mirror of
https://github.com/adulau/aha.git
synced 2024-12-26 18:56:14 +00:00
A process do sys_execve multiple times
This commit is contained in:
parent
b58b2ecea2
commit
c68124b88d
2 changed files with 20 additions and 3 deletions
|
@ -32,6 +32,14 @@ def extract_object(obj):
|
|||
#Annotation info is only available in sys_execve messages
|
||||
print "annotate process ",pid
|
||||
ptress.annotateProcessList(obj)
|
||||
# Thread exited
|
||||
if (tp == 3):
|
||||
if ptress.does_user_disconnects(pid):
|
||||
#User disconnected generate a report, to avoid that other
|
||||
#information is droped
|
||||
print "List export is triggered"
|
||||
ptress.exportUserListTxt('userlist.txt')
|
||||
ptress.silent_remove_pid(pid)
|
||||
|
||||
except ValueError,e:
|
||||
print "Failed to parse ",obj
|
||||
|
|
|
@ -219,6 +219,11 @@ class ProcessTrees:
|
|||
except KeyError,e:
|
||||
pass
|
||||
|
||||
def does_user_disconnects(self,pid):
|
||||
if self.userList.has_key(pid):
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
# Describe the root process
|
||||
# f is file object
|
||||
# pid is the root process
|
||||
|
@ -280,15 +285,19 @@ class ProcessTrees:
|
|||
print "Children of ",pid," ",self.get_children(pid)
|
||||
for pid in self.get_children(pid):
|
||||
ts = self.get_timestamp_from_pid(pid)
|
||||
its = int(ts)
|
||||
file = self.get_command_from_pid(pid)
|
||||
if ts != -1 and file != None:
|
||||
vector[int(ts)] = file
|
||||
if vector.has_key(its) == False:
|
||||
vector[its] = []
|
||||
vector[its].append(file)
|
||||
#Now sort the vector
|
||||
tab = vector.keys()
|
||||
tab.sort()
|
||||
ret = []
|
||||
for ts in tab:
|
||||
ret.append(vector[ts])
|
||||
for c in vector[ts]:
|
||||
ret.append(c)
|
||||
return ret
|
||||
|
||||
class TestProcessTree(unittest.TestCase):
|
||||
|
|
Loading…
Reference in a new issue