diff --git a/Core/src/org/sleuthkit/autopsy/coreutils/PlatformUtil.java b/Core/src/org/sleuthkit/autopsy/coreutils/PlatformUtil.java index fada0b0eab6d613a924aae5f82c7ac6649444e05..13d574bc673925f4a1a815af1a2f8ea76e8b6953 100644 --- a/Core/src/org/sleuthkit/autopsy/coreutils/PlatformUtil.java +++ b/Core/src/org/sleuthkit/autopsy/coreutils/PlatformUtil.java @@ -20,11 +20,13 @@ import java.io.BufferedInputStream; import java.io.BufferedOutputStream; +import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; +import java.io.InputStreamReader; import java.io.OutputStream; import java.lang.management.ManagementFactory; import java.lang.management.MemoryMXBean; @@ -37,8 +39,6 @@ import java.util.List; import javax.swing.filechooser.FileSystemView; import org.apache.commons.io.FilenameUtils; -import org.hyperic.sigar.Sigar; -import org.hyperic.sigar.ptql.ProcessFinder; import org.openide.modules.InstalledFileLocator; import org.openide.modules.Places; import org.openide.util.NbBundle; @@ -60,7 +60,6 @@ public class PlatformUtil { public static final String OS_VERSION_UNKNOWN = NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.verUnknown"); public static final String OS_ARCH_UNKNOWN = NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.archUnknown"); private static volatile long pid = -1; - private static volatile Sigar sigar = null; private static volatile MemoryMXBean memoryManager = null; /** @@ -238,7 +237,7 @@ public static String getUserConfigDirectory() { public static String getModuleConfigDirectory() { return Paths.get(getUserConfigDirectory(), "ModuleConfig").toString(); } - + /** * Get log directory path * @@ -504,25 +503,8 @@ private static boolean canReadDrive(String diskPath) { * @return PID of this process or -1 if it couldn't be determined */ public static synchronized long getPID() { - - if (pid != -1) { - return pid; - } - - try { - if (sigar == null) { - sigar = org.sleuthkit.autopsy.corelibs.SigarLoader.getSigar(); - } - if (sigar != null) { - pid = sigar.getPid(); - } else { - System.out.println(NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.getPID.sigarNotInit.msg")); - } - } catch (Exception e) { - System.out.println(NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.getPID.gen.msg", e.toString())); - } - return pid; - + // taken from https://stackoverflow.com/a/7303433/2375948 + return ProcessHandle.current().pid(); } /** @@ -536,56 +518,90 @@ public static synchronized long getPID() { * @return PID of a java process or -1 if it couldn't be determined */ public static synchronized long getJavaPID(String sigarSubQuery) { - long jpid = -1; - final String sigarQuery = "State.Name.sw=java," + sigarSubQuery; //NON-NLS - try { - if (sigar == null) { - sigar = org.sleuthkit.autopsy.corelibs.SigarLoader.getSigar(); - } - if (sigar != null) { - ProcessFinder finder = new ProcessFinder(sigar); - jpid = finder.findSingleProcess(sigarQuery); - } else { - System.out.println(NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.getJavaPID.sigarNotInit.msg")); - } - } catch (Exception e) { - System.out.println( - NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.getJavaPID.gen.msg", sigarQuery, e.toString())); - } - return jpid; - + long[] pids = getJavaPIDs(sigarSubQuery); + return pids == null || pids.length < 1 + ? -1 + : pids[0]; } /** * Query and get PIDs of another java processes matching a query * - * @param sigarSubQuery a sigar subquery to identify a java processes among - * other java processes, for example, by class name, - * use: Args.*.eq=org.jboss.Main more examples here: - * http://support.hyperic.com/display/SIGAR/PTQL + * @param argsSubQuery A like query for command line arguments * * @return array of PIDs of a java processes matching the query or null if * it couldn't be determined */ - public static synchronized long[] getJavaPIDs(String sigarSubQuery) { - long[] jpids = null; - final String sigarQuery = "State.Name.sw=java," + sigarSubQuery; //NON-NLS + public static synchronized long[] getJavaPIDs(String argsSubQuery) { try { - if (sigar == null) { - sigar = org.sleuthkit.autopsy.corelibs.SigarLoader.getSigar(); + if (isWindowsOS()) { + Process process = Runtime.getRuntime().exec("wmic process where \"name='java.exe' AND commandline LIKE '%" + argsSubQuery + "%'\" get ProcessID"); + BufferedReader reader + = new BufferedReader(new InputStreamReader(process.getInputStream())); + List<String> lines = new ArrayList<>(); + String line = null; + while ((line = reader.readLine()) != null) { + lines.add(line); } - if (sigar != null) { - ProcessFinder finder = new ProcessFinder(sigar); - jpids = finder.find(sigarQuery); - } else { - System.out.println(NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.getJavaPIDs.sigarNotInit")); + + return lines.stream().skip(1).map(ln -> { + if (ln == null || ln.trim().isEmpty()) { + return null; + } + + try { + return Long.parseLong(ln.trim()); + } catch (NumberFormatException ex) { + return null; + } + }) + .filter(num -> num != null) + .mapToLong(l -> l) + .toArray(); + + } else { + String sigarRegexQuery = argsSubQuery == null ? "" : argsSubQuery.replaceAll("_", ".").replaceAll("%", ".*"); + Process process = Runtime.getRuntime().exec("ps -ef | grep -E 'java.*" + sigarRegexQuery + "'"); + BufferedReader reader + = new BufferedReader(new InputStreamReader(process.getInputStream())); + List<String> lines = new ArrayList<>(); + String line = null; + while ((line = reader.readLine()) != null) { + lines.add(line); } - } catch (Exception e) { - System.out.println( - NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.getJavaPIDs.gen.msg", sigarQuery, e.toString())); + + if (lines.size() > 0) { + // ignore last one as it will be the same as this command + lines.remove(lines.size() - 1); + } + + return lines.stream().skip(1).map(ln -> { + if (ln == null || ln.trim().isEmpty()) { + return null; + } + + ln = ln.trim(); + + String[] pieces = ln.split("\\s*"); + if (pieces.length < 2) { + return null; + } + + try { + return Long.parseLong(pieces[1]); + } catch (NumberFormatException ex) { + return null; + } + }) + .filter(num -> num != null) + .mapToLong(l -> l) + .toArray(); + } + } catch (IOException ex) { + System.out.println("An exception occurred while fetching java pids with query: " + argsSubQuery); + ex.printStackTrace(); + return null; } - return jpids; - } /** @@ -594,20 +610,16 @@ public static synchronized long[] getJavaPIDs(String sigarSubQuery) { * @param pid pid of the process to kill */ public static synchronized void killProcess(long pid) { + String cmd = isWindowsOS() + ? "taskkill /F /PID " + pid + : "kill " + pid; + try { - if (sigar == null) { - sigar = org.sleuthkit.autopsy.corelibs.SigarLoader.getSigar(); - } - if (sigar != null) { - sigar.kill(pid, 9); - } else { - System.out.println(NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.killProcess.sigarNotInit.msg")); - } - } catch (Exception e) { - System.out.println( - NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.killProcess.gen.msg", pid, e.toString())); + Runtime.getRuntime().exec(cmd); + } catch (IOException ex) { + System.out.println("An exception occurred while killing process pid: " + pid); + ex.printStackTrace(); } - } /** @@ -616,23 +628,8 @@ public static synchronized void killProcess(long pid) { * @return virt memory used in bytes or -1 if couldn't be queried */ public static synchronized long getProcessVirtualMemoryUsed() { - long virtMem = -1; - - try { - if (sigar == null) { - sigar = org.sleuthkit.autopsy.corelibs.SigarLoader.getSigar(); - } - - if (sigar == null || getPID() == -1) { - System.out.println(NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.getProcVmUsed.sigarNotInit.msg")); - return -1; - } - virtMem = sigar.getProcMem(getPID()).getSize(); - } catch (Exception e) { - System.out.println(NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.getProcVmUsed.gen.msg", e.toString())); - } - - return virtMem; + // taken from https://stackoverflow.com/a/17376879/2375948 + return Runtime.getRuntime().totalMemory() - Runtime.getRuntime().freeMemory(); } /** diff --git a/CoreLibs/src/org/sleuthkit/autopsy/corelibs/SigarLoader.java b/CoreLibs/src/org/sleuthkit/autopsy/corelibs/SigarLoader.java deleted file mode 100644 index 499594309768350dda8a7f07e141b501c0ad36b8..0000000000000000000000000000000000000000 --- a/CoreLibs/src/org/sleuthkit/autopsy/corelibs/SigarLoader.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Autopsy Forensic Browser - * - * Copyright 2013 Basis Technology Corp. - * Contact: carrier <at> sleuthkit <dot> org - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.sleuthkit.autopsy.corelibs; - -import org.apache.commons.lang3.SystemUtils; -import org.hyperic.sigar.Sigar; -import org.openide.util.NbBundle; - -/** - * Wrapper over Sigar instrumentation class to facilitate dll loading. Our setup - * bypasses Sigar library loader which does not work well for netbeans - * environment We are responsible for loading the library ourselves. - */ -public class SigarLoader { - - private static volatile Sigar sigar; - - static { - //bypass the process of validation/loading of the library by sigar jar - System.setProperty("org.hyperic.sigar.path", "-"); - //System.setProperty(org.hyperic.sigar.SigarLoader.PROP_SIGAR_JAR_NAME, "sigar-1.6.4.jar"); - } - - public static Sigar getSigar() { - if (sigar == null) { - synchronized (SigarLoader.class) { - if (sigar == null) { - try { - //rely on netbeans / jna to locate the lib variation for architecture/OS - if (SystemUtils.IS_OS_WINDOWS) { - System.loadLibrary("libsigar"); //NON-NLS - } else { - System.loadLibrary("sigar"); //NON-NLS - } - sigar = new Sigar(); - sigar.enableLogging(false); //forces a test - - } catch (UnsatisfiedLinkError ex) { - String msg = NbBundle.getMessage(SigarLoader.class, "SigarLoader.linkErr.msg"); - System.out.println(msg + ex.toString()); - } catch (Exception ex) { - String msg = NbBundle.getMessage(SigarLoader.class, "SigarLoader.linkErr.msg"); - System.out.println(msg + ex.toString()); - } - } - } - } - - return sigar; - } -} diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java index c47a7bd23ec6a0d5e79ad258e4b109c002984dc5..7d68bcbf3ffdfd257b1597506fa1fe715015f241 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java @@ -583,7 +583,7 @@ List<Long> getSolrPIDs() { List<Long> pids = new ArrayList<>(); //NOTE: these needs to be in sync with process start string in start() - final String pidsQuery = "Args.*.eq=-DSTOP.KEY=" + KEY + ",Args.*.eq=start.jar"; //NON-NLS + final String pidsQuery = "-DSTOP.KEY=" + KEY + "%start.jar"; //NON-NLS long[] pidsArr = PlatformUtil.getJavaPIDs(pidsQuery); if (pidsArr != null) {