Added UpgradeCode to programs table #8587

ksykulev · 2025-04-03T05:35:13Z

For issue fleetdm/fleet#27759
Related to PR #8585

There are a few identifiers for windows programs. UpgradeCode is the unique identifier for MSI applications that is stable between version upgrades. It is different than the identifying_number column (which is typically ProductCode), as this changes between versions.

https://learn.microsoft.com/en-us/windows/win32/msi/productcode
https://learn.microsoft.com/en-us/windows/win32/msi/upgradecode

ksykulev · 2025-04-03T05:38:37Z

osquery/tables/system/windows/programs.cpp

+  }
+
+  return productCodeUpgradeCodeMap;
+}


This generates a map of 334 k/v pairs. Is it ok to store this in memory? Or should we take the more CPU intensive route and iterate through the UpgradeCodes each time to look up a ProductCode?

334 is on your system or any system? That seems like a very reasonable amount of data to have in memory. I'm guessing we are talking about a few kb?

If the number of key value pairs is equal to the number of software items installed, I think it's fine.

This number is going to depend on the software installed on the system. And my system is fairly clean, I don't have a ton installed.

Given a UUID is 36 bytes (as a string with hyphens), so my 334 would be 24,048 bytes, so around ~24k.

UUIDs are certainly not cheap to store. : / I am starting to lean towards maybe eating the cost on CPU and iterating the list/performing the substring conversion.

Up to you. Either way I think is reasonable. If the CPU cost is significant I'd lean towards the caching. Even a few MB that stays around for just the life of the query (I think I have that right) would be not a problem.

👍

If 1 MB is ok, then I'm good with sticking this into memory. 1mb of uuids would be around 27k. Feels like that's a lot more than I would expect any system to have 😆

Is there a way to cap the cache and fall back to lookups?

size_t totalMemoryUsage = sizeof(productCodeUpgradeCodeMap); // Base size of the map ... std::transform(productCode.begin(), productCode.end(), productCode.begin(), ::toupper); // Calculate memory usage of the new key-value pair size_t keyMemory = sizeof(productCode) + productCode.capacity(); size_t valueMemory = sizeof(upgradeCode) + upgradeCode.capacity(); // Insert the key-value pair into the map productCodeUpgradeCodeMap[productCode] = upgradeCode; // Update the total memory usage totalMemoryUsage += sizeof(std::pair<std::string, std::string>); // Pair overhead totalMemoryUsage += keyMemory + valueMemory; // Log for now VLOG(1) << "total memory usage: " << totalMemoryUsage << " bytes"; } } } }

I think that would calculate memory usage properly. I guess we could abort and return an empty map if the cache size is "too big" (what number should we use here). Then in the lookup method we could detect if the map was empty or not, and on empty we could have it use a method for lookup rather than the empty map.

if this is a big concern I can certainly hack something together.

ksykulev · 2025-04-03T05:42:49Z

We get decent coverage for upgrade_code on my windows VM. However, I should note not all programs have upgrade codes. Possibly due to the fact that they are exe. Only MSI applications have upgrade codes.

I did verify this with an MSI installed version of figma
| Figma (Machine - MSI) | {237978D0-E7E6-4114-ADCE-3B6BB6C90D54} |
https://github.com/microsoft/winget-pkgs/blob/master/manifests/f/Figma/Figma/125.2.3/Figma.Figma.installer.yaml#L38C20-L38C56

  - DisplayName: Figma (Machine - MSI)
    Publisher: Figma Inc.
    ProductCode: '{E0FD9D12-0AED-4A5F-BCD9-57C3A2A98FA7}'
    UpgradeCode: '{237978D0-E7E6-4114-ADCE-3B6BB6C90D54}'

Full list:

+--------------------------------------------------------------------+----------------------------------------+
| name                                                               | upgrade_code                           |
+--------------------------------------------------------------------+----------------------------------------+
| Git                                                                |                                        |
|                                                                    |                                        |
| Application Verifier arm64 External Package (DesktopEditions)      | {2CB2302A-DA97-69E2-7834-B27DB854BE35} |
| Box                                                                | {46AF5B38-D258-487A-92BD-792911248CCD} |
| Application Verifier x64 External Package                          | {C560C0EC-E9F7-DC6B-8B7E-A8200E49FFE6} |
| Python 3.12.8 Development Libraries (64-bit)                       |                                        |
| Python 3.12.8 Tcl/Tk Support (64-bit)                              |                                        |
| Universal CRT Tools arm64                                          | {B3090E23-300D-A517-BC41-9A1F64147BC7} |
| Strawberry Perl (64-bit)                                           | {DBA41113-4E91-3FFC-B400-573BB4B80705} |
| Microsoft Visual Studio Installer                                  |                                        |
| Universal CRT Tools x64                                            | {00DE42C6-5BFA-CFA9-DF77-45303B2A54C9} |
| Python 3.12.8 Core Interpreter (64-bit)                            |                                        |
| Application Verifier x64 External Package                          | {28F5EE02-BF50-BAF8-39C7-CD8ED75FDBA4} |
| Microsoft Visual C++ 2022 Arm64 Runtime - 14.42.34433              | {DC9BAE42-810B-423A-9E25-E4073F1C7B00} |
| Application Verifier arm64 External Package (DesktopEditions)      | {D9DACB15-4D98-FAFE-B5CA-C565A8F96FE9} |
| Python 3.12.8 Test Suite (64-bit)                                  |                                        |
| Microsoft Visual C++ 2022 Arm64 Debug Runtime - 14.42.34433        | {EB364181-62F9-3134-8208-7921A115D5EF} |
| Python 3.12.8 Add to Path (64-bit)                                 |                                        |
| Microsoft Teams Meeting Add-in for Microsoft Office                |                                        |
| Application Verifier x64 External Package                          | {02189F3C-9ECB-B860-AA38-9F61C8A00076} |
| vs_communityarm64msi                                               | {4AFF6BE3-374C-4812-827D-65D53D5F93CD} |
| Windows App Certification Kit Native Components                    | {71F94612-0CE4-423D-3769-AC3BAB695E7C} |
| Python 3.12.8 pip Bootstrap (64-bit)                               |                                        |
| Python 3.12.8 Standard Library (64-bit)                            |                                        |
| Python 3.12.8 Executables (64-bit)                                 |                                        |
| Python 3.12.8 Documentation (64-bit)                               |                                        |
| WiX Toolset v3.14 X64                                              | {4BF424CC-D118-4018-B49D-CC1A26968834} |
| Application Verifier arm64 External Package (OnecoreUAP)           | {E3847224-146B-9C18-6D43-11EA2617BC4D} |
| Visual Studio Build Tools 2022                                     |                                        |
| Google Chrome                                                      |                                        |
| Microsoft Edge                                                     |                                        |
|                                                                    |                                        |
| Microsoft Edge WebView2 Runtime                                    |                                        |
| Windows Team Extension SDK                                         | {6AEDE9C9-D156-3216-F2A5-8B6EF17FC787} |
| WinRT Intellisense PPI - Other Languages                           | {75B39824-3473-0B26-690D-4AD5A34836BD} |
| Windows SDK EULA                                                   | {DF400B72-41D8-E32E-4742-059F4D19DD4F} |
| Windows Mobile Extension SDK Contracts                             | {64732013-B501-ECB8-079F-C43344F634FE} |
| Windows SDK Desktop Tools x86                                      | {17974C46-DACD-02AB-EC10-C61087CB87BC} |
| Windows Desktop Extension SDK Contracts                            | {80435A22-3759-054C-B3FE-F9CD6D4612AF} |
| vs_filehandler_x86                                                 | {CB16307A-E8C6-43BF-A66F-55A54E56E4D5} |
| Windows SDK for Windows Store Managed Apps Libs                    | {8C7CA2F5-8117-AFB0-CDCF-AEDD70EB27B0} |
| Universal CRT Redistributable                                      | {464E3E15-766B-632D-4E76-925B9D96033A} |
| Windows App Certification Kit SupportedApiList x86                 | {61D74743-F687-83EB-3108-488434FF783F} |
| Windows SDK Desktop Tools arm64                                    | {23F1FA59-EA4B-C482-44ED-B24E1E598B28} |
| Windows IoT Extension SDK                                          | {BC509921-135C-6217-63B4-97480E54C1A2} |
| Windows SDK for Windows Store Managed Apps Libs                    | {EF478E71-AEC0-8F32-785C-2E1270220459} |
| WinRT Intellisense UAP - en-us                                     | {79EA2AFA-3399-3178-A4C3-171B6093BE6B} |
| Windows SDK for Windows Store Apps DirectX x86 Remote              | {F95049C4-6D7D-5817-B8DB-CDF3C3485411} |
| Windows SDK Desktop Tools arm64                                    | {1487D52D-6397-7A9A-5159-615C56C39630} |
| WinRT Intellisense Mobile - en-us                                  | {C31E491D-D563-9E25-3BEC-30F742F6B134} |
| Windows SDK Signing Tools                                          | {0F833C0D-80B0-9386-6D9A-FDCB3323A14C} |
| Windows SDK Desktop Libs x64                                       | {5A992B1F-560C-BF1D-5570-41A84B9C161C} |
| Windows SDK Modern Versioned Developer Tools                       | {F355901D-AABC-A21D-545D-C9E9963E0831} |
| Windows Mobile Extension SDK Contracts                             | {0E5370C5-4911-4FFE-148D-2356B7DCF7C1} |
| Windows SDK Desktop Tools arm64                                    | {77E64386-A01E-B790-555D-FADD0C9B607B} |
| Windows SDK EULA                                                   | {70B54951-F61D-EDA6-7693-C23CDD84EB5C} |
| Universal CRT Headers Libraries and Sources                        | {5362FD50-90C2-047B-8288-266BEB0D00BA} |
| Windows Software Development Kit - Windows 10.0.18362.1            |                                        |
| Windows IoT Extension SDK                                          | {C3DD1332-F11E-1491-F1D6-CC73435949B1} |
| Windows SDK Desktop Headers x86                                    | {6B0BC6E5-4176-AFA5-515B-B8C40ACF69EC} |
| Universal CRT Extension SDK                                        | {462A1863-E25C-8A52-4E41-C5F7C24C6A05} |
| Windows Team Extension SDK                                         | {99B458FF-1D8C-A2A3-825C-74F7C9FC1686} |
| Windows Mobile Extension SDK Contracts                             | {BFCAD7BA-2355-6D36-C3C0-F52B2395C20B} |
| WinRT Intellisense PPI - en-us                                     | {2862FB39-07C9-6021-9AD6-4F1E47BDEE6A} |
| Windows SDK Desktop Libs arm64                                     | {5305699E-7175-D4BA-85BD-D7DB5590A861} |
| Windows SDK for Windows Store Apps Headers                         | {220215B0-5BA8-0FCB-3970-DAE48A2CED67} |
| Windows Mobile Extension SDK Contracts                             | {108327B8-227D-22BF-5ADA-47995498BA37} |
| Windows SDK Desktop Libs x64                                       | {C26571C8-8736-E849-3BE8-BFD48BFF6D7C} |
| vs_CoreEditorFonts                                                 | {98786DD8-A299-4C50-A5BC-10AA8B9949E3} |
| Windows SDK Desktop Libs x64                                       | {90788616-17A8-D76C-B77B-E6ED93C33449} |
| Windows SDK Desktop Libs x64                                       | {72552030-B67E-73BF-0A1B-4096349ACEA1} |
| Windows SDK Desktop Tools x86                                      | {0D69ADC5-D617-64A8-2D9E-8D20FF9854AF} |
| Universal CRT Redistributable                                      | {1E5379A5-903F-EB4A-B439-019692C333B0} |
| Windows SDK Signing Tools                                          | {18240090-C535-F07B-960F-68BDEAE2E4D2} |
| WiX Toolset v3.14 Native 2010 SDK                                  | {C1450CC3-3F3F-481E-AC13-E09FAF44FA54} |
| Windows SDK for Windows Store Apps Libs                            | {54610CCD-418B-9C3B-AE5D-A8CDDC1CFFFE} |
| Windows IoT Extension SDK Contracts                                | {A4673EEB-F651-0B06-6526-257E2062C6C4} |
| Windows SDK ARM Desktop Tools                                      | {6A19527A-A478-8577-5EB9-5CB4B6A8DF91} |
| Windows SDK Modern Versioned Developer Tools                       | {D47663C6-74D5-C12F-4B79-12473B42C997} |
| WinRT Intellisense IoT - Other Languages                           | {BAFC2B5B-36AD-0343-34F8-75B7A7B752F9} |
| Universal CRT Tools x86                                            | {15ACD7A6-6F43-F46C-6DFC-10CC09A704FC} |
| Windows SDK for Windows Store Apps Libs                            | {18151DB5-3338-417A-B5CF-3EC12F4F9CC8} |
| Windows SDK Desktop Libs x86                                       | {832C492B-586D-FAB8-EC93-AA7525AD4B23} |
| Windows SDK Desktop Headers x86                                    | {FFB444A7-968D-5801-F3BD-D8A6D63B4491} |
| Windows SDK Desktop Libs x86                                       | {11358B70-BC8B-9C60-161D-BC4D4AEBF99C} |
| WinRT Intellisense UAP - Other Languages                           | {FD884A91-5458-03AB-4F45-8689A99CE9EB} |
| Windows SDK for Windows Store Apps Metadata                        | {970E18F5-2BE3-F984-9ACB-D89A53133270} |
| WinRT Intellisense UAP - Other Languages                           | {F63D9AE9-3429-0E4B-DD93-EFCA66641F1C} |
| Windows SDK Desktop Headers x64                                    | {6AD46163-B879-6D7B-EAB3-DBAF2C131DE9} |
| Windows SDK Signing Tools                                          | {C273A08B-4643-C580-156C-4BD0E2811BF0} |
| Windows SDK for Windows Store Apps Contracts                       | {EDAD87DA-86B5-ED08-8AEE-88BF658FCC8E} |
| Windows SDK Desktop Libs arm                                       | {81232043-F20E-3C5A-6A8F-11BCF7497FEF} |
| WinAppDeploy                                                       | {61F90E7A-FE57-6568-7844-8370937B46F1} |
| Windows SDK for Windows Store Apps Metadata                        | {BC87C89E-50F3-1520-26BF-827905C29226} |
| Windows SDK Facade Windows WinMD Versioned                         | {03E9EDE7-434D-51D1-2AEC-504BA25262EE} |
| WinRT Intellisense Desktop - en-us                                 | {81D2FB60-16BA-21F2-50A0-1DB2F941C196} |
| Windows SDK Desktop Tools arm64                                    | {52E9DEFF-7B29-5D2D-12C1-D8FFF7737066} |
| Windows SDK Desktop Libs arm                                       | {7749594E-AAF0-411C-3C8D-A310AD4941A6} |
| WinAppDeploy                                                       | {461B8261-8704-55E2-97DA-7C7F86B4526A} |
| Windows SDK Desktop Headers arm64                                  | {2654913E-0C6A-556A-EB13-80B15EDC9B39} |
| Windows Mobile Extension SDK                                       | {A8151364-66B5-63E4-0C59-2CD776C06BC0} |
| Windows SDK ARM64 Desktop Tools                                    | {DFCD594F-A7E8-5694-9890-5BA99AA14FC5} |
| Windows SDK for Windows Store Apps DirectX x86 Remote              | {50AD055F-21FF-54B3-EC0E-ED34FC3E24E7} |
| Windows SDK for Windows Store Apps DirectX x86 Remote              | {F341C4BA-213E-052A-B943-738F6A79EB61} |
| Windows SDK Facade Windows WinMD Versioned                         | {9EA55672-3421-4C99-FC0D-532FB366ABA6} |
| Windows SDK Desktop Headers arm                                    | {1B8587A2-C3A4-B500-ED2B-5B64F2A4CC7D} |
| Windows SDK Desktop Libs x86                                       | {38B09A73-9291-2DDD-1CE1-4F8524C70956} |
| WinRT Intellisense IoT - en-us                                     | {6244E286-615D-F706-B594-1E3C29B5906C} |
| Windows SDK for Windows Store Apps Tools                           | {0A352159-A079-76DC-E26C-BE3343ED246B} |
| WinRT Intellisense IoT - en-us                                     | {90237FCE-CCA1-BB45-1A50-605D1FC58A68} |
| MSI Development Tools                                              | {01227AE3-1E4F-5892-1EDF-0D03A9925FE4} |
| CMake                                                              | {8FFD1D72-B7F1-11E2-8EE5-00238BCA4991} |
| Windows Desktop Extension SDK Contracts                            | {67F4A356-1B76-C3F9-E225-E6954F3ED405} |
| WinRT Intellisense IoT - Other Languages                           | {B06C36D4-BC17-C4F2-C15F-EA5D21FDC2C8} |
| WinRT Intellisense IoT - Other Languages                           | {7C47C8EB-5D53-821E-FD90-2B804AAFF338} |
| Windows SDK Desktop Headers x64                                    | {26945CB9-4C42-347D-1B5B-9D3C64E7A3E1} |
| WinRT Intellisense UAP - Other Languages                           | {A1203A94-B98A-FAE9-6F28-8CB0A179A39F} |
| Windows IoT Extension SDK Contracts                                | {C84F1DA1-40FC-BAFF-C5C4-E68B2508781D} |
| Windows SDK Desktop Headers x86                                    | {9BF45FB6-53BD-875E-85AC-97C85DDA70E1} |
| Windows SDK Desktop Headers arm                                    | {1F06AE1F-74F4-5C13-6540-09FD0BF3C6CA} |
| Windows Desktop Extension SDK                                      | {90E38413-50CD-7D42-6783-B3EDAE6DD2B9} |
| SDK ARM64 Redistributables                                         | {7A7DF351-3A4B-2719-85BC-2094D0801FAF} |
| WinRT Intellisense UAP - en-us                                     | {EDEBEBDD-1751-BD65-37FC-23718EC4A404} |
| WinRT Intellisense Mobile - en-us                                  | {3828C9F3-14F8-E33E-F682-7B2A90B93C73} |
| WinRT Intellisense IoT - en-us                                     | {22FBD73F-D09E-9635-20DE-A52CAC9DF058} |
| Windows SDK Desktop Headers arm64                                  | {9670DB92-3BED-82EC-D2D3-8885D479B9FA} |
| Windows Software Development Kit - Windows 10.0.19041.685          |                                        |
| WiX Toolset v3.14 Native 2015 SDK                                  | {C1450CC3-3F3F-481E-AC13-E09FAF44FA54} |
| Windows SDK for Windows Store Apps Tools                           | {C709F597-7386-CAEA-12D5-B8C066149E04} |
| Microsoft Visual Studio Setup WMI Provider                         | {0A671536-ACC6-4075-BCDF-2F1FA4C794EA} |
| Windows IoT Extension SDK Contracts                                | {BF16A97B-696E-AA17-B6CA-38BE920E4E27} |
| Windows Mobile Extension SDK                                       | {DD044899-9B74-DC0A-AEC4-1486B3154AF8} |
| Windows SDK for Windows Store Apps Metadata                        | {EC2131A4-88F1-FF2D-B39F-615E8810F294} |
| Windows SDK for Windows Store Apps Tools                           | {E455F626-95B3-8652-90BC-1B3C00A63C05} |
| Windows SDK Desktop Headers arm                                    | {98D76B53-A27D-353F-9E12-9AB85D0664E8} |
| Windows SDK Signing Tools                                          | {858F9C99-12C1-D693-22EF-70E2B5A4CC0D} |
| Universal CRT Extension SDK                                        | {4D739073-570E-0821-17D7-F3B2EACE4311} |
| Windows SDK Redistributables                                       | {E3DABCBE-5470-08EF-A072-8E07CF7AAFC5} |
| Windows SDK ARM Desktop Tools                                      | {A16A746C-9C71-AAD7-27FA-0D358EC246EE} |
| WinRT Intellisense Desktop - Other Languages                       | {75007AB6-E986-ADD8-7C34-A7CC00410440} |
| Windows SDK OnecoreUap Headers x86                                 | {4820FACA-1B84-F112-85D2-FF55A7A323CB} |
| Windows SDK Desktop Tools x86                                      | {4DEB1D89-82FF-E455-7A33-8B8308BB3E5F} |
| Windows SDK Desktop Libs x64                                       | {F17EBC08-4F32-735B-F344-2F008311D5E5} |
| WinRT Intellisense PPI - Other Languages                           | {DE1A9934-82C2-5FA8-A5B5-8D8A73338B4F} |
| Windows SDK Desktop Tools arm64                                    | {FAFCF826-867F-31FB-627C-178F34ECBAE5} |
| Windows SDK Signing Tools                                          | {184518DA-8DFA-68DF-83C0-CC7708E79270} |
| WinRT Intellisense PPI - en-us                                     | {39102D75-227C-A1CA-70F0-1E5D74CDD7FA} |
| Windows IoT Extension SDK                                          | {18DBAF13-27A3-DC17-4D59-E2D38D1C8908} |
| Windows Team Extension SDK Contracts                               | {40FC0B07-5282-7375-7CF0-5BDCAEDEE921} |
| Microsoft Visual C++ 2022 X86 Debug Runtime - 14.42.34433          | {7C1C6ADF-3549-31F7-9E93-BC30719EB9DA} |
| Universal General MIDI DLS Extension SDK                           | {F00DA10D-CC62-A9D6-D73E-5F95B2B987C0} |
| Windows SDK for Windows Store Apps DirectX x86 Remote              | {D8F0FFFD-69BF-60AC-71B3-E1A5335D48C8} |
| WinRT Intellisense PPI - Other Languages                           | {89F8C87F-C795-EE3E-DCB5-8E138DE9D87A} |
| Windows SDK for Windows Store Apps Contracts                       | {57726939-4364-8DA2-BB05-45FDA5955E6B} |
| Windows Team Extension SDK Contracts                               | {9A32795A-6C22-DC4C-4EBF-83770E87946D} |
| Windows SDK EULA                                                   | {7B50DCA4-2F19-03E7-39BC-E3C30124B08B} |
| Windows Team Extension SDK Contracts                               | {3698086D-DF1E-5846-27F1-DB959E46E8A8} |
| Windows SDK for Windows Store Apps Metadata                        | {840A1EC0-50CF-E3DB-0390-B0732F73FB30} |
| Windows SDK Desktop Libs arm                                       | {C9EF020C-739F-9806-3762-1AAC9EDF49FC} |
| Windows SDK Desktop Libs arm                                       | {501A320B-9E28-37B9-111D-8A52E7053C51} |
| Kits Configuration Installer                                       | {E3131EBE-C8D6-E25E-C451-DC7929ECE129} |
| Windows Software Development Kit - Windows 10.0.20348.1            |                                        |
| WinRT Intellisense IoT - Other Languages                           | {42092235-105E-46C0-CF75-EB39955E095E} |
| WinRT Intellisense IoT - en-us                                     | {55F45D05-AFD4-769D-061E-31CE31939F2E} |
| Windows App Certification Kit x64                                  | {A43D9F71-8069-869D-5689-6FDC76071B8E} |
| WinRT Intellisense Desktop - Other Languages                       | {3B402B73-B105-0916-2091-57B5EBB1DA0B} |
| Windows SDK for Windows Store Apps Headers                         | {3A8F10F5-F8DE-4932-DC90-DE335EB8BD1C} |
| WinRT Intellisense PPI - en-us                                     | {66DF4DA5-CED6-F854-1C87-DC643881D57B} |
| Windows SDK for Windows Store Apps Tools                           | {2EEDBC6C-430A-C096-1CE5-B5EF346C875D} |
| Windows SDK Desktop Headers x64                                    | {AE48D698-B3A6-8E22-06EB-143F8DB7B0B2} |
| WinRT Intellisense IoT - Other Languages                           | {93B084AD-C166-8640-C302-FEEDE3C5A840} |
| WinRT Intellisense UAP - en-us                                     | {28656E16-9EBA-0DD1-44B5-51B625544CAF} |
| Universal CRT Headers Libraries and Sources                        | {469524E4-F100-07F0-1269-D9F6581969CF} |
| Windows Team Extension SDK                                         | {266DD37A-920C-F4C7-6C8E-0D0FFC86F7F1} |
| Windows SDK Desktop Headers x86                                    | {08F39866-B917-AA58-99FD-348EF3E473DC} |
| Universal General MIDI DLS Extension SDK                           | {89173D66-32C4-14BF-0449-42B354E0338A} |
| WiX Toolset v3.14 Managed SDK                                      | {1BF98B34-B863-4AF7-956C-FEEB1938B2C8} |
| Windows Software Development Kit - Windows 10.0.22621.3233         |                                        |
| Windows Mobile Extension SDK                                       | {0844F905-F28A-D467-2B26-11777A634180} |
| vs_FileTracker_Singleton                                           | {92EB809E-F05D-4C87-90DA-4BAF291F6D8C} |
| Universal CRT Headers Libraries and Sources                        | {2C57B288-131A-6E9B-B81E-F568E6B81BD9} |
| Windows SDK DirectX x86 Remote                                     | {620AC2FC-FC2B-3BFD-42A8-357BB901FEE6} |
| Windows Mobile Extension SDK                                       | {0856A245-ABB5-7B5A-1193-FB5F51263D4F} |
| Windows SDK for Windows Store Apps Headers                         | {AC6750A4-DDA7-09F7-55AE-B5AE31458DC8} |
| Universal CRT Extension SDK                                        | {8D85C3CF-F883-C11C-956E-54A9490994E1} |
| Windows SDK Facade Windows WinMD Versioned                         | {5ACB8A41-27D5-23EE-E2D3-767A28746B91} |
| Windows Desktop Extension SDK Contracts                            | {D2CB7878-459D-8547-3AEE-3369D6921057} |
| Windows SDK for Windows Store Apps Metadata                        | {7EAC525A-5685-158D-000F-D7A16081F697} |
| Windows SDK Desktop Tools x64                                      | {211F3F92-330F-74C0-83A8-8C61AD2F785A} |
| Windows Mobile Extension SDK Contracts                             | {CAA2C43A-AC89-C2C0-EF4C-17599696FF23} |
| MSI Development Tools                                              | {FE755100-C62B-AB7A-D51B-641667CCDB4D} |
| Windows Desktop Extension SDK                                      | {EC0E61F5-6C33-1AAE-61C1-ED23BE5B60AF} |
| Windows SDK for Windows Store Apps Libs                            | {313F3742-EB48-C794-1222-03EAFBE672E3} |
| Windows SDK OnecoreUap Headers x64                                 | {1EF02066-8B0C-AE04-CAD0-93F7E4164DC8} |
| Windows Team Extension SDK                                         | {9A2C6735-2C6E-B964-D892-CF1207EADCC9} |
| Windows SDK Desktop Libs x86                                       | {125A50C2-EA6A-035B-AD95-F35A1E83D02B} |
| Windows SDK Desktop Libs x86                                       | {7A188B69-1F4B-3DD0-D01B-E13BA4586A58} |
| WinRT Intellisense Mobile - en-us                                  | {650B52E9-38BF-85E2-12A7-11A0FA26C5E0} |
| WinRT Intellisense Desktop - Other Languages                       | {60549209-169E-725C-C3DE-8FA596BBED99} |
| WinRT Intellisense IoT - Other Languages                           | {33CA6737-7A8D-83CF-8117-022BA572FD7E} |
| Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 |                                        |
| WinRT Intellisense IoT - en-us                                     | {E2C21107-7B53-68A7-4B68-DC26C2B49947} |
| Windows SDK Desktop Libs arm64                                     | {CB02596F-36C8-0CA5-DB94-36DD63259023} |
| WinRT Intellisense Desktop - Other Languages                       | {7B83767C-37F3-3C56-CE76-69C3D799E605} |
| Windows SDK Desktop Libs x64                                       | {2A1F19F8-70B3-4F56-4662-CE95E7848614} |
| Universal CRT Redistributable                                      | {3360E188-6AF2-DC13-3704-C52A3B21A450} |
| Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433     | {C78B8E51-0C65-377E-85D1-282F689FE505} |
| SDK ARM64 Additions                                                | {948B4170-088B-F43C-4711-1D5949D505E6} |
| Windows SDK Desktop Headers x86                                    | {C6F8F327-1404-8492-8F57-E147CE3B56F4} |
| WiX Toolset v3.14.1.8722                                           |                                        |
| Windows SDK Desktop Libs arm64                                     | {4F280076-CA8C-93F3-E5D4-497C0D7F198C} |
| WinRT Intellisense UAP - Other Languages                           | {79EE4317-7787-1E3E-76C1-2A658D84379C} |
| Windows SDK Desktop Libs arm64                                     | {95BE2CE0-3B8D-C6FF-8D2D-EE9AAB91DE0B} |
| vs_minshellinteropmsi                                              | {D91FD302-241E-44C3-985A-7DEE40F9CABF} |
| WinRT Intellisense UAP - en-us                                     | {10B32E42-CA23-A8AF-3C6B-9517716CC672} |
| Windows SDK for Windows Store Apps Contracts                       | {A94BBD45-6477-0C3B-3156-96D9DB10D557} |
| WiX Toolset v3.14 Native 2013 SDK                                  | {C1450CC3-3F3F-481E-AC13-E09FAF44FA54} |
| Windows IoT Extension SDK Contracts                                | {B43A3E39-18EB-AC21-FC44-830A9A16B2DE} |
| Universal CRT Redistributable                                      | {3260A5DD-A047-4232-9410-99134FD5E3B5} |
| Windows SDK for Windows Store Apps Headers OnecoreUap              | {1D463A6D-4E2F-3057-395A-03AAA3E26518} |
| Windows IoT Extension SDK Contracts                                | {E752638C-646F-75BC-77FE-A84FE01BC710} |
| WinAppDeploy                                                       | {0B63466E-7070-775A-62C3-5B667A7DA6A7} |
| WinAppDeploy                                                       | {D3BF3573-4F1E-C870-69AD-77A405A8E046} |
| Windows SDK for Windows Store Apps Headers                         | {943559E7-3F84-7026-8394-9F5C60EB0084} |
| Universal CRT Redistributable                                      | {BFBBCA0E-37CB-A252-DEA3-030B80884128} |
| Windows Mobile Extension SDK Contracts                             | {C6E331C1-37C7-641F-DE86-C763F7C67A08} |
| Windows SDK for Windows Store Apps DirectX x86 Remote              | {82E8F65B-B6BD-BEFC-3E3E-FB5E5FC8A98E} |
| Windows Software Development Kit - Windows 10.0.26100.1742         |                                        |
| WinRT Intellisense UAP - en-us                                     | {F8F68183-ECF3-33E6-A717-58525154932E} |
| Windows Team Extension SDK Contracts                               | {EC278CDA-3928-AC61-16AE-90854E056565} |
| Windows Team Extension SDK                                         | {E801EFC5-E5BA-3484-D690-DDAEE1FE1E8E} |
| Universal CRT Extension SDK                                        | {FDFC8B3E-FECD-652E-ABBB-06E3EC688308} |
| WinRT Intellisense Mobile - en-us                                  | {75736678-19B1-3DFA-618C-788AE7C2B547} |
| Universal General MIDI DLS Extension SDK                           | {B7DC0FB5-A85C-C7C3-E641-868D4B451CD5} |
| WiX Toolset v3.14 Native 2017 SDK                                  | {C1450CC3-3F3F-481E-AC13-E09FAF44FA54} |
| Windows SDK EULA                                                   | {FCD7606C-7339-37A9-A399-3D5D2EEA704E} |
| Windows SDK ARM Desktop Tools                                      | {FAF654F5-0353-10AB-88E5-8EE15F733583} |
| WinRT Intellisense UAP - en-us                                     | {5A3B131E-398C-5ECE-525B-9316F3A1EABB} |
| Windows SDK Desktop Libs arm64                                     | {31A5CB5E-B936-8B58-79DC-1FD0E2067513} |
| Windows SDK Desktop Libs arm64                                     | {2A67522E-CAD4-1E38-0413-C0CF1F2B250F} |
| MSI Development Tools                                              | {8DD9BB34-CAE8-8212-3090-7DB1052CF408} |
| Python Launcher                                                    |                                        |
| Windows SDK ARM Desktop Tools                                      | {B6048EE1-4552-4B47-D20A-D01BE1C58B01} |
| Universal CRT Headers Libraries and Sources                        | {B591AA94-12F0-BC86-DFB3-464389AEED32} |
| Windows SDK Desktop Libs x86                                       | {CF5D7D5F-A0B8-28D8-8E00-C84D0ABD81CE} |
| Windows SDK Desktop Libs arm                                       | {E9E153FC-BFAC-622D-5703-144FFDE4F123} |
| Windows SDK for Windows Store Apps Metadata                        | {94426895-4BCE-8370-59EE-92FFB24CE5FB} |
| Windows SDK Desktop Headers arm64                                  | {C979519D-8B27-7FEA-7F9C-ABF905A4C73A} |
| Universal CRT Headers Libraries and Sources                        | {BC7924C9-2B46-B24A-684E-620A791E3A87} |
| MSI Development Tools                                              | {7F47CBEB-BA92-0AA9-73FC-754C734247EF} |
| WinRT Intellisense PPI - Other Languages                           | {3BBC073B-BF80-974B-667A-56A12DC77FF7} |
| Windows IoT Extension SDK                                          | {3DBC3D99-3452-F4EF-4340-21B6F9378365} |
| WinRT Intellisense PPI - Other Languages                           | {AD043D16-A9A6-98F7-AB90-EDB50E8DCC87} |
| Windows SDK for Windows Store Apps Headers                         | {41327195-E5D9-BDA2-6FBC-45CB2B9DAA61} |
| WinRT Intellisense Desktop - Other Languages                       | {931F8484-B292-015C-52A9-7C8E9E295A20} |
| Windows Desktop Extension SDK Contracts                            | {F01DB944-26DF-8CDB-CBF5-FAC273C624A6} |
| Universal CRT Extension SDK                                        | {754953B2-9D91-2F80-1E55-2701AF5A5A88} |
| Windows Mobile Extension SDK                                       | {FBB2D500-2821-192C-D3CC-A72837C54CE8} |
| Windows SDK Desktop Tools arm64                                    | {3B4288FD-5198-C4B9-9173-60460AF71249} |
| Windows SDK Desktop Tools x86                                      | {7267E156-1B01-DA22-900D-9F88AEF5B939} |
| Windows SDK EULA                                                   | {496FA794-A890-209B-3758-D5211D5341BD} |
| Windows SDK for Windows Store Apps Tools                           | {E0F410FA-5EEE-4280-D052-BEF58440EF9D} |
| Universal CRT Redistributable                                      | {0554C2A9-DE5E-44EB-D6BD-90EDB67A8060} |
| Windows SDK Facade Windows WinMD Versioned                         | {225AA198-E2F0-102D-0A3D-2C8687221C3F} |
| Windows SDK Desktop Headers arm64                                  | {9BBA0EAD-0C5C-3B96-7B5E-290CADEA3FBF} |
| Windows SDK Facade Windows WinMD Versioned                         | {8D7D1BEF-729E-0E4C-FD33-79C919233696} |
| Universal General MIDI DLS Extension SDK                           | {FD15FF2B-422F-C323-1D5A-39DB9717452C} |
| Windows SDK ARM Desktop Tools                                      | {D239DF29-8CF7-CE98-416E-600D4ED982B9} |
| MSI Development Tools                                              | {3B9EBB80-675E-3367-8C04-EFDF206D98FC} |
| Windows SDK for Windows Store Apps Contracts                       | {CE462EC7-DA2E-5AB1-59A6-60BAB964E870} |
| Windows SDK Desktop Headers x64                                    | {B5F8930E-C463-572A-ADAE-46E81735871B} |
| Windows SDK for Windows Store Managed Apps Libs                    | {655B95A6-0BD7-E72A-5B62-3213D49E48BC} |
| vs_communitysharedmsi                                              | {8C27F2B4-9A95-48F3-AF0E-94D3CCF62B36} |
| Universal CRT Redistributable                                      | {BD88D906-5FF0-F330-F474-97E1A7FB5360} |
| vs_minshellsharedmsi                                               | {F50BACC4-5D9B-4946-891D-0EC8B051445E} |
| WinRT Intellisense Desktop - en-us                                 | {F75161F2-3A11-78C0-E3D7-929B7133B8AB} |
| WinRT Intellisense Desktop - Other Languages                       | {5A274C54-9235-E759-B7F7-E02B8078BE6B} |
| Windows Desktop Extension SDK                                      | {1DB2D53A-B322-73E7-36CF-2D49F74547EE} |
| WinAppDeploy                                                       | {821CDE25-67FE-E2D4-A078-5FBFA163B92F} |
| Windows SDK Signing Tools                                          | {42B1074E-AF1D-1498-298F-15D98900DBD2} |
| vs_vswebprotocolselectormsi                                        | {AA01B09C-39D0-4651-B2BD-BAA02637CCE4} |
| Windows SDK Desktop Tools x64                                      | {41AF365E-A49A-A2F2-A407-28D428725D0A} |
| WinRT Intellisense UAP - Other Languages                           | {8AA3F438-9DF3-A8CC-18D6-25DE53153770} |
| WinRT Intellisense Desktop - en-us                                 | {C5A88ADD-8C23-8956-6C32-56DCEE5B8274} |
| Windows Desktop Extension SDK Contracts                            | {C5154691-1652-76C3-8AF4-324EED91E603} |
| Windows SDK Desktop Tools x64                                      | {839427CD-2F89-94E1-1226-E9FEB4F5031B} |
| Windows SDK for Windows Store Apps Contracts                       | {FED95895-FAFD-4D94-682B-ADAEA79E01A4} |
| Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433        | {65E5BD06-6392-3027-8C26-853107D3CF1A} |
| WinRT Intellisense IoT - en-us                                     | {C73FF04C-4C3D-7346-4A56-B2C0F82FA388} |
| Windows SDK Desktop Headers x64                                    | {65A603E2-5239-7866-F5B5-BF6DFD5835BD} |
| Windows SDK for Windows Store Apps                                 | {C3398A08-4D06-1FA4-CDAF-858F22397DC8} |
| WinRT Intellisense Mobile - en-us                                  | {3E10D015-59BB-3822-95F5-821987C4AEAC} |
| WinRT Intellisense PPI - en-us                                     | {9ED80568-1C99-35E6-AED0-84EC1D945F1E} |
| WinRT Intellisense Desktop - en-us                                 | {52280F05-D2C8-FFB9-7A8B-AE52B58CD95D} |
| Windows SDK Modern Versioned Developer Tools                       | {91A4D9E6-2BA5-5FE1-7940-B5D5363E6589} |
| Windows SDK Desktop Headers arm                                    | {ACB6FD0E-FAFD-5F8B-293D-8C37332EA826} |
| Windows SDK Desktop Headers x64                                    | {0A1950E5-54AC-5E0C-F0E8-614682267D10} |
| Windows SDK Desktop Headers arm64                                  | {8AA5BB02-28F7-801E-1565-E2F750CAE494} |
| Windows SDK for Windows Store Apps Libs                            | {CBBADE89-FAC6-EFAD-31F8-5C9F5A85534E} |
| WinAppDeploy                                                       | {E1823BE4-B702-B971-8690-2EB2C9FED42D} |
| Windows SDK for Windows Store Apps DirectX x86 Remote              | {D858DFBB-1727-34AC-0BAF-3A7487FB5936} |
| Windows SDK OnecoreUap Headers arm64                               | {421399C0-0376-B3DF-D6C6-862C2A910BC8} |
| Windows SDK Desktop Tools x86                                      | {2BA6DD3D-5FB9-6984-279B-9A0D845311D7} |
| Windows SDK for Windows Store Apps Contracts                       | {8848CE26-3B2C-049A-6111-0BD744C32913} |
| Windows SDK for Windows Store Apps Libs                            | {A8D948A0-17D6-FE40-35FE-E8B79E234CB4} |
| Windows Team Extension SDK                                         | {4EA4838C-E77D-1809-31F8-95232EFEBACE} |
| Windows SDK for Windows Store Managed Apps Libs                    | {B69E6BCA-B4B3-3B3E-DAAA-2FA930B302CC} |
| WiX Toolset v3.14 Core                                             | {3618724B-2523-44F9-A908-866AA619504D} |
| WiX Toolset v3.14 Native 2012 SDK                                  | {C1450CC3-3F3F-481E-AC13-E09FAF44FA54} |
| Windows IoT Extension SDK                                          | {92AF7D7C-8DCD-1BBE-E47F-F04FE92BB7AD} |
| Microsoft Visual Studio Setup Configuration                        | {1571205C-BAD1-4237-BFE6-B77E622C51DB} |
| vcpp_crt.redist.clickonce                                          | {67DB1DF0-8C31-37AB-95A3-6F05DB7B0F04} |
| WinRT Intellisense UAP - Other Languages                           | {9EFA6EF1-4DCC-5FFE-EB72-7312A0CA06DA} |
| Universal General MIDI DLS Extension SDK                           | {47E92ADF-85B4-FDF1-B4AB-D522528E4DAA} |
| Windows Desktop Extension SDK                                      | {2CA0E17A-5C45-2F1F-4399-26FAC48AEA34} |
| Universal CRT Headers Libraries and Sources                        | {C0CD175A-A0E6-1517-128B-168E6556A0E5} |
| Windows Desktop Extension SDK Contracts                            | {79FC50D1-5673-6E16-E4E0-9FD67B3F9053} |
| Universal General MIDI DLS Extension SDK                           | {8E9E4B85-FEC2-771F-DD49-11B00FC23487} |
| Windows Desktop Extension SDK                                      | {C896EC13-8FF3-231E-446C-6B4CDE35057E} |
| Windows Software Development Kit - Windows 10.0.22000.832          |                                        |
| vs_minshellmsi                                                     | {6273EBE8-CB42-4CAB-A050-64865C45227F} |
| vs_githubprotocolhandlermsi                                        | {72A4AFDE-27D9-4A94-A584-958444AAA6F2} |
| MSI Development Tools                                              | {456C6523-FABB-28D2-F3FA-C007DD2ABE44} |
| Windows SDK Facade Windows WinMD Versioned                         | {FC8AD848-3916-0874-5C48-04752D82C438} |
| vs_communitymsires                                                 | {F188287E-53A8-3B94-8150-608C1D805B3B} |
| Windows Mobile Extension SDK                                       | {E69E79C1-5E03-5795-6BC2-E8DCBFF50EA5} |
| Windows SDK for Windows Store Apps Headers                         | {4FE8016C-7898-E1B2-4E64-54B6DD846547} |
| Windows SDK                                                        | {CDAC2749-DC3F-9182-C687-E99F09677CF7} |
| Figma (Machine - MSI)                                              | {237978D0-E7E6-4114-ADCE-3B6BB6C90D54} |
| Figma (Machine)                                                    |                                        |
| Windows SDK Desktop Tools x86                                      | {5C03BCEF-73C0-CA46-E7B9-EEE467F875EE} |
| Windows SDK EULA                                                   | {369EFE7F-EDDC-EDFB-1162-ED803F641828} |
| Windows SDK Desktop Tools x64                                      | {38A7FEF7-97EB-5C96-330D-8E38AD71FA84} |
| WinRT Intellisense Desktop - en-us                                 | {64CA368D-207A-E5E8-AF62-83356020C996} |
| Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 |                                        |
| Windows SDK Modern Versioned Developer Tools                       | {B74AD0A5-36E4-3EA9-5507-249277FAE478} |
| Windows IoT Extension SDK Contracts                                | {DA54E0F6-E3F1-153B-D081-57F57D9FF48E} |
| Universal CRT Extension SDK                                        | {3EBF4CE3-D1AE-6185-B109-E88FA2A7F3DF} |
| Windows SDK for Windows Store Managed Apps Libs                    | {20C74163-7D8F-C0E5-28E8-37EB61C0F9FB} |
| Windows SDK Modern Versioned Developer Tools                       | {F3EE49AA-E3C3-5772-3049-2E9957AD55CC} |
| WinRT Intellisense Mobile - en-us                                  | {75D7C18C-D18D-7B3C-87EC-C8267B344B75} |
| WinRT Intellisense PPI - en-us                                     | {1A2DE2BB-126C-F533-60E1-DDAF208E4B7B} |
| vs_minshellmsires                                                  | {816B218F-4ECD-351E-A416-6ECFB8899FFB} |
| Windows SDK Desktop Headers arm64                                  | {7F031EB7-41B9-F83A-8DC1-174BE68AB11C} |
| Windows SDK Desktop Tools x64                                      | {B7E3994D-A680-F51E-48BC-D0DA67791D53} |
| Windows SDK for Windows Store Apps Tools                           | {BD64F635-575B-1C6D-D0E8-49C2F6E8D0FA} |
| vs_filehandler_amd64                                               | {3FF75236-49C4-35C8-8FAC-79471939F5A1} |
| Windows SDK Modern Non-Versioned Developer Tools                   | {341879FE-D98D-A95A-D805-905742172B30} |
| Windows SDK AddOn                                                  | {8061F133-4FE2-42AC-8145-03F3F866CF69} |
| vs_minshellinteropsharedmsi                                        | {409E2B4D-07C2-496F-8D18-15DCC920091B} |
| Windows SDK for Windows Store Apps Libs                            | {E6A55D9F-A8BB-FF2F-64DF-8A04EC725B72} |
| Windows SDK Desktop Headers x86                                    | {46EBFB7B-2ABD-5811-28BF-9780F781F3B6} |
| Windows Desktop Extension SDK                                      | {D8734F03-B322-96EC-6319-23C384B0C59E} |
| Windows IoT Extension SDK                                          | {A12CC894-1FC1-A406-F84B-9C32023F5180} |
| Windows SDK Desktop Headers arm                                    | {133AE232-C044-AC0A-4632-60886621F9C8} |
| Windows SDK Desktop Tools x64                                      | {F6FCBC0A-C807-5632-4327-77C2DC890ABD} |
| Windows Team Extension SDK Contracts                               | {3CBF99F1-F074-27AB-7E31-05A122FD7E17} |
| WinRT Intellisense Desktop - en-us                                 | {A56C4924-417B-94F8-5F4D-D9C1A75BAA0A} |
| Windows SDK Modern Versioned Developer Tools                       | {026E5FBE-00C7-5735-ACD1-0B5F0249CA20} |
| Windows Team Extension SDK Contracts                               | {1F8584A0-9F54-5232-2FEE-6433AECB9F74} |
| WinRT Intellisense PPI - en-us                                     | {94E92B20-B0F9-FD1C-B536-9A30FF20C284} |
| WinRT Intellisense PPI - Other Languages                           | {5D349CF3-7777-4990-B781-278D26C61B34} |
| Windows SDK for Windows Store Managed Apps Libs                    | {23D09B6F-93AE-A652-BABB-F5D0D24FD1E6} |
| Microsoft OneDrive                                                 |                                        |
| Python 3.12.8 (64-bit)                                             |                                        |
| MSYS2                                                              |                                        |
| Microsoft Visual Studio Code (User)                                |                                        |
+--------------------------------------------------------------------+----------------------------------------+

ksykulev · 2025-04-03T15:40:55Z

osquery/tables/system/windows/programs.cpp

+  if (encoded.length() != 32) {
+    return "Invalid length";
+  }
+  // Microsoft uses a custom encoding for GUIDs in the registry


Some of this seems to align with the native guid implementation in c++
https://learn.microsoft.com/en-us/windows/win32/api/guiddef/ns-guiddef-guid

typedef struct _GUID { unsigned long Data1; unsigned short Data2; unsigned short Data3; unsigned char Data4[8]; } GUID;

Data1: Represents the first 8 hexadecimal digits (32 bits). Data2: Represents the next 4 hexadecimal digits (16 bits). Data3: Represents the subsequent 4 hexadecimal digits (16 bits). Data4: Represents the final 12 hexadecimal digits (64 bits), stored as an array of 8 bytes.

zwass

Some minor changes requested. Thank you!

specs/windows/programs.table

zwass · 2025-04-03T19:08:30Z

osquery/tables/system/windows/programs.cpp

+std::string decodeMsiRegistryGuid(const std::string& encoded) {
+  // Ensure the encoded string is exactly 32 characters long
+  if (encoded.length() != 32) {
+    return "Invalid length";


Due to https://github.com/osquery/osquery/pull/8587/files#diff-08a676ce9fafbd67605d303da9b66f83e38ced915d6244222258cf1547b9291cR86-R89, seems like this should return an empty string? And perhaps log at the info or verbose level depending on how common it is?

zwass · 2025-04-03T19:10:33Z

osquery/tables/system/windows/programs.cpp

+  std::string str = reverseString(encoded.substr(0, 8)) + "-" +
+                    reverseString(encoded.substr(8, 4)) + "-" +
+                    reverseString(encoded.substr(12, 4)) + "-" +
+                    reverseString(encoded.substr(16, 2)) +
+                    reverseString(encoded.substr(18, 2)) + "-" +
+                    reverseString(encoded.substr(20, 2)) +
+                    reverseString(encoded.substr(22, 2)) +
+                    reverseString(encoded.substr(24, 2)) +
+                    reverseString(encoded.substr(26, 2)) +
+                    reverseString(encoded.substr(28, 2)) +
+                    reverseString(encoded.substr(30, 2));
+
+  std::string guid = "{" + str + "}";
+  return guid;


Combine these lines?

zwass · 2025-04-03T19:10:47Z

osquery/tables/system/windows/programs.cpp

+  // It reverses the order of the bytes in the string
+  // This 2CCAB6107DB47314AB175756630CCD04
+  // 1.  Reverse last 2 characters 04
+  // 2.  Reverse next 2 characters CD
+  // 3.  Reverse next 2 characters 0C
+  // 4.  Reverse next 2 characters 63
+  // 5.  Reverse next 2 characters 56
+  // 6.  Reverse next 2 characters 57
+  // 7.  Reverse next 2 characters 17
+  // 8.  Reverse next 2 characters AB
+  // 9.  Reverse next 4 characters 7314
+  // 10. Reverse next 4 characters 7DB4
+  // 11. Reverse first 8 characters 2CCAB610
+  // becomes 016BACC2-4BD7-4137-BA71-756536C0DC40


This comment is very helpful. Would also be nice to see a unit test for this.

zwass · 2025-04-03T19:12:39Z

osquery/tables/system/windows/programs.cpp

+  }
+
+  return productCodeUpgradeCodeMap;
+}


334 is on your system or any system? That seems like a very reasonable amount of data to have in memory. I'm guessing we are talking about a few kb?

If the number of key value pairs is equal to the number of software items installed, I think it's fine.

osquery/tables/system/tests/windows/registry_tests.cpp

zwass

@ksykulev can you please merge/rebase master? That will fix the mdfind CI issue.

zwass

@ksykulev this needs a rebase now that #8585 has been merged.

zwass

I think we should move forward as-is and address any memory usage issues if they come up. The concern seems minimal in my eyes given the expected size of the cache.

ksykulev requested review from a team as code owners April 3, 2025 05:35

ksykulev commented Apr 3, 2025

View reviewed changes

ksykulev force-pushed the 27759-upgrade-code branch from 47da09d to fe140e6 Compare April 3, 2025 12:42

ksykulev commented Apr 3, 2025

View reviewed changes

zwass requested changes Apr 3, 2025

View reviewed changes

ksykulev force-pushed the 27759-upgrade-code branch 2 times, most recently from fc49d91 to 9578717 Compare April 4, 2025 02:56

ksykulev commented Apr 4, 2025

View reviewed changes

osquery/tables/system/tests/windows/registry_tests.cpp Outdated Show resolved Hide resolved

ksykulev force-pushed the 27759-upgrade-code branch 6 times, most recently from fef7e49 to 941afa4 Compare April 4, 2025 20:40

ksykulev mentioned this pull request Apr 8, 2025

Research: Use UpgradeCode as the unique identifier for Windows software fleetdm/fleet#27776

Closed

20 tasks

zwass requested changes Apr 9, 2025

View reviewed changes

ksykulev force-pushed the 27759-upgrade-code branch from 941afa4 to 3c1b983 Compare April 9, 2025 16:21

zwass requested changes Apr 9, 2025

View reviewed changes

Added UpgradeCode to programs table

91fcbeb

ksykulev force-pushed the 27759-upgrade-code branch from 3c1b983 to 91fcbeb Compare April 9, 2025 22:35

zwass approved these changes Apr 10, 2025

View reviewed changes

zwass merged commit 60ce8f3 into osquery:master Apr 10, 2025
22 checks passed

This was referenced Jun 11, 2025

Dogfood: Expose UpgradeCode for Windows apps in osquery via upgrade_code column in programs table fleetdm/fleet#29415

Closed

🪲Custom package MSI uninstall scripts don't uninstall other versions of the software fleetdm/fleet#27758

Closed

Uh oh!

Added UpgradeCode to programs table #8587

Added UpgradeCode to programs table #8587

Uh oh!

Conversation

ksykulev commented Apr 3, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

ksykulev Apr 3, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

ksykulev commented Apr 3, 2025

Uh oh!

Choose a reason for hiding this comment

Uh oh!

zwass left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

zwass left a comment

Choose a reason for hiding this comment

Uh oh!

zwass left a comment

Choose a reason for hiding this comment

Uh oh!

zwass left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

ksykulev commented Apr 3, 2025 •

edited

Loading

ksykulev Apr 3, 2025 •

edited

Loading