Hi everyone, I'm writing an extension in C++ for osquery on Windows, that serves several tasks received by queries, and some of the tasks create processes on the system (with CreateProcessA). My extension works fine, does it's job, but when returning the query results, the specific tasks which create processes return an empty table (while other tasks, which don't create processes, returns a table just fine). Has anyone else experienced this and may help me?

when the child process is spawned does control ever return back to the parent process or are you exiting from the child? seems like a context issue maybe?

Yes, I report the exit code of the child process. I should note that before returning from the ""generate" function, I log to a file all the fields I return in the table. It looks fine, all the data is there, but still OSQ receives an empty table.