:py:mod:`dissect.target.plugins.os.unix.linux.processes`
========================================================

.. py:module:: dissect.target.plugins.os.unix.linux.processes




Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.unix.linux.processes.ProcProcesses




Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.unix.linux.processes.ProcProcessRecord


.. py:data:: ProcProcessRecord

.. py:class:: ProcProcesses(target: dissect.target.target.Target)

   Bases: :py:obj:`dissect.target.plugin.Plugin`


   Linux ``/proc`` process volatile plugin.


   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with the current target (``self.target``).
      For example, check if a certain file exists. Otherwise it should raise an
      :class:`UnsupportedPluginError`.

      :raises UnsupportedPluginError: If the plugin could not be loaded.



   .. py:method:: processes() -> collections.abc.Iterator[ProcProcessRecord]

      Return the processes available in ``/proc`` and the stats associated with them.

      There is a numerical subdirectory for each running process; the subdirectory is named by the process ID.
      Each ``/proc/[pid]`` subdirectory contains various pseudo-files.

      Yields ProcProcessRecord with the following fields:

      .. code-block:: text

          hostname (string): The target hostname.
          domain (string): The target domain.
          ts (datetime): The start time of the process.
          name (string): The name of the process.
          state (string): The state of the process.
          pid (int): The process ID of the process.
          runtime (datetime): The amount of time the process is running until moment of acquisition.
          ppid (int): The parent process ID of the process.
          parent (string): The name of the parent process ID.