https://github.com/osquery/osquery logo
Powered by
Title
t

theopolis

11/16/2017, 4:36 PM
let me refresh my memory
o

OpenPlgx

11/17/2017, 4:36 AM
anything flashed 🙂?
t

theopolis

11/17/2017, 6:27 AM
yes! the "core" process should call each extension's 
shutdown
thrift API if you implement it: https://github.com/facebook/osquery/blob/master/osquery/extensions/extensions.cpp#L161
The C++ extensions should implement that by default: https://github.com/facebook/osquery/blob/master/osquery/extensions/interface.cpp#L76
o

OpenPlgx

11/17/2017, 4:59 PM
ah ok, I was trying to bubble it up to the extension level. So can I override the default?
I tried Initializer.installShutdown() but that didn't do the trick
3 Views
#windowsJoin Slack
Powered by