How I can query logon type of the running process?

StackOverflow https://stackoverflow.com/questions/13102750

Question

I want at least to distinguish cases when my software is being ran as batch job (LOGON32_LOGON_BATCH) from being ran interactively (LOGON32_LOGON_INTERACTIVE).

Was it helpful?

Solution 

HANDLE hToken;
// Open the current process's token
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
{
    // Get the token statistics, which include the logon session id
    TOKEN_STATISTICS stats;
    DWORD length;
    if (GetTokenInformation(hToken, TokenStatistics, &stats, sizeof(stats), &length))
    {
        // Get data about the logon session, which includes the logon type
        PSECURITY_LOGON_SESSION_DATA pData;
        if (LsaGetLogonSessionData(&stats.AuthenticationId, &pData) == 0)
        {
            // From SECURITY_LOGON_TYPE enumeration
            switch (pData->LogonType)
            {
            case Interactive:
                wprintf(L"Interactive\n");
                break;
            case Batch:
                wprintf(L"Batch\n");
                break;
            default:
                wprintf(L"Other: %i\n", pData->LogonType);
                break;
            }
            LsaFreeReturnBuffer(pData);
        }
    }
    CloseHandle(hToken);
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top