hawatel_ps 0.1.1

data/lib/hawatel_ps/windows/proc_fetch.rb

@@ -0,0 +1,217 @@
+module HawatelPS
+  module Windows
+    ##
+    # = Process Fetch
+    #
+    # Provides functionality to fetch process information from raw source using WMI client.
+    class ProcFetch
+      class << self
+        # Return attributes of all processes from WMI
+        #
+        # Each process has attributes which are standardized in this document:
+        # https://msdn.microsoft.com/en-us/library/windows/desktop/aa394372
+        # Each attribute name is converted to lowercase.
+        #
+        # @example Get process list (access to attributes by index array)
+        #   processes = get_process()
+        #   processes.each do | process |
+        #     pid = process['processid']
+        #     name = process['name']
+        #     puts "#{pid.to_s.ljust(10)} #{name}"
+        #   end
+        #
+        # @example Get process list (access to attributes by methods)
+        #   processes = get_process()
+        #   processes.each do | process |
+        #     pid = process.processid
+        #     name = process.name
+        #     puts "#{pid.to_s.ljust(10)} #{name}"
+        #   end
+        #
+        # @return [Array<Hash>]
+        def get_process(args = nil)
+          if args.nil?
+            wql = prepare_wql("SELECT * FROM Win32_Process")
+          else
+            wql = prepare_wql('SELECT * FROM Win32_Process', args)
+          end
+
+          proc_table = Array.new
+
+          # TODO maybe the better way will be put user info to class variable?
+          @users_list = get_users
+          @system_info = system_info
+          @memory_total = @system_info[:totalvisiblememorysize]
+          @system_idle_time = system_idle_time
+
+          WmiCli.new.query(wql).each do |proc_instance|
+            proc = extract_wmi_property(proc_instance)
+            # if proces no longer exists it won't be added to the resulting array
+            # sometimes it happens when the Win32_Process query returned process but
+            # when this program tries invoke execMethod_ on it the WmiCli class raises an exception
+            # because the process disappeared
+            proc_table.push(proc) if !proc.nil?
+          end
+          proc_table
+        end
+
+        private
+
+        # Prepare WMI Query Language
+        # @param query [String] WQL string
+        # @param args [Hash] conditions to WHERE clause (conditions are combined only with AND operator)
+        # @option name [Type] :opt description
+        # @example
+        #   prepare_wql('SELECT * FROM Win32_Process')
+        #   prepare_wql('SELECT * FROM Win32_Process', {:processid => 1020})
+        #   prepare_wql('SELECT * FROM Win32_Process', {:name => 'notepad.exe', :executablepath => 'C:\\\\WINDOWS\\\\system32\\\\notepad.exe'})
+        # @return [String] WQL string
+        def prepare_wql(query, args = nil)
+          if args.nil?
+            return query
+          else
+            query += " WHERE "
+            args.each_with_index do |(k, v), index|
+              if index == 0 && args.length == 1
+                query += "#{k.to_s.downcase} = '#{v}'"
+              elsif index == args.length - 1
+                query += "#{k.to_s.downcase} = '#{v}'"
+              else
+                query += "#{k.to_s.downcase} = '#{v}' AND "
+              end
+            end
+            return query
+          end
+        end
+
+        # Get property from WIN32OLE object about process
+        # @param wmi_object [WmiCli::Instance] process instance represented by WMI object
+        # @example
+        #   extract_wmi_property(wmi_object)
+        # @return [Hash]
+        def extract_wmi_property(wmi_object)
+          property_map = wmi_object.properties.dup
+          property_map[:wmi_object] = wmi_object.wmi_ole_object
+          property_map[:childs] = Array.new
+
+          property_map[:sid] = get_owner_sid(wmi_object)
+
+          get_owner(property_map)
+          property_map[:availablevirtualsize] = get_avail_virtual_size(wmi_object)
+          property_map[:memorypercent] = memory_percent(@memory_total, property_map[:workingsetsize])
+
+          property_map[:cpupercent] = cpu_percent(cpu_time(
+              :usermodetime => property_map[:usermodetime],
+              :kernelmodetime => property_map[:kernelmodetime]))
+
+          hash_value_to_string(property_map)
+
+          property_map.delete(:status) if property_map.key?(:status)
+
+          property_map
+        end
+
+        # Convert hash values to string if is the Integer type
+        # @param hash [Hash]
+        def hash_value_to_string(hash)
+          hash.each {|k,v| hash[k] = v.to_s if v.is_a?(Integer)}
+        end
+
+        # Get users list from Win32_UserAccount class
+        # @return [Hash] @users_list
+        def get_users
+          users_list = Hash.new
+          WmiCli.new.query('SELECT * FROM Win32_UserAccount').each do |user|
+            users_list[user.properties[:sid]] = user.properties if !user.nil?
+          end
+          users_list
+        end
+
+        # Find information about user
+        # instance variable @users_list must be set {get_users}
+        # @param property_map [Hash] Atributes of process
+        def get_owner(property_map)
+          property_map[:user] = nil
+          property_map[:domain] = nil
+
+          if !property_map[:sid].nil? and !@users_list[property_map[:sid]].nil?
+            property_map[:user] = @users_list[property_map[:sid]][:name]
+            property_map[:domain] = @users_list[property_map[:sid]][:domain]
+          end
+        end
+
+        # Invoke GetOwnerSid method of the Win32_Process class
+        # @see https://msdn.microsoft.com/pl-pl/library/windows/desktop/aa390460
+        # @param wmi_object [WmiCli::Instance] process instance represented by WMI object
+        # @return [String] SID of user
+        # @reutrn [nil] if wmi_object no longer exists
+        def get_owner_sid(wmi_object)
+          # TODO performance problem (it takes ~10 seconds but the native wmi takes similar time)
+          owner = wmi_object.execMethod('GetOwnerSid')
+          return owner.Sid if !owner.nil?
+        rescue WmiCliException
+          return nil
+        end
+
+        # Invoke GetAvailableVirtualSize method of the Win32_Process class
+        # @see https://msdn.microsoft.com/en-us/library/windows/desktop/dn434274
+        # @param wmi_object [WmiCli::Instance] process instance represented by WMI object
+        # @return [String] AvailableVirtualSize from WMI
+        # @reutrn [nil] if wmi_object no longer exists
+        def get_avail_virtual_size(wmi_object)
+          obj = wmi_object.execMethod('GetAvailableVirtualSize')
+          return obj.AvailableVirtualSize.to_s if !obj.nil?
+        rescue WmiCliException
+          return nil
+        end
+
+        # System information from Win32_OperatingSystem class
+        # @return [Hash]
+        def system_info
+          WmiCli.new.query('SELECT * FROM Win32_OperatingSystem').each do |result|
+           return result.properties if !result.nil?
+          end
+        end
+
+        # Return percent of memory usage by process
+        # @return [String]
+        def memory_percent(mem_total_kb, workingsetsize)
+          if !mem_total_kb.nil? && !workingsetsize.nil? && mem_total_kb.to_i > 0
+            rss_kb = workingsetsize.to_f / 1024
+            return (rss_kb / mem_total_kb.to_f * 100).round(2).to_s
+          end
+        end
+
+        # Calculate cpu time for System Idle Process
+        # @return [Integer] system idle time in seconds
+        def system_idle_time
+          WmiCli.new.query("SELECT KernelModeTime FROM Win32_Process WHERE ProcessId = '0'").each do |idle|
+            return (idle.properties[:kernelmodetime].to_i / 10000000)
+          end
+          return nil
+        end
+
+        # Calculate %CPU usage per process
+        # @param cpu_time [String/Integer] CPU time consumed by process since system boot
+        # @return [String] %CPU usage per process since system boot
+        def cpu_percent(cpu_time)
+          if !cpu_time.zero?
+            return (( cpu_time.to_f  / @system_idle_time.to_f) * 100).round(2).to_s
+          else
+            return "0.0"
+          end
+        end
+
+        # Reports processor use time, in seconds, for each process running on a computer.
+        # @see https://msdn.microsoft.com/en-us/library/windows/desktop/aa394599(v=vs.85)
+        # @param args [Hash] attributes
+        # @option opt [String/Integer] User Mode Time
+        # @option opt [String/Integer] Kernel Mode Time
+        # @return [Integer] processor time for a process in seconds
+        def cpu_time(args)
+          return ((args[:usermodetime].to_i + args[:kernelmodetime].to_i) / 10000000)
+        end
+      end
+    end
+  end
+end

data/lib/hawatel_ps/windows/proc_info.rb

@@ -0,0 +1,51 @@
+module HawatelPS
+  module Windows
+    class ProcInfo < ProcControl
+      # Process instance with attributes of that process
+      # @param proc_attrs [Hash] attributes of the process
+      # @return [void]
+      def initialize(proc_attrs)
+        @proc_attrs = proc_attrs
+        define_attributes(proc_attrs)
+      end
+
+      # Make attributes of public.
+      # Access to process attribute from an object instance by index of array.
+      # @example
+      #   p = ProcInfo.new(proc_attrs)
+      #   puts p['processid']
+      def [](key)
+        key = key.to_s.downcase.to_sym if !key.is_a?(Symbol)
+        @proc_attrs[key.downcase]
+      end
+
+      # Calls the given block once for each element in self, passing that element as a parameter.
+      # @param &block
+      # @example print all attributes of process
+      #   p = ProcInfo.new(proc_attrs)
+      #   proc.each {|key, val| puts "#{key} - #{val}"}
+      # @return An Enumerator is returned if no block is given.
+      def each(&block)
+        @proc_attrs.each(&block)
+      end
+
+      # @see ProcInfo#define_attributes
+      def metaclasses
+        class << self; self; end
+      end
+
+      private
+      # Make attributes of public.
+      # Access  to process attribute from an object instance by public method where names of attributes are methods.
+      # @example
+      #   p = ProcInfo.new(proc_attrs)
+      #   puts p.processid
+      def define_attributes(hash)
+        hash.each_pair do |key, value|
+          metaclasses.send(:attr_reader, key.to_sym)
+          instance_variable_set("@#{key}", value)
+        end
+      end
+    end
+  end
+end

data/lib/hawatel_ps/windows/proc_table.rb

@@ -0,0 +1,138 @@
+module HawatelPS
+  module Windows
+    class ProcTable
+      class << self
+
+        # Return attributes of searched process based on pid
+        # @example
+        #   search_by_pid(1761)
+        # @param [Integer] pid of process
+        # @return [ProcInfo]
+        def search_by_pid(pid)
+          find_by_pid(pid)
+          @proc_table.each do |process|
+            return process if process.processid.to_s == pid.to_s
+          end
+          return nil
+        end
+
+
+        # Return attributes of searched process based on name or cmdline
+        # @example
+        #   search_by_name('java.exe')
+        #   search_by_name('/^regex/')
+        # @param process_name[String] name of process
+        # @return [Array<ProcInfo>]
+        def search_by_name(process_name)
+          if process_name =~ /^\/.*\/$/
+            process_name.slice!(0)
+            process_name = Regexp.new(/#{process_name.chop}/)
+            find_all
+          else
+            find_by_name(process_name)
+          end
+
+          process_list = Array.new
+
+          @proc_table.each do |process|
+            if process_name.is_a? Regexp
+              process_list << process if process.name =~ process_name || process.commandline =~ process_name
+            else
+              process_list << process if process.name.to_s.downcase == "#{process_name.to_s.downcase}" || process.commandline.to_s.downcase == "#{process_name.to_s.downcase}"
+            end
+          end
+
+          process_list = nil if process_list.empty?
+
+          return process_list
+        end
+
+        # Return attributes of searched by process
+        #
+        # @example
+        #   search_by_condition(:attrs => 'workingsetsize', :oper => '<', value => '10000')
+        #
+        # @param args[Hash] attributes for search condition
+        #   @attrs [String], name of process attribute (first expression for if)
+        #   @oper  [String], operatator, available options: >,<,>=,<=,==,!=
+        #   @value [String], value comparable (second expression for if)
+        #
+        # @return [Array<ProcInfo>]
+        def search_by_condition(args)
+          find_all
+
+          attrs = args[:attr]
+          oper  = args[:oper]
+          value = args[:value]
+          process_list = Array.new
+          @proc_table.each do |process|
+            if oper == '>'
+              process_list << process if process[:"#{attrs}"] > value
+            elsif oper == '<'
+              process_list << process if process[:"#{attrs}"] < value
+            elsif oper == '>='
+              process_list << process if process[:"#{attrs}"] >= value
+            elsif oper == '<='
+              process_list << process if process[:"#{attrs}"] <= value
+            elsif oper == '=='
+              process_list << process if process[:"#{attrs}"] == value
+            elsif oper == '!='
+              process_list << process if process[:"#{attrs}"] != value
+            end
+          end
+
+          process_list = nil if process_list.empty?
+
+          return process_list
+        end
+
+        # Return all process instances
+        # @return [Array<ProcInfo>]
+        def proc_table
+          find_all
+          return @proc_table
+        end
+
+        private
+        # Refresh processes array by pid
+        def find_by_pid(pid)
+          @proc_table = Array.new
+          ProcFetch.get_process(:processid => pid).each do |proc_attrs|
+            @proc_table.push(ProcInfo.new(proc_attrs))
+          end
+          childs_tree
+        end
+
+        # Refresh processes array by name
+        def find_by_name(name)
+          @proc_table = Array.new
+          ProcFetch.get_process({:name => name}).each do |proc_attrs|
+            @proc_table.push(ProcInfo.new(proc_attrs))
+          end
+          childs_tree
+        end
+
+        # Refresh processes array
+        def find_all
+          @proc_table = Array.new
+          ProcFetch.get_process.each do |proc_attrs|
+            @proc_table.push(ProcInfo.new(proc_attrs))
+          end
+          childs_tree
+        end
+
+        # Get process childs
+        def childs_tree
+          @proc_table.each do |proc_parent|
+            @proc_table.each do |proc_child|
+              if proc_parent.processid === proc_child.parentprocessid
+                proc_parent[:childs].push(proc_child)
+              end
+            end
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/hawatel_ps/windows/wmi/wmi_cli.rb

@@ -0,0 +1,65 @@
+require 'win32ole'
+require 'hawatel_ps/windows/wmi/wmi_instance'
+require 'hawatel_ps/windows/wmi/wmi_exception'
+
+module HawatelPS
+  module Windows
+    ##
+    # = Windows Management Instrumentation Client
+    #
+    # This is wrapper for WMI with limited functionalities (only call queries)
+    class WmiCli
+      # Init WMI namespace
+      # @param namespace [String] WMI namespace
+      def initialize(namespace = nil)
+        @namespace = namespace.nil? ? 'root/cimv2' : namespace
+        @session = nil
+      end
+
+      # Call WMI query
+      # @param wql_query [String] WMI Query Language string
+      # @example
+      #   WmiCli.new.query('SELECT * FROM Win32_Process')
+      # @raise [WmiCliException] if WQL Query is wrong
+      # @return [WmiCli::Instance]
+      def query(wql_query)
+        connect_to_namespace
+        results = @session.ExecQuery(wql_query)
+
+        wmi_ole_instances = create_wmi_ole_instances(results)
+      rescue WIN32OLERuntimeError => ex
+        raise WmiCliException, :exception => ex, :message => "Wrong result from WQL Query = '#{wql_query}'."
+      end
+
+      private
+
+      # Connect to the WMI on the local server
+      # @example
+      #   connect_to_namespace
+      # @raise [WIN32OLERuntimeError] if problem with connection to the local server
+      # @return [WIN32OLE]
+      def connect_to_namespace
+        if @session.nil?
+          locator = WIN32OLE.new("WbemScripting.SWbemLocator")
+          @session = locator.ConnectServer('.', @namespace)
+        end
+      rescue WIN32OLERuntimeError => ex
+        raise WmiCliException, :exception => ex, :message => "Cannot connect to namespace '#{@namespace}'."
+      end
+
+      # Create the WMI32OLE instance from a data set.
+      # @param dataset [WMI32OLE] List of WMI objects
+      # @example
+      #   results = @session.ExecQuery(wql_query)
+      #   wmi_ole_instances = create_wmi_ole_instances(results)
+      # @return [Array<WmiCli::Instance>]
+      def create_wmi_ole_instances(dataset)
+        instances = []
+        dataset.each do |wmi_object|
+          instances.push(Instance.new(wmi_object))
+        end
+        instances
+      end
+    end
+  end
+end

data/lib/hawatel_ps/windows/wmi/wmi_exception.rb

@@ -0,0 +1,23 @@
+module HawatelPS
+  module Windows
+    class WmiCliException < Exception
+      # Custom exception
+      # @param args [Hash] the options to create a custom exception message
+      # @option :exception [Exception] Native Exception object
+      # @option :message [String] Custom message
+      # @return [void]
+      def initialize(args = {:exception => nil, :message => nil})
+        super(exception_enrichment(args))
+      end
+
+      private
+      def exception_enrichment(args)
+        error_message = ''
+        error_message += args[:message] unless args[:message].nil?
+        error_message +=
+            "\nNative exception from '#{args[:exception].class}':\n#{args[:exception].message}" unless args[:exception].nil?
+        return error_message
+      end
+    end
+  end
+end

data/lib/hawatel_ps/windows/wmi/wmi_instance.rb

@@ -0,0 +1,56 @@
+module HawatelPS
+  module Windows
+    class WmiCli
+      ##
+      # = Instance of Windows Management Instrumentation client
+      #
+      # Container of single WIN32OLE object wih parameters of this object
+      #
+      # @!attribute [r] wmi_ole_object
+      #   @return [WIN32OLE] WMI Object
+      # @!attribute [r] properties
+      #   @return [Hash] Properties from WIN32OLE object
+      class Instance
+        attr_reader :wmi_ole_object, :properties
+
+        # Create instance of WmiClient class with WIN32OLE object
+        # @param wmi_ole_object [WIN32OLE] Single WMI32OLE object
+        def initialize(wmi_ole_object)
+          @wmi_ole_object = wmi_ole_object
+          @properties = extract_props_to_hash(wmi_ole_object)
+        end
+
+        # Execute WIN32OLE method
+        # @see https://msdn.microsoft.com/en-us/library/windows/desktop/aa393774
+        # @param name [String] WMI method name assigned to WIN32OLE object
+        # @example Object if from Win32_Process class and it has 'GetOwner' method
+        #   wmi_object.execMethod('GetOwner')
+        # @return [WIN32OLE]
+        def execMethod(name)
+          result = @wmi_ole_object.execMethod_(name) if @wmi_ole_object.ole_respond_to?('execMethod_')
+        rescue WIN32OLERuntimeError => ex
+          raise WmiCliException, :exception => ex, :message => "Cannot invoke execMethod_('#{name}')"
+        end
+
+        private
+
+        # Get property from WIN32OLE object
+        # @param wmi_object [WIN32OLE] WMI object
+        # @example
+        #   extract_props_to_hash(wmi_object)
+        # @return [Hash]
+        def extract_props_to_hash(wmi_obj)
+          properties = {}
+          #binding.pry
+          if wmi_obj.ole_respond_to?('properties_')
+            wmi_obj.properties_.each do |property|
+              properties[property.name.downcase.to_sym] = property.value
+            end
+            properties.freeze
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/hawatel_ps/windows.rb

@@ -0,0 +1,5 @@
+require 'hawatel_ps/windows/proc_fetch'
+require 'hawatel_ps/windows/proc_control'
+require 'hawatel_ps/windows/proc_info'
+require 'hawatel_ps/windows/proc_table'
+require 'hawatel_ps/windows/wmi/wmi_cli'

data/lib/hawatel_ps.rb

@@ -0,0 +1,34 @@
+require "hawatel_ps/version"
+require "hawatel_ps/linux" if RUBY_PLATFORM =~ /linux/
+require "hawatel_ps/windows" if RUBY_PLATFORM =~ /mswin|msys|mingw|cygwin|bccwin|wince|emc/
+require "hawatel_ps/shared/hawatelps_exception"
+
+module HawatelPS
+
+  def self.search_by_pid(pid)
+    HawatelPS::platform::ProcTable.search_by_pid(pid)
+  end
+
+  def self.search_by_name(name)
+    HawatelPS::platform::ProcTable.search_by_name(name)
+  end
+
+  def self.search_by_condition(args)
+    HawatelPS::platform::ProcTable.search_by_condition(args)
+  end
+
+  def self.proc_table
+    HawatelPS::platform::ProcTable.proc_table
+  end
+
+  def self.platform
+    if RUBY_PLATFORM =~ /linux/
+      Linux
+    elsif RUBY_PLATFORM =~ /mswin|msys|mingw|cygwin|bccwin|wince|emc/
+      Windows
+    else
+      raise HawatelPSException.new({:message => "Your OS(#{RUBY_PLATFORM}) is not supported!"})
+    end
+  end
+
+end

data/spec/hawatel_ps_spec.rb

@@ -0,0 +1,11 @@
+require 'spec_helper'
+
+describe HawatelPs do
+  it 'has a version number' do
+    expect(HawatelPs::VERSION).not_to be nil
+  end
+
+  it 'does something useful' do
+    expect(false).to eq(true)
+  end
+end

data/spec/linux/bdd/proc_spec.rb

@@ -0,0 +1,54 @@
+require 'spec_helper'
+
+describe HawatelPS::Linux::ProcFetch do
+
+  it "list processes" do
+    processes = HawatelPS.proc_table
+    processes.each do |process|
+      expect(process.pid).to be_a_kind_of(Integer)
+    end
+    expect(processes.size).to be >= 2
+  end
+
+  it "search process by pid" do
+    pid = child(5)
+    process = HawatelPS.search_by_pid(pid)
+    expect(process[:pid]).to eq(pid)
+  end
+
+  it "search process by name" do
+    pid = child(5)
+    child_exist = 0
+    processes = HawatelPS.search_by_name('/ruby/')
+    processes.each do |process|
+      child_exist= 1 if process.pid == pid
+    end
+    expect(processes.size).to be >= 1
+    expect(child_exist).to eq(1)
+  end
+
+  it "search process by condition" do
+    processes = HawatelPS.search_by_condition(:attr => 'pid', :oper => '>', :value => '1'  )
+    expect(processes.size).to be >= 2
+  end
+
+  it "suspend & resume and terminate process" do
+    pid = child(5)
+    process = HawatelPS.search_by_pid(pid)
+    suspend_status = process.suspend
+    resume_status = process.resume
+    terminate_status = process.terminate
+    expect(suspend_status).to eq('stopped')
+    expect(resume_status).to match(/(sleeping|running)/)
+    expect(terminate_status).to match(/(terminated|zombie)/)
+  end
+
+end
+
+private
+  def child(timeout)
+    pid = fork do
+      sleep(timeout)
+      exit
+    end
+  end