Zabbix agent for Win 2.4.1.
Win2008(x64), win8(x64), win2012(x64).

could this be the same as ZBX-9143 ?

yes. it is the same.
And some new details:
If zabbix agent launched as service from domain account, then it does not see:

• windows services, which launched from Local System account,
• and all tree child processes of this services.

Thansk for reporting it, this will be fixed in ZBX-9143.

in ZBX-9143 resolved only part of this issue.

Resolved for proc.num[].
But not resolved for proc_info[].

Please reopen this issue.

I tried to resolve both issues in ZBX-9143. Did you try the binaries?

I have changed the title of this issue to reflect proc_info only.

I have found out that behavior of our current functionality to get process information (for proc_info) on Windows e. g 2000 and 2008 acts differently. Namely, it depends on requested access rights when calling OpenProcess(). According to

https://msdn.microsoft.com/en-us/library/windows/desktop/ms684880(v=vs.85).aspx

for older versions (up to, including, Windows Server 2003 and Windows XP) we must use PROCESS_QUERY_INFORMATION access rights, for newer versions it is enough to request PROCESS_QUERY_LIMITED_INFORMATION . On newer Windows version the latter allows us collecting more information about the processes we do not own.

We'll think on how to implement it properly and then provide the solution.

Attached binaries for testing (x86 and x64). It would be great if you could test it.

Example usage, x64 version:

zabbix_agentd_fixed_x64.exe -c \zabbix_agentd.conf -t proc_info[ragent.exe,wkset,sum]

Example usage, x86 version:

zabbix_agentd_fixed.exe -c \zabbix_agentd.conf -t proc_info[ragent.exe,wkset,sum]

I have tested attached yesterday binary x64 on win2012x64.
Method "proc_info2" is working and receives data from system processes, which run from Local System account.

Ah, thanks. I have re-attached the binaries that are just usual agents with fixed code. These do not contain test item proc_num2. These should work for both, Windows versions up to XP (or Server 2003) as well as later versions.

I have tested latest binary_x64 on win2012x64.
Methods proc_info and proc.num are working.

I found a new problem with proc_info with right:
Method proc_info works only if zabbix agent account is administrator group member.
But if zabbix agent account is member of only "Pwrf Mon Users" and "Perf Log Users",
then proc_info returns zero
and proc.num returns correct data.
( tested latest binary_x64 on win2012x64)

If there are not enough rights we can't do anything.

When we just retrieve a list of names of running processes (proc.num) we don't need specific rights to every process. When we request information about a process (proc_info) we may hit denied access. This is why a certain process may be reported in proc.num but not proc_info.

Let's add some implementation details here.

Requesting information on a process is done on a process handle. A process handle is requested from operating system with desired access rights. Starting with Windows Vista (major version 6) Microsoft introduced new access right called PROCESS_QUERY_LIMITED_INFORMATION and since then that must be used in order to retrieve information supported by proc_info item.

Before:

• OpenProcess() was always called with PROCESS_QUERY_INFORMATION desired access, which caused "access denied" on newer versions of Windows

After:

• OpenProcess() is called with PROCESS_QUERY_INFORMATION on older versions of Windows (up to, including Windows XP and Server 2003) and PROCESS_QUERY_LIMITED_INFORMATION on newer versions

More information:

• https://msdn.microsoft.com/en-us/library/windows/desktop/ms684880(v=vs.85).aspx

Successfully tested

Fixed in pre-2.2.9 r52384, pre-2.4.5 r52385, pre-2.5.0 r52386.

(1) [D]

• 2.2.9 Daemon improvements
• 2.4.4 Daemon improvements

sasha CLOSED

I watched the fixed code, but it is not cool.

following should be put out of do ... while() loop.

DWORD access;
const OSVERSIONINFOEX *vi;

if (NULL == (vi = zbx_win_getversion()))

if (6 > vi->dwMajorVersion)

else
access = PROCESS_QUERY_LIMITED_INFORMATION;

Reopening to fix getting Windows version as suggested by [email protected].

(2) Version check out of loop fixed in development branch svn://svn.zabbix.com/branches/dev/ZBX-9283

Actually requesting Windows version from operating system is only done once anyway (this is how zbx_win_getversion() is implemented) but I agree, doing it in a loop is silly anyway. Thanks for that notice!

wiper CLOSED