a ques

Albert · March 30, 2006, 4:37am

hello expert,

is there a way in my driver to get the user name from the process ID/process
name?

amitr0-2 · March 30, 2006, 11:22am

now that you mention, even I am curious, is there a way…???

Peter_Viscarola_OSR · March 30, 2006, 1:03pm

Please try searching the archives. This is a recording.

(I was successful using “Username process id” and “user name process id” in both NTDEV and NTFSD.)

Please try searching the archives. This is a recording.

Peter
OSR

amitr0-2 · March 31, 2006, 1:21am

oops, I would beg to apologise, but peter, I posted this mail after I went
through these threads. Actually, there was a lot of material about getting
stuff from the SID, but I have two doubts, they never actually say about
getting it from the kernel mode (or have I missed the thread), after
acquiring the SID I need user mode help, that is what I dont want, I need a
total kernel mode solution.

Albert · March 31, 2006, 1:24am

ok, i will read it up and then post. thanks

Peter_Viscarola_OSR · March 31, 2006, 9:41am

You failed to mention that in your posting. Well, I “need” a lot of things. A villa in Tuscany and a web searchable set of kernel sources would be good to start. Doesn’t mean I’ll GET these things, though, right?

The kernel/user solution is described clearly at:
http://www.osronline.com/showThread.cfm?link=323

Mr. Shatskih supplies what I think is the definitive answer here, saying “forget about it and use the SID”:
http://www.osronline.com/showThread.cfm?link=56682

Peter
OSR

amitr0-2 · March 31, 2006, 11:42am

Hi Peter (others),

I have a question regarding SIDs.

Does every account have SID. For example, processes running as SYSTEM,
LOCAL_SERVICE and NETROWK_SERVICE, do these accounts have SIDs too?

Don_Burn_1 · March 31, 2006, 11:49am

Yes they do. In fact there are a bunch of “well known sids” see the
ntddk.h for this.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

“amitr0” wrote in message news:xxxxx@ntdev…
Hi Peter (others),

I have a question regarding SIDs.

Does every account have SID. For example, processes running as SYSTEM,
LOCAL_SERVICE and NETROWK_SERVICE, do these accounts have SIDs too?

amitr0-2 · March 31, 2006, 11:59am

Thanks Don

Maxim_S_Shatskih · April 9, 2006, 2:06pm

I would suggest the driver to never ever deal with user names at all. Use
the SIDs instead. The user names are needed in the UI level only, and so the
username <-> SID mapping code belongs to the UI and not to the driver.

Also note that LookupAccountName/SID require an RPC call to the domain
controller, so, nearly not implementable in the driver at all. Once more - move
this code to the UI, and deal with SIDs only in all other modules of your
product.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “A P”
To: “Windows System Software Devs Interest List”
Sent: Thursday, March 30, 2006 1:37 PM
Subject: [ntdev] a ques

hello expert,

is there a way in my driver to get the user name from the process ID/process
name?

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Maxim_S_Shatskih · April 9, 2006, 4:32pm

>Does every account have SID. For example, processes running as SYSTEM,

LOCAL_SERVICE and NETROWK_SERVICE, do these accounts have too?

Surely yes. These SIDs are well-known values listed in the docs somewhere.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com