According the document sample Finding the Owner of a File Object in C++, You can use GetSecurityInfo and and LookupAccountSid function to retrieve the process owner.
Or you can determine the SID type like the answer.
User Invoked Process and System Invoked Process
During our machine Run we can find some process get started by the system in Task Manager.
For example, Sometimes automatically Microsoft Edge gets started in the background and we can see in Task Manager.
So is there any Windows API to find whether a process is started by User or by system....?
I mean windows API to differentiate Foreground windows and background windows
-
Xiaopo Yang - MSFT 11,501 Reputation points Microsoft Vendor
2022-04-28T07:12:41.11+00:00
1 additional answer
Sort by: Most helpful
-
Castorix31 81,831 Reputation points
2022-04-28T06:34:15.813+00:00 I mean windows API to differentiate Foreground windows and background windows
A Background process in Task Manager is just a process without visible window
(you can see How does Task Manager categorize processes as App, Background Process, or Windows Process?)