-
Notifications
You must be signed in to change notification settings - Fork 565
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix VMRay missing process data #2396
Conversation
looks reasonable, i'll trust the tests. |
@mr-tz thanks for the initial fix. This made me realize that we should be using VMRay's thread and process monitor IDs instead of tid, pid, and ppid combinations as we can't guarantee these combinations are unique, e.g. reused ppid and pid combination, while it appears that the thread and process monitor IDs are unique, and thus combinations of these should be unique, e.g. for extracting function calls. |
I ran this on a few random private analysis archives and didn't encounter any failures. We should find more public samples to add to the test corpus. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we address #2361 (add fields to unique pid/ppid) here, while we're at it? or leave that for a PR immediately following this?
Thanks for the additions, @mike-hunhoff! |
closes #2394
Checklist