How can we get the list of applications runned by a particular user?
like MS Word, MS powerpoint, notepad used by administrator and also provide examples. Plz help me out pals

Where are you Andreas,NoHERO and the rest of the experts

plz provide me examples as well

I have a couple of suggestions.

1. You can write an application that runs in the background (system tray, or whatever) and monitors any current/new processes by polling the system every so often using the PSAPI functions like EnumProcesses() or the Tool Help library functions like CreateToolhelp32Snapshot().

2. To be notified of process events as they occur, you can write a device driver. This will eliminate the need to poll the system at random but is a more difficult task.

Or something like this:


#include <windows.h>
#include <stdio.h>
#include "psapi.h"
#pragma comment(lib, "psapi.lib")

void PrintProcessNameAndMore( DWORD processID )
{
char szProcessName[MAX_PATH] = "unknown";
char szProcessUser[1024] = "unknown";
char szProcessDomain[1024] = "unknown";

// Get a handle to the process.
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID );

// Get the process name.
if (NULL != hProcess )
{
HMODULE hMod;
DWORD cbNeeded;

if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) )
{
GetModuleBaseName( hProcess, hMod, szProcessName, sizeof(szProcessName) );
}
else return;
}
else return;

// Get the process token
HANDLE hToken;
if (!OpenProcessToken(hProcess, TOKEN_QUERY, &hToken))
return;

DWORD dwLength = 0;
TOKEN_INFORMATION_CLASS ticUser = TokenUser;
PTOKEN_USER pTU = NULL;

// Get length of token information
GetTokenInformation(hToken, ticUser, (LPVOID)pTU, 0, &dwLength);

// Allocate memory for the token info
pTU = (PTOKEN_USER)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength);

// Get the token information
GetTokenInformation(hToken, ticUser, pTU, dwLength, &dwLength);

// Do a lookup on the returned Sid to get domain & user name
SID_NAME_USE snu;
DWORD dwUserSize = 1024;
DWORD dwDomainSize = 1024;
LookupAccountSid(NULL, pTU->User.Sid, szProcessUser, &dwUserSize, szProcessDomain, &dwDomainSize, &snu);

// Clean up (probably missed something here...)
HeapFree(GetProcessHeap(), 0, pTU);
CloseHandle(hToken);
CloseHandle( hProcess );

// Print the process name and more.
printf( "%s (Process ID: %u, User Domain: %s, User Name: %s)\n", szProcessName, processID, szProcessDomain, szProcessUser);

}

int main(char* argv[], int argc )
{
// Get the list of process identifiers.

DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;

if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
return 0;

// Calculate how many process identifiers were returned.

cProcesses = cbNeeded / sizeof(DWORD);

// Print the name and process identifier for each process.

for ( i = 0; i < cProcesses; i++ )
PrintProcessNameAndMore( aProcesses[i] );
}


- petter

Enumerating Windows Processes (http://www.alexfedotov.com/articles/enumproc.asp)...

Enumerating Windows Processes (http://www.alexfedotov.com/articles/enumproc.asp)...
Great link, though something very important is missing from this code he has posted... :)

BOOL MyEnumProcesses(
IN PFNENUMPROC pfnEnumProc,
IN LPARAM lParam
)
{
OSVERSIONINFO osvi;
osvi.dwOSVersionInfoSize = sizeof(osvi);

if (osvi.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS)
return EnumProcesses_ToolHelp(pfnEnumProc, lParam);
else if (osvi.dwPlatformId == VER_PLATFORM_WIN32_NT)
return EnumProcesses_PsApi(pfnEnumProc, lParam);
else
return SetLastError(ERROR_CALL_NOT_IMPLEMENTED), FALSE;
}

Thanks buddies , for ur wonderful and help ful replies . Yes i know about EnumProcess() systm call. But i want to enumerate only applications as in Task Manager of XP and Windows 2000.
Do u ppl know anything about that

Thanks buddies , for ur wonderful and help ful replies . Yes i know about EnumProcess() systm call. But i want to enumerate only applications as in Task Manager of XP and Windows 2000.
Do u ppl know anything about that
In that case, you may be more interested in EnumWindows() or EnumDesktopWindows().

But i want to enumerate only applications as in Task Manager of XP and Windows 2000.
The same way...however...if the following will help to get you more comfortable... ;)

How To Enumerate Applications Using Win32 APIs (http://support.microsoft.com/default.aspx?scid=kb;en-us;175030)

Again Thanks a million for the support, now "PLZ show me the example of the program that uses EnumWindows() API" . So that i can see how this wonderful api is called and used .
GOD bless u all

EnumWindows () api is used to enumerate the appliations running on the system.
PLz give me an example how this api is implemented or used
Thanks

Here you go. This is a little program that closes any open Internet Explorer windows. Good for when the boss pops into your cube...


#define WIN32_LEAN_AND_MEAN
#include <windows.h>

BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam);

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR pCmdLine, int iCmdShow)
{
// Enumerate all open windows, looking for IE instances...
EnumWindows(EnumWindowsProc, NULL);

return 0;
}

BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam)
{
// Is this an IE window?
TCHAR szClass[80];
GetClassName(hwnd, szClass, sizeof(szClass) / sizeof(TCHAR));

if (lstrcmpi(szClass, "IEFrame") == 0)
{
// Yep. Close it...
PostMessage(hwnd, WM_CLOSE, 0, 0);
}

// Keep enumerating...
return TRUE;
}

[ Merged threads ]

My dear Bond your code gives the following error

fatal error C1010: unexpected end of file while looking for precompiled header directive


Why is that so? plz post the code the runs and also displays the names of the applications in the system.

P.S :- I can understand that i can be making a blunder but plz be patient with me as i am a newbee thanks and explain

Most Common Causes of C1010 Error (http://support.microsoft.com/default.aspx?scid=kb;en-us;815644)...