Windows: Detect when an extension has not started by ameily · Pull Request #7355...

2 years ago

source link: https://github.com/osquery/osquery/pull/7355
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Copy link

Contributor

ameily commented on Oct 22, 2021

Detect when a Windows extension has not started, which mirror how the Posix PlatformProcess operates. The problem was that GetExitCodeProcess() was being called with an invalid handle, which returns a value indicating that the process is still active. So, extensions were never executed.

The fix is to check if the handle is valid prior to checking if the process is alive.

fixes #7324

Recommend

Remove POSIX-only -fexceptions flag on Windows by Smjert · Pull Request #7126 ·...
Docs: bring the YARA wiki page up to date by mike-myers-tob · Pull Request #7172...
Prevent race condition between shutdown and worker or extension launch by Smjert...
lib, device: begin using list::List instead of custom structs by woodruffw · Pul...
Fix osquery_info build_platform column value on Linux by Smjert · Pull Request #...
Docs: add a note on enabling Windows to build with CMake's long paths by mike-my...
Apple Silicon support by alessandrogario · Pull Request #7330 · osquery/osquery...
chrome_extensions: Compute the identifier from the 'key' property by alessandrog...
Use standalone CPack packaging by alessandrogario · Pull Request #7059 · osquery...
bpf: Improve publisher reliability by alessandrogario · Pull Request #7302 · osq...

About Joyk

Aggregate valuable and interesting links.
Joyk means Joy of geeK