Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting process command line fails on ARM64 Windows #1435

Open
1 task
s-m-martin opened this issue Mar 21, 2023 · 1 comment
Open
1 task

Getting process command line fails on ARM64 Windows #1435

s-m-martin opened this issue Mar 21, 2023 · 1 comment

Comments

@s-m-martin
Copy link

s-m-martin commented Mar 21, 2023
edited
Loading

Describe the bug
When compiling for ARM64 Windows and using the process module to compare command line with a running process, then I get the error of: "could not get CommandLine: cannot locate process PEB: could not query PEB address"

To Reproduce
I can't share the entirety of the code, but hopefully this snippet helps you understand how it's being used. Basic gist of, we're killing a process but want to verify it's the right process, so we're making a command line comparison.

func commandPathsAreEqual(cmdPath string, killPath string) bool {
	strippedKillPath := strings.TrimSpace(killPath)

	cmdPath = strings.ToLower(cmdPath)
	killPath = strings.ToLower(strippedKillPath)

	if strings.HasPrefix(cmdPath, `"`) {
		re := regexp.MustCompile(`^"(.*?)"`)
		cmdPath = re.FindStringSubmatch(cmdPath)[1]
		return cmdPath == killPath
	}

	// Compare the slices of killPath (from the portal)
	// with the running process slices (cmdSlice)
	// Break the commands on space and check that each of the values in the
	// len(killPath) == cmdSlice to provide equivalent between slices
	killSlice := strings.Split(killPath, " ")
	cmdSlice := strings.Split(cmdPath, " ")
	for i, v := range killSlice {
		if cmdSlice[i] != v {
			return false
		}
	}
	return true
}


// executes killprocess
func (t remediateKillProcess) Process(rc *RunningConfigT) (err error) {
	defer func() {
		t.handleTaskError(err)
	}()

	killTask := struct {
		PID  int    `json:"pid"`
		Path string `json:"path"`
	}{}

	if err = json.Unmarshal(t.Params, &killTask); err != nil {
		return err
	}

	proc, err := process.NewProcess(int32(killTask.PID))
	if err == process.ErrorProcessNotRunning {
		// if pid is not found
		// return success
		t.Results = err.Error()

		// This is not an error. If the PID is not found
		// then the process we are attempting to kill is no longer running
		return nil
	}

	passingPath, err := proc.Cmdline()
	if err != nil && err.Error() != "exit status 1" {
		// Darwin returns "exit status 1" whenever the process can't be found
		// during querying for the full path
		t.err = err
		t.Results = err.Error()
		return nil
	}

	if t.captureAndReturnFailureState(err) != nil {
		return err
	}

	if commandPathsAreEqual(passingPath, killTask.Path) == false {
		// Path does not exist. We assume that the process is now defunct
		// or that the path was not correct. Either way, the process does not exist
		err = fmt.Errorf("Path for process `%q` was not found.", killTask.Path)

		t.Results = err.Error()

		// This is not an error
		return nil
	}

	// if path and pid found, kill
	err = proc.Terminate()

	// Set t.err, t.Results Return at this point
	// if err is still returned
	if t.captureAndReturnFailureState(err) != nil {
		return err
	}

	// Kill successful
	t.Results = fmt.Sprintf("Process %d at %s was successfully killed.", killTask.PID, killTask.Path)
	// No error to return
	return nil
}

Expected behavior
No errors are received when trying to get the command line for the process on ARM64 Windows

Environment (please complete the following information):

  • Windows: ARM64

Additional context
I provided this PR with updates that resolve the problem
@s-m-martin s-m-martin changed the title Kill process fails on ARM64 Windows Getting process command line fails on ARM64 Windows Mar 21, 2023
@clarkmcc
Copy link

clarkmcc commented May 8, 2023

I'm getting the following error when trying to compile for GOOS=windows GOARCH=arm64

C:\Users\\go\pkg\mod\github.com\shirou\gopsutil\[email protected]\process\process_windows.go:679:32: undefined: PROCESS_MEMORY_COUNTERS
C:\Users\\go\pkg\mod\github.com\shirou\gopsutil\[email protected]\process\process_windows.go:680:10: undefined: PROCESS_MEMORY_COUNTERS
C:\Users\\go\pkg\mod\github.com\shirou\gopsutil\[email protected]\process\process_windows.go:693:50: undefined: PROCESS_MEMORY_COUNTERS
C:\Users\\go\pkg\mod\github.com\shirou\gopsutil\[email protected]\process\process_windows.go:794:16: undefined: queryPebAddress
C:\Users\\go\pkg\mod\github.com\shirou\gopsutil\[email protected]\process\process_windows.go:800:10: undefined: readProcessMemory
C:\Users\\go\pkg\mod\github.com\shirou\gopsutil\[email protected]\process\process_windows.go:807:20: undefined: readProcessMemory
C:\Users\\go\pkg\mod\github.com\shirou\gopsutil\[email protected]\process\process_windows.go:820:15: undefined: readProcessMemory
C:\Users\\go\pkg\mod\github.com\shirou\gopsutil\[email protected]\process\process_windows.go:828:10: undefined: readProcessMemory
C:\Users\\go\pkg\mod\github.com\shirou\gopsutil\[email protected]\process\process_windows.go:836:20: undefined: readProcessMemory
C:\Users\\go\pkg\mod\github.com\shirou\gopsutil\[email protected]\process\process_windows.go:851:15: undefined: readProcessMemory
C:\Users\\go\pkg\mod\github.com\shirou\gopsutil\[email protected]\process\process_windows.go:851:15: too many errors

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@clarkmcc @s-m-martin