Subtleties of the "current user" on Windows
There are some interesting subtleties between the "current user" on Windows, depending on whether you're talking about threads or processes. On Windows a thread can essentially run as a user different from the process it's created in. From MSDN:
"Prior to Windows NT, it could be assumed that a thread was running under the account of the interactively logged on user. Windows NT, however, allows threads to run under multiple security contexts, potentially representing multiple users. For instance, in a client/server application, a thread in the server might impersonate a client through the ImpersonateNamedPipeClient function. In this case, it runs under the user context of the client. Another example of a thread running in a different security context is a service thread, which has a domain name of NT AUTHORITY and a user name of SYSTEM, assuming that the service is running in the local system account."
The GetUserName function returns the *process* owner. To get the *thread* owner we have to resort to using tokens and sid lookup. Intawesting.
"Prior to Windows NT, it could be assumed that a thread was running under the account of the interactively logged on user. Windows NT, however, allows threads to run under multiple security contexts, potentially representing multiple users. For instance, in a client/server application, a thread in the server might impersonate a client through the ImpersonateNamedPipeClient function. In this case, it runs under the user context of the client. Another example of a thread running in a different security context is a service thread, which has a domain name of NT AUTHORITY and a user name of SYSTEM, assuming that the service is running in the local system account."
The GetUserName function returns the *process* owner. To get the *thread* owner we have to resort to using tokens and sid lookup. Intawesting.