I'm working on a small application and I need to find the PID of a process given the X11 window ID of its main window or child windows. I saw examples for doing such a conversion using _NET_WM_PID, but I cannot figure out how to do it without using it. The reason for not using _NET_WM_PID is that it's not implemented in all the available window managers and my application needs to work on any one of them (or at least on most of them). Could somebody help me please and give me some suggestion/directions on how to solve this issue? Thank you!
Unless your X-server supports XResQueryClientIds from X-Resource v1.2 extension I know no easy way to reliably request process ID. There're other ways however.
If you just have a window in front of you and don't know its ID yet — it's easy to find it out. Just open a terminal next to the window in question, run xwininfo there and click on that window. xwininfo will show you the window-id.
So let's assume you know a window-id, e.g. 0x1600045, and want to find, what's the process owning it.
The easiest way to check who that window belongs to is to run XKillClient for it i.e.:
xkill -id 0x1600045
and see what process have just died. Of course if you don't mind it to die.
Another easy but unreliable way is to check its _NET_WM_PID and WM_CLIENT_MACHINE properties:
xprop -id 0x1600045
That's what tools like xlsclients and xrestop do.
Unfortunately this information may be incorrect not only because the process was evil and changed those, but also because it was buggy. For example after some firefox crash/restart I've seen orphaned windows (from flash plugin, I guess) with _NET_WM_PID pointing to a process, that died long time ago.
Alternative way is to run
xwininfo -root -tree
and check properties of parents of the window in question. That may also give you some hints about window origins.
But! While you may not find what process have created that window, there's still a way to find where that process have connected to X-server from. And that way is for real hackers. :)
The window-id 0x1600045 that you know with lower bits zeroed (i.e. 0x1600000) is a "client base". And all resource IDs, allocated for that client are "based" on it (0x1600001, 0x1600002, 0x1600003, etc). X-server stores information about its clients in clients[] array, and for each client its "base" is stored in clients[i]->clientAsMask variable. To find X-socket, corresponding to that client, you need to attach to X-server with gdb, walk over clients[] array, find client with that clientAsMask and print its socket descriptor, stored in ((OsCommPtr)(clients[i]->osPrivate))->fd.
There may be many X-clients connected, so in order to not check them all manually, let's use a gdb function:
define findclient
set $ii = 0
while ($ii < currentMaxClients)
if (clients[$ii] != 0 && clients[$ii]->clientAsMask == $arg0 && clients[$ii]->osPrivate != 0)
print ((OsCommPtr)(clients[$ii]->osPrivate))->fd
end
set $ii = $ii + 1
end
end
When you find the socket, you can check, who's connected to it, and finally find the process.
WARNING: Do NOT attach gdb to X-server from INSIDE the X-server. gdb suspends the process it attaches to, so if you attach to it from inside X-session, you'll freeze your X-server and won't be able to interact with gdb. You must either switch to text terminal (Ctrl+Alt+F2) or connect to your machine over ssh.
Example:
Find the PID of your X-server:
$ ps ax | grep X
1237 tty1 Ssl+ 11:36 /usr/bin/X :0 vt1 -nr -nolisten tcp -auth /var/run/kdm/A:0-h6syCa
Window id is 0x1600045, so client base is 0x1600000. Attach to X-server and find client socket descriptor for that client base. You'll need debug information
installed for X-server (-debuginfo package for rpm-distributions or -dbg package for deb's).
$ sudo gdb
(gdb) define findclient
Type commands for definition of "findclient".
End with a line saying just "end".
> set $ii = 0
> while ($ii < currentMaxClients)
> if (clients[$ii] != 0 && clients[$ii]->clientAsMask == $arg0 && clients[$ii]->osPrivate != 0)
> print ((OsCommPtr)(clients[$ii]->osPrivate))->fd
> end
> set $ii = $ii + 1
> end
> end
(gdb) attach 1237
(gdb) findclient 0x1600000
$1 = 31
(gdb) detach
(gdb) quit
Now you know that client is connected to a server socket 31. Use lsof to find what that socket is:
$ sudo lsof -n | grep 1237 | grep 31
X 1237 root 31u unix 0xffff810008339340 8512422 socket
(here "X" is the process name, "1237" is its pid, "root" is the user it's running from, "31u" is a socket descriptor)
There you may see that the client is connected over TCP, then you can go to the machine it's connected from and check netstat -nap there to find the process. But most probably you'll see a unix socket there, as shown above, which means it's a local client.
To find a pair for that unix socket you can use the MvG's technique
(you'll also need debug information for your kernel installed):
$ sudo gdb -c /proc/kcore
(gdb) print ((struct unix_sock*)0xffff810008339340)->peer
$1 = (struct sock *) 0xffff810008339600
(gdb) quit
Now that you know client socket, use lsof to find PID holding it:
$ sudo lsof -n | grep 0xffff810008339600
firefox 7725 username 146u unix 0xffff810008339600 8512421 socket
That's it. The process keeping that window is "firefox" with process-id 7725
In general, it's not possible to find out the PID of a process that created a window. It may be that the process is running remotely on a machine, and it may be that the machine doesn't even have the notion of processes and PIDs.
If you don't trust anybody stored this information when the client was originally created, you will need to trace the connections yourself. Find out what kind of connection (socket etc) the client was using, find out where that connection ends, and find out which process holds that end. How to do that (and whether it is possible at all) is highly operating system dependent.
Back in 2004, Harald Welte posted a code snippet that wraps the XCreateWindow() call via LD_PRELOAD and stores the process id in _NET_WM_PID. This makes sure that each window created has a useful _NET_WM_PID entry.
http://www.mail-archive.com/devel#xfree86.org/msg05806.html
Related
I have both TCPView and Tcpvcon on my Windows 10 machine and I wonder how to get all the information (port numbers, etc.) displayed in TCPView in the output of the Tcpvcon program? TCPView has the process name, PID, protocol, remote address, remote port, etc. in its output to the GUI. Tcpvcon, on the other hand, only contains the process name, protocol, remote and local address. I would like to have all information that can be read in the TCPView GUI in the command line output of Tcpvcon (especially the port numbers). Tcpvcon seems to have only the three switches -a -c -n but no matter how I combine them, I do not reach my goal. Can anyone help me?
Below is a sample output when I use all three switches. In TCPView I see much more information about the specified process.
I was also very surprised that tcpvcon does not show port numbers (maybe we should ask Mark R. to add them ;-)
BUT you could use
netstat -a -o -n
or with an admin shell even
netstat -a -o -n -b
switches meaning:
-a ... Displays all active TCP connections and the TCP and UDP ports
on which the computer is listening.
-o ... Displays active TCP connections and includes the process ID (PID)
for each connection.
-n ... Displays active TCP connections, however, addresses and port numbers
are expressed numerically and no attempt is made to determine names.
-b ... Displays the executable involved in creating each connection or
listening port. (Note that this option can be time-consuming and
will fail unless you have sufficient permissions.)
To get all available switches just use netstat -? (there are other interesting ones) or https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/netstat
swobi
Up until the 2011 release of TCPVCON, it used to show port info.
The newer versions don't any more.
If you could get your hand on version 2.54, you would be able to get port info.
Tested with tcpvcon-v2.34 (I couldn't find 2.54) and it shows the ports but it doesn't show the process, all conections appear as from System. Also TCPV6 and UDPV6 are missing.
This is an example:
C:\WINDOWS\system32>"C:\My Program Files\TCPView-v4.13\tcpvcon-v2.34.exe" -a -c
TCP,System,-1,LISTENING,WXP-OR7507156:epmap,WXP-OR7507156:0
TCP,System,-1,LISTENING,WXP-OR7507156:microsoft-ds,WXP-OR7507156:0
TCP,System,-1,LISTENING,WXP-OR7507156:sms-rcinfo,WXP-OR7507156:0
TCP,System,-1,LISTENING,WXP-OR7507156:5040,WXP-OR7507156:0
TCP,System,-1,LISTENING,WXP-OR7507156:wsd,WXP-OR7507156:0
..
UDP,System,-1,,192.168.56.1:137,*:*
UDP,System,-1,,192.168.56.1:138,*:*
UDP,System,-1,,192.168.56.1:2177,*:*
UDP,System,-1,,192.168.56.1:5353,*:*
EDIT:
I correct myself. ASB was right.
I just got TCPView v2.54 and it does indeed show the application, the ports and also TCPV6 and UDPV6.
So I confirm that the "good" version is v2.54.
Tcpvcon.exe -a -c
TCPView v2.54 - TCP/UDP endpoint viewer
Copyright (C) 1998-2009 Mark Russinovich
Sysinternals - www.sysinternals.com
TCP,dnscrypt-proxy.exe,4188,LISTENING,WXP-XXX:domain,WXP-XXX:0
TCP,[System Process],0,TIME_WAIT,WXP-XXX:domain,localhost:62240
..
UDP,Teams.exe,12632,*,WXP-XXX:58950,*:*
TCPV6,svchost.exe,1232,LISTENING,wxp-XXX:135,wxp-XXX:0
..
UDPV6,svchost.exe,19712,*,wxp-XXX:50836,*:*
UDPV6,System,4,*,wxp-XXX:56736,*:*
To display the port numbers (and the process names) you need the old v2.54 version of tcpvcon.exe
This SysinternalsSuite.zip Archive from the Wayback Machine contains this version:
https://web.archive.org/web/20100201154325/http://download.sysinternals.com/Files/SysinternalsSuite.zip
hello I'm using PyWinRM to poll a remote windows server.
s = winrm.Session('10.10.10.10', auth=('administrator', 'password'))
As there is no s.close() function available, I am worried about leaking file descriptors.
I've checked by using lsof -p <myprocess> | wc -l and my fd count is stable
but my google searches show that ansible had fd leaks previously; ansible relies on pywinrm to manage remote window hosts as well
kindly advice, thanks!
Actually, I had a quick look at the code of wirm (as of 20201117)
and the "Session" is not an actual session in the traditional sense, but only an object holding the creds to authenticate.
Each time run_cmd or run_ps is invoked, a session in opened on the target and closed on completion of the task. So there's nothing to close, really.
Is there a way to close/kill " < app> quit unexpectedly" window from terminal or bash script? What's the process name?
(AppleScript automation solutions are not acceptible.)
You can:
killall UserNotificationCenter
It will kill the UserNotificationCenter (an ALL it's opened windows too), so the message disappears. (Don't worry, the next error message will start is again automatically.)
But, (IMHO) it is better to use the osascript command in a form:
osascript -l JavaScript <<EOS
... apple-scripting using JavaScript ...
EOS
IMHO JavaScript is much easier to understand (for an common programmer) as the "standard" applescript.
You can disable it appearing in the first place by:
defaults write com.apple.CrashReporter DialogType none
Other possible values are developer† (show stack traces for all processes) and crashreport (the default).
This also means that no entries will be written to the Console.app though. The dialog itself is shown by the UserNotificationCenter and can be disabled (along with many other notifications) by:
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.UserNotificationCenter.plist
Some context:
Mach has a concept of exception ports. Each thread/process has a task, process and a host exception port, which are checked when an exception occurs. The CrashReporter daemon registers the host exception port and gets activated when no other signal handler ran. It then creates a stack trace and memory map of the process and instructs the UserNotificationCenter to show it. By default it only does so for GUI applications.
On High Sierra, I had to use defaults write com.apple.CrashReporter -string "developer"
I am not sure if apple hast the same core utilities, but I come from the unix world too.
for example: the solution would be to find the process id via name. on my linux system I can use the following to find a process id...
ps -aux
An other variation would be top. both give a ton of information and I have to filter the code with grep.
After that I would filter the string via cut or sed.
last but not least the kill command.
the script should look some like this ...
#!/bin/sh
PNAME="< app> quit unexpectedly"
ps -aux | grep "$PNAME" | cut -d" " -f2 | kill
but be warned, this script can make huge damage if u dont know how to use it.
To be hornest I would never use some like this, instead would execute kill manually..
I'm having python application which needs to execute proprietary application (which crashes from time to time) about 20 000 times a day.
The problem is when application crashes, Windows automatically triggers WerFault which will keep program hanging, thus python's subprocess.call() will wait forever for user input (that application has to run on weekends, on holidays, 24/7... so this is not acceptable).
If though about using sleep; poll; kill; terminate but that would mean losing ability to use communicate(), application can run from few miliseconds to 2 hours, so setting fixed timeout will be ineffective
I also tried turning on automatic debugging (use a script which would take a crash dump of an application and terminate id), but somehow this howto doesn't work on my server (WerFault still appears and waits for user input).
Several other tutorials like this didn't take any effect either.
Question:
is there a way how to prevent WerFault from displaying (waiting for user input)? this is more system then programming question
Alternative question: is there a graceful way in python how to detect application crash (whether WerFault was displayed)
Simple (and ugly) answer, monitor for WerFault.exe instances from time to time, specially the one associated with the PID of the offending application. And kill it. Dealing with WerFault.exe is complicated but you don't want to disable it -- see Windows Error Reporting service.
Get a list of processes by name that match WerFault.exe. I use psutil package. Be careful with psutil because processes are cached, use psutil.get_pid_list().
Decode its command line by using argparse. This might be overkill but it leverages existing python libraries.
Identify the process that is holding your application according to its PID.
This is a simple implementation.
def kill_proc_kidnapper(self, child_pid, kidnapper_name='WerFault.exe'):
"""
Look among all instances of 'WerFault.exe' process for an specific one
that took control of another faulting process.
When 'WerFault.exe' is launched it is specified the PID using -p argument:
'C:\\Windows\\SysWOW64\\WerFault.exe -u -p 5012 -s 68'
| |
+-> kidnapper +-> child_pid
Function uses `argparse` to properly decode process command line and get
PID. If PID matches `child_pid` then we have found the correct parent
process and can kill it.
"""
parser = argparse.ArgumentParser()
parser.add_argument('-u', action='store_false', help='User name')
parser.add_argument('-p', type=int, help='Process ID')
parser.add_argument('-s', help='??')
kidnapper_p = None
child_p = None
for proc in psutil.get_pid_list():
if kidnapper_name in proc.name:
args, unknown_args = parser.parse_known_args(proc.cmdline)
print proc.name, proc.cmdline
if args.p == child_pid:
# We found the kidnapper, aim.
print 'kidnapper found: {0}'.format(proc.pid)
kidnapper_p = proc
if psutil.pid_exists(child_pid):
child_p = psutil.Process(child_pid)
if kidnapper_p and child_pid:
print 'Killing "{0}" ({1}) that kidnapped "{2}" ({3})'.format(
kidnapper_p.name, kidnapper_p.pid, child_p.name, child_p.pid)
self.taskkill(kidnapper_p.pid)
return 1
else:
if not kidnapper_p:
print 'Kidnapper process "{0}" not found'.format(kidnapper_name)
if not child_p:
print 'Child process "({0})" not found'.format(child_pid)
return 0
Now, taskkill function invokes taskkill commmand with correct PID.
def taskkill(self, pid):
"""
Kill task and entire process tree for this process
"""
print('Task kill for PID {0}'.format(pid))
cmd = 'taskkill /f /t /pid {0}'.format(pid)
subprocess.call(cmd.split())
I see no reason as to why your program needs to crash, find the offending piece of code, and put it into a try-statement.
http://docs.python.org/3.2/tutorial/errors.html#handling-exceptions
I'm trying to write a shell script that automates certain startup tasks based on my location (home/campusA/campusB). I go to University and take classes in two different campuses (hence campusA/campusB). My location is determined by which wireless network I'm connected to. For the purposes of this script, we can assume that I will be connected to one of these networks when the script is called and my script knows which one I'm connected to based on a call to iwconfig.
This is what I want it to do:
cat file1 > file2 # always do this, regardless of where I am
if Im at home:
start tweetdeck, thunderbird, skype
else if Im at campusA:
activate the login script # I need to login on a webform before I get internet access.
# I have written a script to automate this.
# Wait for this script to finish before doing anything else
myProg2 & # I want myProg2 running in the background until I shutdown my computer.
else if Im at campusB:
ssh username#domain # this is the problematic line
myProg2 & # I want myProg2 running in the background until I shutdown my computer.
start tweetdeck, thunderbird
close the terminal with the "exit" command
The problem is that campusB's wireless network is behind a firewall, which grants me internet access ONLY after I successfully ssh by username#domain. After a successful ssh, I need to keep the terminal window active in order to hold keep the internet access. If I close the terminal window, I lose internet access (this is bad).
When I try doing just ssh username#domain, the script stops because I don't exit the ssh command. I can't ^C out of it, which means that the rest of the script is never executed. I also have the same problem if I just close the terminal window in an attempt to kill the ssh session.
Some googling brought me to subshell, which I'm either using wrong or can't use to solve my problem. So how should I go about solving this problem? I'd appreciate any help - I've been at this for a while now and am unable to find anything helpful. If it makes a difference, I'd rather not store my ssh password in the script
Further, ampersanding the ssh call (ssh username#domain &) doesn't seem to do any good (can anyone explain why?)
Thank you in advance
EDIT
I must clarify, that the ssh connection has to be active in order for me to have internet access. Thus, when I close the terminal window, I need the ssh connection to still be active.
I had a script that looped on 6 servers, calling via ssh in the background. In 1 part of the script, there was a mis-behaving vendor application; the application didn't 'let go' of the connection properly. (other parts of the script using ssh in background worked fine).
I found that using ssh -t -t cured the problem. Maybe this can help you too.
(a teammate found this on the web, and we had spent so much time, I never went back to read the article that suggested this. The man page on our system gave no hint that such a thing was possible)
Hope this helps.
You may want to try to double background myProg2 to detach it from the tty:
# cf. "Wizard Boot Camp, Part Six: Daemons & Subshells",
# http://www.linux-mag.com/id/5981
(myProg2 &) &
Another option may be to use the daemon tool from the libslack package:
http://ingvar.blog.linpro.no/2009/05/18/todays-sysadmin-tip-using-libslack-daemon-to-daemonize-a-script/
Having a ssh with pseudy tty on background shell
In addition to #shellter's answer, I would like make some precision:
where #shelter said:
The man page on our system gave no hint that such a thing was possible
On my system (Debian 7 GNU/Linux), if I hit:
man -Pcol\ -b ssh| grep -A3 '^ *-t '
I could read:
-t Force pseudo-tty allocation. This can be used to execute arbi‐
trary screen-based programs on a remote machine, which can be
very useful, e.g. when implementing menu services. Multiple -t
options force tty allocation, even if ssh has no local tty.
Yes: Multiple -t options force tty allocation, even if ssh has no local tty.
This mean: If you remotely run a tool that require access to pseudo terminal ( pty like /dev/pts/0), you could run them by using -t switch.
But this would work only if ssh is run from a shell console (aka having his own pty). If you plan to run them is shell session without console, like background scripts, you may use Multiple -t to enforce pseudo tty allocation from ssh.
Multiple ssh shell on one ssh connection
In addition to answers from #tommy and #geekosaur, I would make some precision:
#tommy point to a very intersting feature of ssh. Not sure this have a lot to do with answer, but speaking around long time connection, this feature has to be clearly understood.
Once a connection is established, ssh could (and know how to) use them to drive a lot of thing in this one connection:
-L let you drive remote TCP connections to local machines/network. (full syntax is: -L localip:localport:distip:distport) where localip could be specified to permit other hosts from same local domain to access same tcp bind, and distip could by any host from distant network ( not only localhost ) sample: -L192.168.1.31:8443:google.com:443 permit any host from local domain to reach google through your host: http://192.168.1.31:8443
-R Same remarks in reverse way!
-M Tell ssh to open a local unix socket for bindind next ssh consoles. Simply open two terminal window. First in both window, hit: ssh somewhere than hit netstat -tan | grep :22 or netstat -tan | grep 192.168.1.31:22 (assuming 192.168.1.31 is your onw host's ip)
Than compare close all your ssh session and in first terminal, hit: ssh -M somewhere and in second, simply ssh somewhere. you may see in second terminal:
$ ssh somewhere
+ ssh somewhere
Last login: Mon Feb 3 08:58:01 2014 from elsewhere
If now you hit netstat -tan | grep 192.168.1.31:22 (on any of two oppened ssh session;) you must see that there is only one tcp connection.
This kind of features could be used in combination with -L and maybe some sleep 86399...
To work around a tcp killer router that close every inactive TCP connection from more than 120 seconds, I run:
ssh -M somewhere 'while :;do uptime;sleep 60;done'
This ensure connection stay up even if I dont hit a key for more than two minutes.
Here's a few thoughts that might help.
Sub-shells
Sub-shells fork new processes, but don't return control to the calling shell. If you want to fork a sub-shell to do the work for you, then you'll need to append a & to the line.
(ssh username#domain) &
But this doesn't look like a compelling reason to use a sub-shell. If you had a number commands you wanted to execute in order from each other, yet in parallel from the calling shell, then maybe it would be worth it. For example...
(dothis.sh; thenthis.sh; andthislastthingtoo.sh) &
Forking
I'm not sure why & isn't working for you, but it may be worth looking into nohup as well. This makes the command "immune" to hang up signals.
nohup ssh username#domain (try with and without the & at the end)
Passwords
Not storing passwords in the script is essential for any ssh automation. You can accomplish that using public key cryptography which is an inherent feature of ssh. I wont go into the details here because there are a number of great resources all across the interwebs on setting this up. I strongly suggest investigating this further.
HOWTO: set up ssh keys - Paul Keck, 2001
SSH Keys - archlinux.org
SSH with authentication key instead of password - Debian Administration
Secure Shell - Wikipedia, the free encyclopedia
If you do go this route, I also suggest running ssh in "batch mode" which will disable password querying and will automatically disconnect from the server if it becomes unresponsive after 5 minutes.
ssh -o 'BatchMode=yes' username#domain
Persistence
Then if you want to persist the connection, run some silly loop in bash! :)
ssh -o 'BatchMode=yes' username#domain "while (( 1 == 1 )); do sleep 60; done"
The problem with & is that ssh loses access to its standard input (the terminal), so when it goes to read something to send to the other side it either gets an error and exits, or is killed by the system with SIGTTIN which will implicitly suspend it. The -n and -f options are used to deal with this: -n tells it not to use standard input, -f tells it to set up any necessary tunnels etc., then close the terminal stream.
So the best way to do this is probably to do
ssh -L 9999:localhost:9999 -f host & # for some random unused port
and then manually kill the ssh before logout. Alternately,
ssh -L 9999:localhost:9999 -n host 'while :; do sleep 86400; done' </dev/null &
(The redirection is to make sure the SIGTTIN doesn't happen anyway.)
While you're at it, you may want to save the process ID and shut it down from your .logout/.bash_logout:
ssh -L 9999:localhost:9999 -n host 'while :; do sleep 86400; done' < /dev/null & echo $! >~.ssh_pid; chmod 0600 ~/.ssh_pid
and in .bash_logout:
if test -f ~/.ssh_pid; then
set -- $(sed -n 's/^\([0-9][0-9]*\)$/\1/p' ~/.ssh_pid)
if [ $# = 1 ]; then
kill $1 >/dev/null 2>&1
fi
rm ~/.ssh_pid
fi
The extra code there attempts to avoid someone sabotaging your ~/.ssh_pid, because I'm a professional paranoid.
(Code untested and may have typoes)
It's been a while since I've used ssh, and I can't test it right now, but have you tried the -f switch?
ssh -f username#domain
The man page says it backgrounds ssh. Not sure why & wouldn't work, but I guess it's interpreting it as a command to be run on the remote machine.
Maybe screen + ssh would fit the bill as well?
Something like:
screen -d -m -S sessionName cmd
screen -d -m -S sessionName cmd &
# reconnect with
screen -r sessionName