Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ProcStatus.PPID value is wrong on Windows #53

Closed
andrewkroh opened this issue Oct 25, 2016 · 0 comments · Fixed by #55
Closed

ProcStatus.PPID value is wrong on Windows #53

andrewkroh opened this issue Oct 25, 2016 · 0 comments · Fixed by #55
Labels
bug

Comments

@andrewkroh
Copy link
Member

The ppid is obtained by calling CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, <pid>) and obtaining the PPID from the first process returned by Process32First. However CreateToolhelp32Snapshot ignores the pid parameter when used with the TH32CS_SNAPPROCESS flag. It returns a snapshot of all processes and you must iterate over the processes using Process32Next.

Ref: https://msdn.microsoft.com/en-us/library/windows/desktop/ms682489(v=vs.85).aspx
@andrewkroh andrewkroh added the bug label Oct 25, 2016
@andrewkroh andrewkroh mentioned this issue Oct 26, 2016
Closed
andrewkroh added a commit to andrewkroh/gosigar that referenced this issue Oct 27, 2016
@andrewkroh
Update gosigar windows code to use gosigar/sys/windows package
daaef96 
- Fixes elastic#53 (ProcStatus.PPID value is wrong on Windows). The code was incorrectly using `CreateToolhelp32Snapshot` + `Process32First`. This could have been fixed, but it would have required iterating over each process until finding the PPID of process we were interested it. Instead the code has been changed to use `NtQueryInformationProcess` to get the PPID given a process token.
- Fixes elastic#6 (Get the cpu usage per core in Windows). I used `NtQuerySystemInformation` to collect the timing information on a per CPU basis.
- Adds OS version checks to the functions that make certain WMI calls. The `Win32_Process` data is only available on Vista and newer. On XP and Win2003, these methods will return `ErrNotImplemented`. This will help address elastic/beats#1704.
- Implements `Uptime.Get` for Windows.
- Implements `Swap.Get` for Windows based on page file metrics.
- Removes cgo usage for Windows.
andrewkroh added a commit to andrewkroh/gosigar that referenced this issue Oct 27, 2016
@andrewkroh
Update gosigar windows code to use gosigar/sys/windows package
5218e01 
- Fixes elastic#53 (ProcStatus.PPID value is wrong on Windows). The code was incorrectly using `CreateToolhelp32Snapshot` + `Process32First`. This could have been fixed, but it would have required iterating over each process until finding the PPID of process we were interested it. Instead the code has been changed to use `NtQueryInformationProcess` to get the PPID given a process token.
- Fixes elastic#6 (Get the cpu usage per core in Windows). I used `NtQuerySystemInformation` to collect the timing information on a per CPU basis.
- Adds OS version checks to the functions that make certain WMI calls. The `Win32_Process` data is only available on Vista and newer. On XP and Win2003, these methods will return `ErrNotImplemented`. This will help address elastic/beats#1704.
- Implements `Uptime.Get` for Windows.
- Implements `Swap.Get` for Windows based on page file metrics.
- Removes cgo usage for Windows.
- Adds support to `github.com/gosigar/sys/windows` for querying and enabling privileges in a process token. This will help in addressing elastic/beats#1897.
andrewkroh added a commit to andrewkroh/gosigar that referenced this issue Oct 27, 2016
@andrewkroh
Update gosigar windows code to use gosigar/sys/windows package
6838318 
- Fixes elastic#53 (ProcStatus.PPID value is wrong on Windows). The code was incorrectly using `CreateToolhelp32Snapshot` + `Process32First`. This could have been fixed, but it would have required iterating over each process until finding the PPID of process we were interested it. Instead the code has been changed to use `NtQueryInformationProcess` to get the PPID given a process token.
- Fixes elastic#6 (Get the cpu usage per core in Windows). I used `NtQuerySystemInformation` to collect the timing information on a per CPU basis.
- Adds OS version checks to the functions that make certain WMI calls. The `Win32_Process` data is only available on Vista and newer. On XP and Win2003, these methods will return `ErrNotImplemented`. This will help address elastic/beats#1704.
- Implements `Uptime.Get` for Windows.
- Implements `Swap.Get` for Windows based on page file metrics.
- Removes cgo usage for Windows.
- Adds support to `github.com/gosigar/sys/windows` for querying and enabling privileges in a process token. This will help in addressing elastic/beats#1897.
@andrewkroh andrewkroh mentioned this issue Oct 27, 2016
Merged
andrewkroh added a commit to andrewkroh/gosigar that referenced this issue Oct 27, 2016
@andrewkroh
Update gosigar windows code to use gosigar/sys/windows package
5c03d42 
- Fixes elastic#53 (ProcStatus.PPID value is wrong on Windows). The code was incorrectly using `CreateToolhelp32Snapshot` + `Process32First`. This could have been fixed, but it would have required iterating over each process until finding the PPID of process we were interested it. Instead the code has been changed to use `NtQueryInformationProcess` to get the PPID given a process token.
- Fixes elastic#6 (Get the cpu usage per core in Windows). I used `NtQuerySystemInformation` to collect the timing information on a per CPU basis.
- Adds OS version checks to the functions that make certain WMI calls. The `Win32_Process` data is only available on Vista and newer. On XP and Win2003, these methods will return `ErrNotImplemented`. This will help address elastic/beats#1704.
- Implements `Uptime.Get` for Windows.
- Implements `Swap.Get` for Windows based on page file metrics.
- Removes cgo usage for Windows.
- Adds support to `github.com/gosigar/sys/windows` for querying and enabling privileges in a process token. This will help in addressing elastic/beats#1897.
ruflin pushed a commit that referenced this issue Oct 28, 2016
@andrewkroh @ruflin
Update gosigar windows code to use gosigar/sys/windows package (#55)
0ba14c2 
- Fixes #53 (ProcStatus.PPID value is wrong on Windows). The code was incorrectly using `CreateToolhelp32Snapshot` + `Process32First`. This could have been fixed, but it would have required iterating over each process until finding the PPID of process we were interested it. Instead the code has been changed to use `NtQueryInformationProcess` to get the PPID given a process token.
- Fixes #6 (Get the cpu usage per core in Windows). I used `NtQuerySystemInformation` to collect the timing information on a per CPU basis.
- Adds OS version checks to the functions that make certain WMI calls. The `Win32_Process` data is only available on Vista and newer. On XP and Win2003, these methods will return `ErrNotImplemented`. This will help address elastic/beats#1704.
- Implements `Uptime.Get` for Windows.
- Implements `Swap.Get` for Windows based on page file metrics.
- Removes cgo usage for Windows.
- Adds support to `github.com/gosigar/sys/windows` for querying and enabling privileges in a process token. This will help in addressing elastic/beats#1897.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update gosigar windows code to use gosigar/sys/windows package andrewkroh/gosigar
1 participant
@andrewkroh