WMIGUID_OBJECT

    Indicates a WMI object.
SE_REGISTRY_WOW64_32KEY

    Indicates an object for a registry entry under WOW64.

d = `n ; string separator
s := VarSetCapacity(a, 2 << 9) ; 1KiB for array

MySIDsize:=255, VarSetCapacity(MySID,MySIDsize,0)
sDomainSize:=255, VarSetCapacity(sDomain,sDomainSize,0)
if( !dllCall("advapi32\LookupAccountNameA"   ,"uint",0,"str",A_UserName
   ,"uint",&MySID,"uint*",MySIDsize,"str",sDomain,"uint*",sDomainSize,"uint*",SIDtype))
   msgbox Cannot obtain SID for "%A_UserName%"

hModule := DllCall("LoadLibrary", "Str", "Psapi.dll") ; for speed
; get array of processes and parse identifiers as DWORDs:
DllCall("Psapi.dll\EnumProcesses", "UInt", &a, "UInt", s, "UIntP", r)
Loop, % r // 4 {
   id := NumGet(a, A_Index * 4)
   ; open process with: PROCESS_QUERY_INFORMATION (0x0400) | PROCESS_VM_READ (0x0010) | READ_CONTROL
   h := DllCall("OpenProcess", "UInt", 0x0010 | 0x0400 | 0x20000, "Int", false, "UInt", id)

   bMyProcess=0
   if(0=dllcall("advapi32\GetSecurityInfo","uint",h, "uint",6,"uint",1
      ,"uintP",ppSIDowner,"uint",0,"uint",0,"uint",0,"uintP",ppSecuDsc))
      if ppSecuDsc
      {  bMyProcess:=DllCall("advapi32\EqualSid","uint",&MySID,"uint",ppSIDowner)
         dllCall("LocalFree","uint",ppSecuDsc)
      }

   if bMyProcess
   {
      s := VarSetCapacity(m, 2 << 9) ; for array of modules:
      DllCall("Psapi.dll\EnumProcessModules", "UInt", h, "UInt", &m, "UInt", s, "UIntP", r)
      s := VarSetCapacity(n, 32) ; for module base name:
      e := DllCall("Psapi.dll\GetModuleBaseNameA", "UInt", h, "UInt", m, "Str", n, "Chr", s)
      If n ; if image is not null add to list:
         l = %l%%n%%d%
   }
   DllCall("CloseHandle", "UInt", h) ; close process handle to save memory
}
DllCall("FreeLibrary", "UInt", hModule) ; free memory
StringTrimLeft, l, l, InStr(l, d) ; remove first item (ASCII sig?)
Msgbox, %l%

d = `n  ; string separator
s := 4096  ; size of buffers and arrays (4 KB)

Process, Exist  ; sets ErrorLevel to the PID of this running script
; Get the handle of this script with PROCESS_QUERY_INFORMATION (0x0400)
h := DllCall("OpenProcess", "UInt", 0x0400, "Int", false, "UInt", ErrorLevel)
; Open an adjustable access token with this process (TOKEN_ADJUST_PRIVILEGES = 32)
DllCall("Advapi32.dll\OpenProcessToken", "UInt", h, "UInt", 32, "UIntP", t)
VarSetCapacity(ti, 16, 0)  ; structure of privileges
NumPut(1, ti, 0, 4)  ; one entry in the privileges array...
; Retrieves the locally unique identifier of the debug privilege:
DllCall("Advapi32.dll\LookupPrivilegeValueA", "UInt", 0, "Str", "SeDebugPrivilege", "UIntP", luid)
NumPut(luid, ti, 4, 8)
NumPut(2, ti, 12, 4)  ; enable this privilege: SE_PRIVILEGE_ENABLED = 2
; Update the privileges of this process with the new access token:
DllCall("Advapi32.dll\AdjustTokenPrivileges", "UInt", t, "Int", false, "UInt", &ti, "UInt", 0, "UInt", 0, "UInt", 0)
DllCall("CloseHandle", "UInt", h)  ; close this process handle to save memory

MySIDsize:=255, VarSetCapacity(MySID,MySIDsize,0)
sDomainSize:=255, VarSetCapacity(sDomain,sDomainSize,0)
if( !dllCall("advapi32\LookupAccountNameA"   ,"uint",0,"str",A_UserName
   ,"uint",&MySID,"uint*",MySIDsize,"str",sDomain,"uint*",sDomainSize,"uint*",SIDtype))
   msgbox Cannot obtain SID for "%A_UserName%"

hModule := DllCall("LoadLibrary", "Str", "Psapi.dll")  ; increase performance by preloading the libaray
s := VarSetCapacity(a, s)  ; an array that receives the list of process identifiers:
DllCall("Psapi.dll\EnumProcesses", "UInt", &a, "UInt", s, "UIntP", r)
Loop, % r // 4  ; parse array for identifiers as DWORDs (32 bits):
{
   id := NumGet(a, A_Index * 4)
   ; open process with: PROCESS_QUERY_INFORMATION (0x0400) | PROCESS_VM_READ (0x0010) | READ_CONTROL
   h := DllCall("OpenProcess", "UInt", 0x0010 | 0x0400 | 0x20000, "Int", false, "UInt", id)

   bMyProcess=0
   if(0=dllcall("advapi32\GetSecurityInfo","uint",h, "uint",6,"uint",1
      ,"uintP",ppSIDowner,"uint",0,"uint",0,"uint",0,"uintP",ppSecuDsc))
      if ppSecuDsc
      {  bMyProcess:=DllCall("advapi32\EqualSid","uint",&MySID,"uint",ppSIDowner)
         dllCall("LocalFree","uint",ppSecuDsc)
      }

   if bMyProcess
   {
      s := VarSetCapacity(m, 2 << 9) ; for array of modules:
      DllCall("Psapi.dll\EnumProcessModules", "UInt", h, "UInt", &m, "UInt", s, "UIntP", r)
      s := VarSetCapacity(n, 32) ; for module base name:
      e := DllCall("Psapi.dll\GetModuleBaseNameA", "UInt", h, "UInt", m, "Str", n, "Chr", s)
      If n ; if image is not null add to list:
         l = %l%%n%%d%
   }
   DllCall("CloseHandle", "UInt", h) ; close process handle to save memory
}
DllCall("FreeLibrary", "UInt", hModule)  ; unload the library to free memory
; Remove the first and last items in the list (possibly ASCII signitures)
StringMid, l, l, InStr(l, d) + 1, InStr(l, d, false, 0) - 2 - InStr(l, d)
StringReplace, l, l, %d%, %d%, UseErrorLevel  ; gets the number of processes
;Sort, l, C  ; uncomment this line to sort the list alphabetically
MsgBox, 0, %ErrorLevel% Processes, %l%