gitPidStatus on Windows doesn't correctly identify suspended processes #66

leehinman · 2022-12-15T19:11:55Z

elastic-agent-system-metrics/metric/system/process/process_windows.go

Lines 192 to 211 in e28f1d3

    
           func getPidStatus(pid int) (PidState, error) { 
        
           	handle, err := syscall.OpenProcess(processQueryLimitedInfoAccess, false, uint32(pid)) 
        
           	if err != nil { 
        
           		return Unknown, fmt.Errorf("OpenProcess failed for pid=%v: %w", pid, err) 
        
           	} 
        
           	defer func() { 
        
           		_ = syscall.CloseHandle(handle) 
        
           	}() 
        
           	var exitCode uint32 
        
           	err = syscall.GetExitCodeProcess(handle, &exitCode) 
        
           	if err != nil { 
        
           		return Unknown, fmt.Errorf("GetExitCodeProcess failed for pid=%v: %w", pid, err) 
        
           	} 
        
           	if exitCode == 259 { //still active 
        
           		return Running, nil 
        
           	} 
        
           	return Sleeping, nil 
        
           }

The Win32 GetExitCodeProcess Function doesn't directly return if a process is suspended. For Windows, to see if a process is suspended we would have to check all of the process threads and make sure those are suspended. This may require using the non-stable wininternal api.

leehinman added the bug Something isn't working label Dec 15, 2022

cmacknz added the Team:Elastic-Agent Label for the Agent team label Dec 15, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

gitPidStatus on Windows doesn't correctly identify suspended processes #66

gitPidStatus on Windows doesn't correctly identify suspended processes #66

leehinman commented Dec 15, 2022

gitPidStatus on Windows doesn't correctly identify suspended processes #66

gitPidStatus on Windows doesn't correctly identify suspended processes #66

Comments

leehinman commented Dec 15, 2022