Instance Balancer

Process Lasso 9.5 – Regular Expressions

Process Lasso 9.5 is now available! Among other things, this version introduces Regular Expressions into rule process matching, enabling the creation of more complex and precise rules. In this initial release, Regular Expressions are limited to the CPU Limiter, Instance Balancer, and Watchdog features, but will be expanded throughout the product in the future.

Most home users need not concern themselves with Regular Expressions, so don’t be overwhelmed. If there is no need to use them, simply ignore them.

Other changes to this version include GUI optimizations and a lot of general product refinement. See the revision history here.

The new documentation on process matching in Process Lasso rules can be found below. For questions or problems, contact us.

Process Matching

When matching rules to processes, a match phrase is given by the user, often called the ‘process match’ in Process Lasso. This can be a simple process name, a string with wildcards, or even a Regular Expression checked against multiple process attributes (e.g. user and command line).

Traditional

Traditional process name matching uses a simple wildcard match, with ‘?’ indicating any single character and ‘*’ indicating a sequence of any character. It is case insensitive. The user name may be appended to the match string with a colon. Depending on the feature, after toggling on path or command line matching, those fields are also compared to the match phrase.

Examples (non-Regex):

chrome.exe
 Match any process named chrome.exe

chrome*
 Match any process that begins with 'chrome'

chrome.exe:bob
 Match any process named chrome.exe running under user 'bob'

Regular Expressions

Process Lasso v9.5+ supports Regular Expression (RegEx) matching to multiple process attributes. This allows for the creation of complex rules that were not previously possible. For instance, a rule could act on Chrome.exe or Firefox.exe when user is Bob or Jeremy. Previously, this would require 4 different rules, and in the case of the Instance Balancer, combining them into a single group was not possible.

Features supporting RegEx:

  • CPU Limiter
  • Instance Balancer
  • Watchdog
  • ProBalance Exclusions

Support for RegEx will be come to other features in future versions of Process Lasso.

What is a Regular Expression?

A Regular Expression is a language for pattern matching (and substitution). It has been in use for decades and enjoys widespread support.

A regular expression is a special text string for describing a search pattern. You can think of regular expressions as wildcards on steroids. You are probably familiar with wildcard notations such as *.txt to find all text files in a file manager. The regex equivalent is .*\.txt.
RegexBuddy

Read more:
Quick Reference (Microsoft)
RegexBuddy
RegularExpressions.info

Use of RegEx in Process Lasso

When matching a RegEx, Process Lasso concatenates multiple fields about the process. The format of this consolidated process information string is:

PID,User,Process,Path,PPID,Parent,,,,CommandLine (always last)

Fields:
 PID = process ID
 User = user under which process is running
 Process = basename of process
 Path = file path of process image
 PPID = parent ID
 Parent = parent process name
 CommandLine = process command line (this field is always last. Its index is subject to change!)

In this way, an expression can match to anything in the concatenated string, or only to specific fields, depending on how precise the expression is.

With Process Lasso, Regular Expressions are differentiated from traditional match phrases by encapsulation in forward slashes (e.g. ‘/myregex/’).

All matching is case insensitive. Embedded commas in a field (normally only in the command line field) are escaped with a backslash, so for precise rules this should be taken into account.

Examples

While RegEx allows for powerful matching on multiple patterns and fields, it can also be used in simple ways:

/firefox.exe/
 Match 'firefox?exe' anywhere in any field. Note '.' is a wildcard in RegEx, but you can escape it like 'firefox\.exe' for more precision.

/,firefox\.exe/
 Match only 'firefox.exe' at the start of a field (>0)

/,fire*.exe/
 Match only 'fire*exe' at the start of a field (>0)

/,[fire*.exe|chr*.exe]/
 Match only 'fire*exe' OR 'chr*exe' at the start of a field (>0)

/,bobsmith/ 
 Match user 'bobsmith' at the start of a field (>0)

/,.*-type=renderer(^,)*$/
 Match '-type=renderer' anywhere in last field (command line). Note starts with a comma, then ends before a new field occurs (see below for embedded commas).

/,.*-type=renderer[^(,)|(\\,)]*$/
 Prior with handling of escaped embedded commas in the command line.

Advanced

To match specific fields, an expression such as this can be used to match specifically field 3 (the process name):

^([^,]*,){2}
 Explanation:
 ^ = Starts at beginning of string
 ([^,]*,) = Not a comma repeated zero or more times, followed by a comma
 {2} = Repeat prior match (a comma delimited field) 2 times
/^([^,]*,)(jeremy|bob),/
 Match processes with username of jeremy or bob

/^([^,]*,){2}chrome\.exe,/
 Match processes named chrome.exe

/^([^,]*,){2}.*chr.*,/
 Match processes whose name contains with ‘chr’

/^([^,]*,){2}(chrome\.exe|firefox\.exe).*,/
 Match processes whose name starts with ‘chrome.exe’ or 'firefox.exe'

/^([^,]*,){5}boinc\.exe.*,/
 Match processes whose parent is ‘boinc.exe’

/^([^,]*,)(jeremy|bob),chrome\.exe/ 
 Match processes whose name is chrome.exe under user of jeremy or bob.

/^([^,]*,){2}chrome.exe,.*,.*-type=renderer[^(,|\\,)]*$
 Match process name ‘chrome.exe’ and has '-type=renderer' in the command line (last field)

/^([^,]*,){3}.*\\program files.*/
 Match path containing ‘\Program Files\’ (matching is case insensitive).

How to test Regular Expressions
To test regular expression patterns, create a text file with rows simulating Process Lasso’s provided match string. Then use grep (WSL or Linux) or another tool to match RegEx. Note that the encapsulating forward slashes need to be removed. An example is:

sample.txt:
20116,jeremy,chrome.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,19233,chrome.exe,,,,"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer

test command:
grep -P 'chr.*' sample.txt

 


Discover more from Bitsum

Subscribe to get the latest posts sent to your email.