Gathers information about a process given its HANDLE. This consists primarily of information stored in the Process Environment Block.
More...
#include "util/win/process_info.h"
|
|
template<class Traits > |
| bool | GetProcessBasicInformation (HANDLE process, bool is_wow64, ProcessInfo *process_info, WinVMAddress *peb_address, WinVMSize *peb_size) |
| |
|
template<class Traits > |
| bool | ReadProcessData (HANDLE process, WinVMAddress peb_address_vmaddr, ProcessInfo *process_info) |
| |
|
bool | ReadMemoryInfo (HANDLE process, bool is_64_bit, ProcessInfo *process_info) |
| |
Gathers information about a process given its HANDLE. This consists primarily of information stored in the Process Environment Block.
◆ AllGroups()
| std::set< gid_t > crashpad::ProcessInfo::AllGroups |
( |
| ) |
const |
◆ Arguments()
| bool crashpad::ProcessInfo::Arguments |
( |
std::vector< std::string > * |
argv | ) |
const |
Obtains the arguments used to launch a process.
Whether it is possible to obtain this information for a process with different privileges than the running program is system-dependent.
- Parameters
-
| [out] | argv | The process’ arguments as passed to its main() function as the argv parameter, possibly modified by the process. |
- Returns
true on success, with argv populated appropriately. Otherwise, false with a message logged.
- Note
- This function may spuriously return
false when used to examine a process that it is calling exec(). If examining such a process, call this function in a retry loop with a small (100ns) delay to avoid an erroneous assumption that pid is not running.
◆ CommandLine()
| bool crashpad::ProcessInfo::CommandLine |
( |
std::wstring * |
command_line | ) |
const |
- Returns
- The command line from the target process's Process Environment Block.
◆ DidChangePrivileges()
| bool crashpad::ProcessInfo::DidChangePrivileges |
( |
| ) |
const |
Determines whether the target process has changed privileges.
A process is considered to have changed privileges if it has changed its real, effective, or saved set-user or group IDs with the setuid(), seteuid(), setreuid(), setgid(), setegid(), or setregid() system calls since its most recent execve(), or if its privileges changed at execve() as a result of executing a setuid or setgid executable.
◆ EffectiveGroupID()
| gid_t crashpad::ProcessInfo::EffectiveGroupID |
( |
| ) |
const |
- Returns
- the target process’ effective group ID as would be returned to it by
getegid().
◆ EffectiveUserID()
| uid_t crashpad::ProcessInfo::EffectiveUserID |
( |
| ) |
const |
- Returns
- The target process’ effective user ID as would be returned to it by
geteuid().
◆ GetReadableRanges()
Given a range to be read from the target process, returns a vector of ranges, representing the readable portions of the original range.
- Parameters
-
| [in] | range | The range being identified. |
- Returns
- A vector of ranges corresponding to the portion of range that is readable based on the memory map.
◆ Initialize()
| bool crashpad::ProcessInfo::Initialize |
( |
HANDLE |
process | ) |
|
Initializes this object with information about the given process.
This method must be called successfully prior to calling any other method in this class. This method may only be called once.
- Returns
true on success, false on failure with a message logged.
◆ InitializeWithPid()
| bool crashpad::ProcessInfo::InitializeWithPid |
( |
pid_t |
pid | ) |
|
Initializes this object with information about the process whose ID is pid.
This method must be called successfully prior to calling any other method in this class. This method may only be called once.
It is unspecified whether the information that an object of this class returns is loaded at the time Initialize() is called or subsequently, and whether this information is cached in the object or not.
- Parameters
-
| [in] | pid | The process ID to obtain information for. |
- Returns
true on success, false on failure with a message logged.
◆ InitializeWithPtrace()
| bool crashpad::ProcessInfo::InitializeWithPtrace |
( |
PtraceConnection * |
connection | ) |
|
Initializes this object with information about the process whose ID is pid using a PtraceConnection connection.
This method must be called successfully prior to calling any other method in this class. This method may only be called once.
It is unspecified whether the information that an object of this class returns is loaded at the time Initialize() is called or subsequently, and whether this information is cached in the object or not.
- Parameters
-
| [in] | connection | A connection to the remote process. |
- Returns
true on success, false on failure with a message logged.
◆ InitializeWithTask()
| bool crashpad::ProcessInfo::InitializeWithTask |
( |
task_t |
task | ) |
|
Initializes this object with information about a process based on its Mach task.
This method serves as a stand-in for InitializeWithPid() and may be called in its place with the same restrictions and considerations.
- Parameters
-
| [in] | task | The Mach task to obtain information for. |
- Returns
true on success, false on failure with an message logged.
◆ Is64Bit() [1/2]
| bool crashpad::ProcessInfo::Is64Bit |
( |
| ) |
const |
- Returns
true if the target process is a 64-bit process.
◆ Is64Bit() [2/2]
| bool crashpad::ProcessInfo::Is64Bit |
( |
| ) |
const |
Determines the target process’ bitness.
- Returns
true if the target task is a 64-bit process.
◆ IsWow64()
| bool crashpad::ProcessInfo::IsWow64 |
( |
| ) |
const |
- Returns
true if the target process is running on the Win32-on-Win64 subsystem.
◆ LoggingRangeIsFullyReadable()
Given a range in the target process, determines if the entire range is readable.
- Parameters
-
| [in] | range | The range being inspected. |
- Returns
true if the range is fully readable, otherwise false with a message logged.
◆ Modules()
| bool crashpad::ProcessInfo::Modules |
( |
std::vector< Module > * |
modules | ) |
const |
Retrieves the modules loaded into the target process.
The modules are enumerated in initialization order as detailed in the Process Environment Block. The main executable will always be the first element.
◆ ParentProcessID() [1/2]
- Returns
- The target task’s parent process ID.
◆ ParentProcessID() [2/2]
- Returns
- The target process's parent process ID.
◆ Peb()
Gets the address and size of the process's Process Environment Block.
- Parameters
-
| [out] | peb_address | The address of the Process Environment Block. |
| [out] | peb_size | The size of the Process Environment Block. |
◆ ProcessID() [1/2]
- Returns
- The target task’s process ID.
◆ ProcessID() [2/2]
- Returns
- The target process's process ID.
◆ RealGroupID()
| gid_t crashpad::ProcessInfo::RealGroupID |
( |
| ) |
const |
- Returns
- the target process’ real group ID as would be returned to it by
getgid().
◆ RealUserID()
| uid_t crashpad::ProcessInfo::RealUserID |
( |
| ) |
const |
- Returns
- The target process’ real user ID as would be returned to it by
getuid().
◆ SavedGroupID()
| gid_t crashpad::ProcessInfo::SavedGroupID |
( |
| ) |
const |
- Returns
- The target process’ saved set-group ID.
◆ SavedUserID()
| uid_t crashpad::ProcessInfo::SavedUserID |
( |
| ) |
const |
- Returns
- The target process’ saved set-user ID.
◆ StartTime()
| bool crashpad::ProcessInfo::StartTime |
( |
timeval * |
start_time | ) |
const |
Determines the target process’ start time.
- Parameters
-
| [out] | start_time | The time that the process started. |
- Returns
true on success, with start_time set. Otherwise, false with a message logged.
◆ SupplementaryGroups()
| std::set< gid_t > crashpad::ProcessInfo::SupplementaryGroups |
( |
| ) |
const |
- Returns
- the target process’ supplementary group list as would be returned to it by
getgroups().
The documentation for this class was generated from the following files:
- util/posix/process_info.h
- util/posix/process_info_linux.cc
- util/posix/process_info_mac.cc
- util/win/process_info.cc
