Difficulty inspecting Processor Model on Windows

The specific information mentioned comes from the CPUID instruction so therefore from the processor itself. Specifically from this request - see https://en.wikipedia.org/wiki/CPUID#EAX=1:_Processor_Info_and_Feature_Bits

There is also an “extended family” property of a processor so perhaps the other application is combining these elements which is also indicated is often done with the flag bits but we just provide the raw values for usage. See https://developer.bigfix.com/relevance/reference/processor.html#extended-family-of-processor-integer

Thanks, Alan. I just find it curious that Windows and Linux clients return the results differently.

The Linux client gives the return values in a single “model” and “family” value and doesn’t provide “extended model” or “extended family” at all, while the Windows client returns these as separate values.

I’d have to guess that the Linux client is retrieving this from some place that has already processed the result, from /proc/cpuinfo or similar; the values in /proc/cpuinfo appear to already be “cooked”.

And yes you found the source of the Linux inspector data

We try to not “precombine” things in relevance giving as low as possible information so it can be used in some unexpected way at a later point

@JasonWalker your mappings look pretty comprehensive. Is there way to do this in relevance natively, for example have a retrieved property return something like this on the fly -

“GenuineIntel”, “06”, “5e”, “Skylake”, “Skylake”

OR even just Skylake if the processor is GenuineIntel, and the result of the relevance is 5e

q: (it as hexadecimal) of ( if (exists families whose(it = 6 OR it = 15) of processors) then (it as integer) of ((left shift 4 of (it as bit set) of unique value of extended models of processors) + ((it as bit set) of unique value of models of processors)) else NULL | unique value of models of processors )
A: 5e

Absolutely, you can create separate properties out of each part of the relevance. In fact in the analysis I use internally, I do just that - one property for “family of processor”, another for “extended family of processor”, etc.
I use this large lookup to map the results back to codenames. It’s native relevance, I’ve checked on Windows, Linux, and AIX (though “PowerPC_7” is probably a little less useful). I don’t have any Mac to test on but I expect it should work.

If you mean a native property that would return “Skylake” without creating a lookup mapping, then…no, at least no property that I could find. I don’t think think the processors or bios have the “Skylake” -type codenames embedded anywhere.

I’m pretty sure that the CPUID utility needs to be updated for each new processor release for this same reason. You can retrieve model, extended model, family, and extended family right from the CPU but not codename mappings.

@JasonWalker makes sense. We can probably do the lookup in SQL based on the results from the properties.

All i need i’m guessing is the Family (hex) and Model (hex) as RP’s. I have processor name already.

Do you have the Family (hex) and Model (hex) to share ? I see a bunch of relevance in the post, not sure which ones are the most current.

Great work though !

To handle them correctly, you have to merge “extended model” and “model” of processor, as well as “extended family” and “family” (on Windows anyway). I think the rules with how to merge are already discussed in this thread. In the end here are a couple of properties I have in my Analysis to deal with it:

Processor DisplayModel:
/* https://www.bigfix.me/analysis/details/2994710 */ /* http://www.intel.com/content/www/us/en/architecture-and-technology/64-ia-32-architectures-software-developer-vol-2a-manual.html DisplayModel */ /* Also Linux 9.2.x lacks 'extended models of processors' so if there's an error failback to 'models of processors' */

((if (exists families whose(it = 6 OR it = 15) of processors) then (it as integer) of ((left shift 4 of (it as bit set) of unique value of extended models of processors) + ((it as bit set) of unique value of models of processors)) else (unique value of models of processors)) as hexadecimal) | (unique value of models of processors as hexadecimal)

Processor DisplayFamily:

/* https://www.bigfix.me/analysis/details/2994710 */ /* http://www.intel.com/content/www/us/en/architecture-and-technology/64-ia-32-architectures-software-developer-vol-2a-manual.html DisplayModel */ /* Also Linux 9.2.x lacks 'extended models of processors' so if there's an error failback to 'models of processors' */

((if (exists families whose(it = 15) of processors) then (it as integer) of (unique value of families of processors + unique value of extended families of processors as hexadecimal) else (unique value of families of processors)) as hexadecimal) | (unique value of families of processors as hexadecimal)

Thanks @JasonWalker and others who have contributed.

This has been an interesting thread and very instructive on some of the more esoteric bits of relevance that I’d not normally go anywhere near.

this is great work !

Thanks for this @JasonWalker…
Im seeing Processor family 6 but Processor Models 4e, 8e, 9e and 45 that are reporting as “none”. Trying to find the Processor Family name.
From q: unique values of (name of it as string as trimmed string & “=” & it as string as trimmed string) of values of structures “processor_information” of smbios

I get the following. This is for a Family 6 Processor model 4e for instance. (Surface Book)
A: =4
A: asset_tag=To Be Filled By O.E.M.
A: core_count=2
A: core_enabled=2
A: current_speed=2500
A: external_clock=100
A: l1_cache_handle=9
A: l2_cache_handle=10
A: l3_cache_handle=11
A: max_speed=0
A: part_number=To Be Filled By O.E.M.
A: processor_characteristics=252
A: processor_family=198
A: processor_family_2=198
A: processor_id=-4617319920302815517
A: processor_manufacturer=Intel® Corporation
A: processor_type=3
A: processor_upgrade=51
A: processor_version=Intel® Core™ i7-6600U CPU @ 2.60GHz
A: serial_number=To Be Filled By O.E.M.
A: socket_designation=U3E1
A: status=65
A: thread_count=4
A: voltage=137
T: 1.374 ms

What do you get as results for “Model” and “Family” of these? And do you know what the Microarchitecture and Processor codenames should be?

/* https://www.bigfix.me/analysis/details/2994710 */ /* http://www.intel.com/content/www/us/en/architecture-and-technology/64-ia-32-architectures-software-developer-vol-2a-manual.html DisplayModel */ /* Also Linux 9.2.x lacks 'extended models of processors' so if there's an error failback to 'models of processors' */

((if (exists families whose(it = 6 OR it = 15) of processors) then (it as integer) of ((left shift 4 of (it as bit set) of unique value of extended models of processors) + ((it as bit set) of unique value of models of processors)) else (unique value of models of processors)) as hexadecimal) | (unique value of models of processors as hexadecimal)

Processor DisplayFamily:

/* https://www.bigfix.me/analysis/details/2994710 */ /* http://www.intel.com/content/www/us/en/architecture-and-technology/64-ia-32-architectures-software-developer-vol-2a-manual.html DisplayModel */ /* Also Linux 9.2.x lacks 'extended models of processors' so if there's an error failback to 'models of processors' */

((if (exists families whose(it = 15) of processors) then (it as integer) of (unique value of families of processors + unique value of extended families of processors as hexadecimal) else (unique value of families of processors)) as hexadecimal) | (unique value of families of processors as hexadecimal)

i get 4e and 6 respectively.
This is the snip from the Intel processor id tool
(Its a Surface Book, but we do have Dells with the same 4e code returned.) The other codes in my post have all come from your Query code