Hi all I am trying to calculate the hash of started processe

Question

Hi all I am trying to calculate the hash of started processes getting the path of the started process and hashing the binary I am using a separate thread and using the `osquery SQL` object to run the query `select sha256 from hash where path = lt path gt ` to get the hash I get loads of `DBManager contention opening transient SQLite database` Is that a bad thing is there a more correct way of doing what I am trying to do

theopolis · Answer

Hey That s not a terrible thing and is not an error but indicates a situation where the performance can be improved

theopolis · Answer

Do you mind creating a GitHub issue describing the details of what is happening We can follow up and investigate improve there

Andrea · Answer

Thank you I think I found a workaround I still get those logs but related to another query

Andrea · Answer

The workaround consist of getting a `PluginRef` from the `Registry` of the Hash table downcast to `TablePlugin` and call the `generate QueryContext ` method on that object It seems it is working ok Any thoughts on this solution

theopolis · Answer

My recommendation is to avoid using the table s abstraction around hashing Instead you can use the hashing libraries in osquery which wrap OpenSSL They should be easy to use you can look at the internals of the `hash` table for a reference

Andrea · Answer

oh ok the thing is I need exactly the behaviour the `hashTablePlugin` is having calc md5 sha1 sha256 for path dir querying the table `hash` but I need to do it programmatically and asynchronously I thought that was the best way to avoid repeating myself Is there a way of populating a table without calling the corresponding Plugin As you can see I am not full aware of the code in osquery

Andrea · Answer

also can you elaborate on your recommendation so I can understand a bit better what is going on