fix(ps): Assign UUID from internal process state

Author: rabbitstack

pkg/ps/snapshotter_windows.go

@@ -186,6 +186,11 @@ func (s *snapshotter) Write(e *event.Event) error {
 			e.AppendParam(params.Exe, params.Path, ps.Exe)
 		}
 
+		// if the process UUID has been initialized when
+		// the internal event arrived, reassign it to the
+		// current process state
+		proc.AssignUUID(ps)
+
 		e.AppendParam(params.ProcessTokenIntegrityLevel, params.AnsiString, ps.TokenIntegrityLevel)
 		e.AppendParam(params.ProcessTokenElevationType, params.AnsiString, ps.TokenElevationType)
 		e.AppendParam(params.ProcessTokenIsElevated, params.Bool, ps.IsTokenElevated)

pkg/ps/types/types_windows.go

@@ -21,20 +21,22 @@ package types
 import (
 	"encoding/binary"
 	"fmt"
+	"path/filepath"
+	"strings"
+	"sync"
+
 	"github.com/rabbitstack/fibratus/pkg/sys"
 	"github.com/rabbitstack/fibratus/pkg/util/cmdline"
 	"github.com/rabbitstack/fibratus/pkg/util/va"
 	"golang.org/x/sys/windows"
-	"path/filepath"
-	"strings"
-	"sync"
 
 	"github.com/rabbitstack/fibratus/pkg/cap/section"
 	htypes "github.com/rabbitstack/fibratus/pkg/handle/types"
 	"github.com/rabbitstack/fibratus/pkg/pe"
 
-	"github.com/rabbitstack/fibratus/pkg/util/bootid"
 	"time"
+
+	"github.com/rabbitstack/fibratus/pkg/util/bootid"
 )
 
 // PS encapsulates process' state such as allocated resources and other metadata.
@@ -125,6 +127,14 @@ func (ps *PS) UUID() uint64 {
 	return ps.uuid
 }
 
+// AssignUUID assigns the UUID from the given
+// process if the UUID has been initialized.
+func (ps *PS) AssignUUID(proc *PS) {
+	if proc.uuid != 0 {
+		ps.uuid = proc.uuid
+	}
+}
+
 // ProcessSequenceNumber contains the unique process sequence number.
 type ProcessSequenceNumber struct {
 	Seq [8]byte