I need to fetch the user default profile directory, given its username or SID.
How can I do it?
GetUserProfileDirectory() seems to work only for the current account.
Both GetUserProfileDirectory and SHGetFolderPath are able to get the profile directory of a different account, the only problem is that they want a token handle and not a SID. To get the token handle you either need to know the users password and call LogonUser, or if the user is already logged on and you are running as a service you can get their token.
I'm guessing neither of those solutions are what you want so then you have to go into undocumented land:
Read the ProfileImagePath value under "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\%SID%"