CODEWITHSUNDEEP
goprocesswmiole
Ceres
Ceres

Reputation: 1

How get process owner use WMI request

I try to receive the list of processes using go-ole library:


    package main

    import (
        "fmt"
        "github.com/go-ole/go-ole"
        "github.com/mattn/go-ole/oleutil"
    )


    func main() {
        ole.CoInitialize(0)
        defer ole.CoUninitialize()

        unknown, _ := oleutil.CreateObject("WbemScripting.SWbemLocator")
        defer unknown.Release()

        wmi, _ := unknown.QueryInterface(ole.IID_IDispatch)
        defer wmi.Release()

        serviceRaw, _ := oleutil.CallMethod(wmi, "ConnectServer")
        service := serviceRaw.ToIDispatch()
        defer service.Release()

        resultRaw, _ := oleutil.CallMethod(service, "ExecQuery", "SELECT * FROM Win32_Process")
        result := resultRaw.ToIDispatch()
        defer result.Release()

        countVar, _ := oleutil.GetProperty(result, "Count")
        count := int(countVar.Val)

        for i :=0; i < count; i++ {
            itemRaw, _ := oleutil.CallMethod(result, "ItemIndex", i)
            item := itemRaw.ToIDispatch()
            defer item.Release()

            processName, _ := oleutil.GetProperty(item, "Name")
            fmt.Println(processName.ToString())
        }
    }

but I cannot receive the owner of process, call method GetOwner

ownerRaw, _ := oleutil.CallMethod(item, "GetOwner")
fmt.Println(ownerRaw)

because GetOwner return value is int32


    uint32 GetOwner(
      [out] string User,
      [out] string Domain
    );

https://learn.microsoft.com/en-us/windows/desktop/cimwin32prov/getowner-method-in-class-win32-process

How it is possible to receive the owner as string for each process?

Upvotes: 0

Views: 500

Answers (1)

Sopwith
Sopwith

Reputation: 11

It took me a while to figure this out.

The GetOwner method is expecting you to pass two string parameters. These strings will contain the results of the method call.

var user ole.VARIANT
var domain ole.VARIANT
res, err := oleutil.CallMethod(item, "GetOwner", &user, &domain)
fmt.Printf("user: %v\tdomain: %v", user.ToString(), domain.ToString())

To get the SID you do the same thing:

 var sid ole.VARIANT
 res, err := oleutil.CallMethod(item, "GetOwnerSid", &sid)
 fmt.Printf("sid: %v\n", sid.ToString())

Upvotes: 1

Related Questions