-
Notifications
You must be signed in to change notification settings - Fork 79
/
powerlog_process_id.txt
116 lines (99 loc) · 4.49 KB
/
powerlog_process_id.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# --------------------------------------------------------------------------------
# Copyright (c) 2018-2020 Sarah Edwards (Station X Labs, LLC,
# @iamevltwin, mac4n6.com). All rights reserved.
# This software is provided "as is," without warranty of any kind,
# express or implied. In no event shall the author or contributors
# be held liable for any damages arising in any way from the use of
# this software.
# The contents of this file are DUAL-LICENSED. You may modify and/or
# redistribute this software according to the terms of one of the
# following two licenses (at your option):
# LICENSE 1 ("BSD-like with acknowledgment clause"):
# Permission is granted to anyone to use this software for any purpose,
# including commercial applications, and to alter it and redistribute
# it freely, subject to the following restrictions:
# 1. Redistributions of source code must retain the above copyright
# notice, disclaimer, and this list of conditions.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, disclaimer, and this list of conditions in the documenta-
# tion and/or other materials provided with the distribution.
# 3. All advertising, training, and documentation materials mentioning
# features or use of this software must display the following
# acknowledgment. Character-limited social media may abbreviate this
# acknowledgment to include author and APOLLO name ie: "This new
# feature brought to you by @iamevltwin's APOLLO". Please make an
# effort credit the appropriate authors on specific APOLLO modules.
# The spirit of this clause is to give public acknowledgment to
# researchers where credit is due.
# This product includes software developed by Sarah Edwards
# (Station X Labs, LLC, @iamevltwin, mac4n6.com) and other
# contributors as part of APOLLO (Apple Pattern of Life Lazy
# Output'er).
# LICENSE 2 (GNU GPL v3 or later):
# This file is part of APOLLO (Apple Pattern of Life Lazy Output'er).
# APOLLO is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# APOLLO is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with APOLLO. If not, see <https://www.gnu.org/licenses/>.
# --------------------------------------------------------------------------------
[Module Metadata]
AUTHOR=Sarah Edwards/mac4n6.com/@iamevltwin
MODULE_NOTES=App/Process Usage
[Database Metadata]
DATABASE=CurrentPowerlog.PLSQL
PLATFORM=MACOS,IOS
VERSIONS=10.14,10.15,10.16,13,14
[Query Metadata]
QUERY_NAME=powerlog_process_id
ACTIVITY=Process ID
KEY_TIMESTAMP=ADJUSTED_TIMESTAMP
[SQL Query 10.14,10.15,10.16,13,14]
QUERY=
SELECT
DATETIME(TIMESTAMP + SYSTEM, 'UNIXEPOCH') AS ADJUSTED_TIMESTAMP,
PROCESSNAME AS 'PROCESS NAME',
BUNDLEID AS 'BUNDLE ID',
COALITIONID AS 'COALITION ID',
PID AS 'PID',
DATETIME(TIMESTAMP, 'UNIXEPOCH') AS ORIGINAL_TIMESTAMP,
DATETIME(TIME_OFFSET_TIMESTAMP, 'UNIXEPOCH') AS OFFSET_TIMESTAMP,
SYSTEM AS TIME_OFFSET,
TABLE_ID AS "PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID TABLE ID"
FROM
(
SELECT
TABLE_ID,
TIMESTAMP,
TIME_OFFSET_TIMESTAMP,
MAX(TIME_OFFSET_ID) AS MAX_ID,
BUNDLEID,
COALITIONID,
PID,
PROCESSNAME,
SYSTEM
FROM
(
SELECT
PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID.TIMESTAMP,
PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID.BUNDLEID,
PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID.COALITIONID,
PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID.PID,
PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID.PROCESSNAME,
PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID.ID AS "TABLE_ID",
PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.TIMESTAMP AS TIME_OFFSET_TIMESTAMP,
PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.ID AS TIME_OFFSET_ID,
PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET.SYSTEM
FROM
PLPROCESSMONITORAGENT_EVENTFORWARD_PROCESSID
LEFT JOIN
PLSTORAGEOPERATOR_EVENTFORWARD_TIMEOFFSET
)
GROUP BY
TABLE_ID
)