如何获取进程所有者使用 WMI 请求

Question

我尝试使用 go-ole 库接收进程列表：

    package main

    import (
        "fmt"
        "github.com/go-ole/go-ole"
        "github.com/mattn/go-ole/oleutil"
    )


    func main() {
        ole.CoInitialize(0)
        defer ole.CoUninitialize()

        unknown, _ := oleutil.CreateObject("WbemScripting.SWbemLocator")
        defer unknown.Release()

        wmi, _ := unknown.QueryInterface(ole.IID_IDispatch)
        defer wmi.Release()

        serviceRaw, _ := oleutil.CallMethod(wmi, "ConnectServer")
        service := serviceRaw.ToIDispatch()
        defer service.Release()

        resultRaw, _ := oleutil.CallMethod(service, "ExecQuery", "SELECT * FROM Win32_Process")
        result := resultRaw.ToIDispatch()
        defer result.Release()

        countVar, _ := oleutil.GetProperty(result, "Count")
        count := int(countVar.Val)

        for i :=0; i < count; i++ {
            itemRaw, _ := oleutil.CallMethod(result, "ItemIndex", i)
            item := itemRaw.ToIDispatch()
            defer item.Release()

            processName, _ := oleutil.GetProperty(item, "Name")
            fmt.Println(processName.ToString())
        }
    }

但我无法接收进程的所有者，调用方法GetOwner

ownerRaw, _ := oleutil.CallMethod(item, "GetOwner")
fmt.Println(ownerRaw)

因为GetOwner返回值是int32

    uint32 GetOwner(
      [out] string User,
      [out] string Domain
    );

https://docs.microsoft.com/en-us/windows/desktop/cimwin32prov/getowner-method-in-class-win32-process

如何将所有者作为每个进程的字符串接收？

Answer 1

我花了一段时间才弄明白。

GetOwner 方法要求您传递两个字符串参数。这些字符串将包含方法调用的结果。

var user ole.VARIANT
var domain ole.VARIANT
res, err := oleutil.CallMethod(item, "GetOwner", &user, &domain)
fmt.Printf("user: %v\tdomain: %v", user.ToString(), domain.ToString())

要获得 SID，您需要做同样的事情：

 var sid ole.VARIANT
 res, err := oleutil.CallMethod(item, "GetOwnerSid", &sid)
 fmt.Printf("sid: %v\n", sid.ToString())