Code: Select all
Process, Exist, dwm.exe
PID := ErrorLevel
MsgBox, % "process: dwm.exe`nPID: " . PID . "`nuser: " . GetProcessOwner(PID, "user", true)
Process, Exist, dllhost.exe
PID := ErrorLevel
MsgBox, % "process: dllhost.exe`nPID: " . PID . "`nowner: " . GetProcessOwner(PID, "owner", true)
GetProcessOwner(PID, value, runAsAdmin := false) {
static PROCESS_QUERY_INFORMATION := 0x400, TOKEN_QUERY := 0x8
, TokenUser := 1, TokenOwner := 4, MAX_NAME := 32, isAdmin
if (runAsAdmin && !isAdmin)
IsAdminChecking(), SetDebugPrivilege(), isAdmin := true
if !hProcess := DllCall("OpenProcess", UInt, PROCESS_QUERY_INFORMATION, UInt, false, UInt, PID, Ptr)
Return ErrorHandling("OpenProcess")
if !DllCall("Advapi32\OpenProcessToken", Ptr, hProcess, UInt, TOKEN_QUERY, PtrP, hToken)
Return ErrorHandling("OpenProcessToken", hProcess)
tokenType := value = "user" ? TokenUser : TokenOwner
DllCall("Advapi32\GetTokenInformation", Ptr, hToken, Int, tokenType, Ptr, 0, Int, 0, UIntP, bites)
VarSetCapacity(buff, bites, 0)
if !DllCall("Advapi32\GetTokenInformation", Ptr, hToken, Int, tokenType, Ptr, &buff, Int, bites, UIntP, bites)
Return ErrorHandling("GetTokenInformation", hProcess, hToken)
VarSetCapacity(sName, MAX_NAME << !!A_IsUnicode, 0)
VarSetCapacity(sDomainName, MAX_NAME << !!A_IsUnicode, 0)
VarSetCapacity(szName, 4, 0), NumPut(MAX_NAME, szName)
if !DllCall( "Advapi32\LookupAccountSid", Ptr, 0, Ptr, NumGet(buff), Str, sName, Ptr, &szName
, Str, sDomainName, Ptr, &szName, IntP, SID_NAME_USE )
Return ErrorHandling("LookupAccountSid", hProcess, hToken)
DllCall("CloseHandle", Ptr, hProcess), DllCall("CloseHandle", Ptr, hToken)
Return sName
}
ErrorHandling(function, hProcess := "", hToken := "") {
MsgBox, % "Failed: " . function . "`nerror: " . SysError()
for k, v in [hProcess, hToken]
( v && DllCall("CloseHandle", Ptr, v) )
}
IsAdminChecking() {
restart := RegExMatch( DllCall("GetCommandLine", "str"), " /restart(?!\S)" )
if !(A_IsAdmin || restart) {
try {
if A_IsCompiled
Run *RunAs "%A_ScriptFullPath%" /restart
else
Run *RunAs "%A_AhkPath%" /restart "%A_ScriptFullPath%"
}
ExitApp
}
if (restart && !A_IsAdmin)
MsgBox, Failed to run as admin!
}
SetDebugPrivilege(enable := true) {
static PROCESS_QUERY_INFORMATION := 0x400, TOKEN_ADJUST_PRIVILEGES := 0x20, SE_PRIVILEGE_ENABLED := 0x2
hProc := DllCall("OpenProcess", UInt, PROCESS_QUERY_INFORMATION, Int, false, UInt, DllCall("GetCurrentProcessId"), Ptr)
DllCall("Advapi32\OpenProcessToken", Ptr, hProc, UInt, TOKEN_ADJUST_PRIVILEGES, PtrP, token)
DllCall("Advapi32\LookupPrivilegeValue", Ptr, 0, Str, "SeDebugPrivilege", Int64P, luid)
VarSetCapacity(TOKEN_PRIVILEGES, 16, 0)
NumPut(1, TOKEN_PRIVILEGES, "UInt")
NumPut(luid, TOKEN_PRIVILEGES, 4, "Int64")
NumPut(SE_PRIVILEGE_ENABLED, TOKEN_PRIVILEGES, 12, "UInt")
DllCall("Advapi32\AdjustTokenPrivileges", Ptr, token, Int, !enable, Ptr, &TOKEN_PRIVILEGES, UInt, 0, Ptr, 0, Ptr, 0)
res := A_LastError
DllCall("CloseHandle", Ptr, token)
DllCall("CloseHandle", Ptr, hProc)
Return res ; success — 0
}
SysError(ErrorNum = "") {
static FORMAT_MESSAGE_ALLOCATE_BUFFER := 0x100, FORMAT_MESSAGE_FROM_SYSTEM := 0x1000
(ErrorNum = "" && ErrorNum := A_LastError)
DllCall("FormatMessage", UInt, FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM
, UInt, 0, UInt, ErrorNum, UInt, 0, PtrP, pBuff, UInt, 512, Str, "")
Return (str := StrGet(pBuff)) ? str : ErrorNum
}