In this screenshot, we are using an existing doorman instance to find all running processes on a Windows machine. This port presented several technical challenges, which we always enjoy. Windows doesn’t fork() - the process model is fundamentally different.There’s no glob() - we had to approximate the functionality.Unix domain sockets are now named pipes.Paths are different - no more ‘/’ as the path separator.Let’s start with the obvious POSIX to Windows differences: Some of the problems were general POSIX to Windows porting issues, while others were unique to osquery. There’s no more simple integer uid or gid values - instead you have SIDs, ACLs and DACLs.We worked around this by abstracting the worker process functionality. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |