After logged on as ‘test’ account, I executed a program(notepad) as ‘abcd’ account with Rus as(CreateProcessAsUser) function.
In this situation, I obtained a owner(‘abcd’) of notepad process by using ZwQueryInformationToken(hToken, TokenUser, ~~~).
Then how can i get logged on user name(‘test’) or sid of notepad process?
Any advice would be helpful.
Thanks in advance.