From 5157f037480ec8874e433c698dc2cb8c28dc8727 Mon Sep 17 00:00:00 2001
From: Derek Brown <derek.brown@datadoghq.com>
Date: Wed, 28 Jun 2017 11:16:01 -0700
Subject: [PATCH 1/2] [windows] add implementation for process.Username()

---
 process/process_windows.go | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/process/process_windows.go b/process/process_windows.go
index 4406a67..3ae01cd 100644
--- a/process/process_windows.go
+++ b/process/process_windows.go
@@ -181,8 +181,26 @@ func (p *Process) Status() (string, error) {
 	return "", common.ErrNotImplementedError
 }
 func (p *Process) Username() (string, error) {
-	return "", common.ErrNotImplementedError
+	pid := p.Pid
+	// 0x1000 is PROCESS_QUERY_LIMITED_INFORMATION
+	c, err := syscall.OpenProcess(0x1000, false, uint32(pid))
+	if err != nil {
+		return "", err
+	}
+	defer syscall.CloseHandle(c)
+
+	var token syscall.Token
+	err = syscall.OpenProcessToken(c, syscall.TOKEN_QUERY, &token)
+	if err != nil {
+		return "", err
+	}
+	defer token.Close()
+	tokenUser, err := token.GetTokenUser()
+
+	user, _, _, err := tokenUser.User.Sid.LookupAccount("")
+	return user, err
 }
+
 func (p *Process) Uids() ([]int32, error) {
 	var uids []int32
 
@@ -412,7 +430,8 @@ func getRusage(pid int32) (*windows.Rusage, error) {
 
 func getMemoryInfo(pid int32) (PROCESS_MEMORY_COUNTERS, error) {
 	var mem PROCESS_MEMORY_COUNTERS
-	c, err := windows.OpenProcess(windows.PROCESS_QUERY_INFORMATION, false, uint32(pid))
+	// PROCESS_QUERY_LIMITED_INFORMATION is 0x1000
+	c, err := windows.OpenProcess(0x1000, false, uint32(pid))
 	if err != nil {
 		return mem, err
 	}

From a3ae2ed4110d4d8625247c71eb6652efdb0ff660 Mon Sep 17 00:00:00 2001
From: Derek Brown <derek.brown@datadoghq.com>
Date: Thu, 6 Jul 2017 15:08:46 -0700
Subject: [PATCH 2/2] Add domain to username (rather than naked username)

---
 process/process_windows.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/process/process_windows.go b/process/process_windows.go
index 3ae01cd..bc2cbde 100644
--- a/process/process_windows.go
+++ b/process/process_windows.go
@@ -197,8 +197,8 @@ func (p *Process) Username() (string, error) {
 	defer token.Close()
 	tokenUser, err := token.GetTokenUser()
 
-	user, _, _, err := tokenUser.User.Sid.LookupAccount("")
-	return user, err
+	user, domain, _, err := tokenUser.User.Sid.LookupAccount("")
+	return domain + "\\" + user, err
 }
 
 func (p *Process) Uids() ([]int32, error) {