用WMI吧:
一个按钮,一个listbox:
Private Sub Command1_Click()
Dim strComputer As String
Dim objWMIService, colProcessList, objProcess
Dim strUserDomain
Dim strNameOfUser
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set colProcessList = objWMIService.ExecQuery _
("Select * from Win32_Process")
For Each objProcess In colProcessList
Call objProcess.GetOwner(strNameOfUser, strUserDomain)
List1.AddItem "Pid=" & CStr(objProcess.Handle) & " ProcessName=" & objProcess.Name & " Domain\User=" & strUserDomain & "\" & strNameOfUser
Next
End Sub
Private Function GetPrcUserName(ByVal pid As Long) As String
Dim hProcessID As Long
Dim hToken As Long
Dim res As Long
Dim cbBuff As Long
Dim tiLen As Long
Dim TU As TOKEN_USER
Dim cnt As Long
Dim sAcctName2 As String
Dim cbAcctName As Long
Dim sDomainName As String
Dim cbDomainName As Long
Dim peUse As Long
Dim barr() As Byte
If pid = 0 Or pid = 4 Then
GetPrcUserName = "SYSTEM"
Exit Function
End If
hProcessID = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, pid)
If hProcessID <> 0 Then
If OpenProcessToken(hProcessID, TOKEN_QUERY, hToken) = 1 Then
res = GetTokenInformation(hToken, TokenUser, ByVal 0, tiLen, cbBuff)
If res = 0 And cbBuff > 0 Then
tiLen = cbBuff
If cbBuff > Len(TU) Then Exit Function
res = GetTokenInformation(hToken, TokenUser, TU, tiLen, cbBuff)
If res = 1 And tiLen > 0 Then
sAcctName2 = Space$(255)
sDomainName = Space$(255)
cbAcctName = 255
cbDomainName = 255
res = LookupAccountSid(vbNullString, TU.User.SID, sAcctName2, cbAcctName, sDomainName, cbDomainName, peUse)
GetPrcUserName = Replace(Trim(sAcctName2), Chr(0), "")
End If
End If
Else
GetPrcUserName = "无法获取该进程的用户名"
End If
If hToken Then CloseHandle hToken
CloseHandle hProcessID
End If
哦,没说清楚啊!
就是我要用 OpenProcessToken(hPID, TOKEN_QUERY, hToken) 获得进程访问令牌的句柄,但目前只能对属于 SYSTEM 和 Administrator (我的登陆名) 用户的进程有效,而对于其它进程就不行了(比如通过远程桌面登陆到我系统的用户所执行的进程,还有就是属于 LOCAL SERVICE 和 NETWORK SERVICE 用户的进程)。这个能有什么办法解决吗?