From 4b75d031309b116cb83b1eea99ad8a12f8a821d0 Mon Sep 17 00:00:00 2001
From: VihasMakwana <121151420+VihasMakwana@users.noreply.github.com>
Date: Fri, 25 Oct 2024 19:24:22 +0530
Subject: [PATCH] [chore][windows][system/process]: ignore error in some cases
 (#184)

- Enhancement

We can ignore the error in two cases:
- While reading the process executable name.
- For pid 4, this call fails as we can't access the executable name via
the system call. Same for other kernel-level processes.
- While finding the owner for a particular process.
- We try to open the process token via `syscall.OpenProcessToken`and we
can't access the token for protected processes , even as an
administrator.

it's okay to ignore these errors and move forward as we can access few
other metrics (memory, cpu).

More context
[here](https://github.com/elastic/beats/issues/40484#issuecomment-2400100817)

Relates https://github.com/elastic/beats/issues/40484
---
 metric/system/process/process_windows.go | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/metric/system/process/process_windows.go b/metric/system/process/process_windows.go
index b991a4f0d..ccb1ebe32 100644
--- a/metric/system/process/process_windows.go
+++ b/metric/system/process/process_windows.go
@@ -135,14 +135,12 @@ func FetchNumThreads(pid int) (int, error) {
 
 // FillPidMetrics is the windows implementation
 func FillPidMetrics(_ resolve.Resolver, pid int, state ProcState, _ func(string) bool) (ProcState, error) {
-	user, err := getProcCredName(pid)
-	if err != nil {
-		return state, fmt.Errorf("error fetching username: %w", err)
-	}
-	state.Username = user
+	user, _ := getProcCredName(pid)
+	state.Username = user // we cannot access process token for system-owned protected processes
 
-	ppid, _ := getParentPid(pid)
-	state.Ppid = opt.IntWith(ppid)
+	if ppid, err := getParentPid(pid); err == nil {
+		state.Ppid = opt.IntWith(ppid)
+	}
 
 	wss, size, err := procMem(pid)
 	if err != nil {
@@ -270,8 +268,15 @@ func getProcName(pid int) (string, error) {
 	}()
 
 	filename, err := windows.GetProcessImageFileName(handle)
+
+	//nolint:nilerr // safe to ignore this error
 	if err != nil {
-		return "", fmt.Errorf("GetProcessImageFileName failed for pid=%v: %w", pid, err)
+		if isNonFatal(err) {
+			// if we're able to open the handle but GetProcessImageFileName fails with access denied error
+			// that the process doesn't have any executable associated with it.
+			return "", nil
+		}
+		return "", err
 	}
 
 	return filepath.Base(filename), nil