Skip to content

Commit 2726d2a

Browse files
rabbitstackrabbitstack
committed
fix(ps): Assign UUID from internal process state
1 parent 11ab687 commit 2726d2a

File tree

2 files changed

+23
-7
lines changed

2 files changed

+23
-7
lines changed

pkg/ps/snapshotter_windows.go

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,15 +20,16 @@ package ps
2020

2121
import (
2222
"expvar"
23-
"github.com/rabbitstack/fibratus/pkg/sys"
24-
"github.com/rabbitstack/fibratus/pkg/util/va"
25-
"golang.org/x/sys/windows"
2623
"path/filepath"
2724
"strconv"
2825
"strings"
2926
"sync"
3027
"time"
3128

29+
"github.com/rabbitstack/fibratus/pkg/sys"
30+
"github.com/rabbitstack/fibratus/pkg/util/va"
31+
"golang.org/x/sys/windows"
32+
3233
"github.com/rabbitstack/fibratus/pkg/config"
3334
"github.com/rabbitstack/fibratus/pkg/event"
3435
"github.com/rabbitstack/fibratus/pkg/event/params"
@@ -185,6 +186,11 @@ func (s *snapshotter) Write(e *event.Event) error {
185186
e.AppendParam(params.Exe, params.Path, ps.Exe)
186187
}
187188

189+
// if the process UUID has been initialized when
190+
// the internal event arrived, reassign it to the
191+
// current process state
192+
proc.AssignUUID(ps)
193+
188194
e.AppendParam(params.ProcessTokenIntegrityLevel, params.AnsiString, ps.TokenIntegrityLevel)
189195
e.AppendParam(params.ProcessTokenElevationType, params.AnsiString, ps.TokenElevationType)
190196
e.AppendParam(params.ProcessTokenIsElevated, params.Bool, ps.IsTokenElevated)

pkg/ps/types/types_windows.go

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -21,20 +21,22 @@ package types
2121
import (
2222
"encoding/binary"
2323
"fmt"
24+
"path/filepath"
25+
"strings"
26+
"sync"
27+
2428
"github.com/rabbitstack/fibratus/pkg/sys"
2529
"github.com/rabbitstack/fibratus/pkg/util/cmdline"
2630
"github.com/rabbitstack/fibratus/pkg/util/va"
2731
"golang.org/x/sys/windows"
28-
"path/filepath"
29-
"strings"
30-
"sync"
3132

3233
"github.com/rabbitstack/fibratus/pkg/cap/section"
3334
htypes "github.com/rabbitstack/fibratus/pkg/handle/types"
3435
"github.com/rabbitstack/fibratus/pkg/pe"
3536

36-
"github.com/rabbitstack/fibratus/pkg/util/bootid"
3737
"time"
38+
39+
"github.com/rabbitstack/fibratus/pkg/util/bootid"
3840
)
3941

4042
// PS encapsulates process' state such as allocated resources and other metadata.
@@ -125,6 +127,14 @@ func (ps *PS) UUID() uint64 {
125127
return ps.uuid
126128
}
127129

130+
// AssignUUID assigns the UUID from the given
131+
// process if the UUID has been initialized.
132+
func (ps *PS) AssignUUID(proc *PS) {
133+
if proc.uuid != 0 {
134+
ps.uuid = proc.uuid
135+
}
136+
}
137+
128138
// ProcessSequenceNumber contains the unique process sequence number.
129139
type ProcessSequenceNumber struct {
130140
Seq [8]byte

0 commit comments

Comments
 (0)