windowswinapisessionauthenticationwindows-nt

How I can query logon type of the running process?


I want at least to distinguish cases when my software is being ran as batch job (LOGON32_LOGON_BATCH) from being ran interactively (LOGON32_LOGON_INTERACTIVE).


Solution

  • HANDLE hToken;
    // Open the current process's token
    if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
    {
        // Get the token statistics, which include the logon session id
        TOKEN_STATISTICS stats;
        DWORD length;
        if (GetTokenInformation(hToken, TokenStatistics, &stats, sizeof(stats), &length))
        {
            // Get data about the logon session, which includes the logon type
            PSECURITY_LOGON_SESSION_DATA pData;
            if (LsaGetLogonSessionData(&stats.AuthenticationId, &pData) == 0)
            {
                // From SECURITY_LOGON_TYPE enumeration
                switch (pData->LogonType)
                {
                case Interactive:
                    wprintf(L"Interactive\n");
                    break;
                case Batch:
                    wprintf(L"Batch\n");
                    break;
                default:
                    wprintf(L"Other: %i\n", pData->LogonType);
                    break;
                }
                LsaFreeReturnBuffer(pData);
            }
        }
        CloseHandle(hToken);
    }