公开(公告)号：US20240202134A1

公开(公告)日：2024-06-20

申请号：US18081149

申请日：2022-12-14

Applicant: CrowdStrike, Inc.

Inventor： Martin Kelly ,  Marco Vedovati ,  Igor Polevoy ,  Milos Petrbok ,  Christopher White

IPC: G06F12/1009 ,  G06F1/14 ,  G06F9/54

CPC classification number: G06F12/1009 ,  G06F1/14 ,  G06F9/544

Abstract: A method includes retrieving, in a kernel space of an operating system executing on a computing device, a first value from a first clock source, retrieving, in a user space of the operating system executing on the computing device, a second value from a second clock source, generating a unique process identifier (UPID) associated with a process identifier (PID) of a process executing in the operating system, wherein the UPID is based on the first value of the first clock source and the second value of the second clock source, and tracking process activity of the process executing in the operating system by utilizing the UPID.

公开(公告)号：US20240202097A1

公开(公告)日：2024-06-20

申请号：US18081144

申请日：2022-12-14

Applicant: CrowdStrike, Inc.

Inventor： Martin Kelly ,  Marco Vedovati ,  Igor Polevoy ,  Milos Petrbok

IPC: G06F11/34 ,  G06F9/445 ,  G06F9/54

CPC classification number: G06F11/3495 ,  G06F9/445 ,  G06F9/545

Abstract: A unique process identifier (UPID) associated with a process identifier (PID) of a process executing in an operating system is generated in a kernel space of the operating system executing on a computing device. The UPID is inserted into a first mapping store that maps the PID to the UPID. A message is transmitted including the PID to a message buffer structure. A second mapping store that maps the UPID to the PID is updated in a user space of the operating system based on the message.