Export (0) Print
Expand All

Win32_ThreadStartTrace class

The Win32_ThreadStartTrace event WMI class indicates that a new thread has started.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties. Properties and methods are in alphabetic order, not MOF order.

Syntax

class Win32_ThreadStartTrace : Win32_ThreadTrace
{
  uint32 ProcessID;
  uint8  SECURITY_DESCRIPTOR[];
  uint64 StackBase;
  uint64 StackLimit;
  uint64 StartAddr;
  uint32 ThreadID;
  uint64 TIME_CREATED;
  uint64 UserStackBase;
  uint64 UserStackLimit;
  uint32 WaitMode;
  uint64 Win32StartAddr;
};

Members

The Win32_ThreadStartTrace class has these types of members:

Properties

The Win32_ThreadStartTrace class has these properties.

ProcessID
Data type: uint32
Access type: Read-only

Process identifier of the thread involved in the event. This property is inherited from Win32_ThreadTrace.

SECURITY_DESCRIPTOR
Data type: uint8 array
Access type: Read-only

Descriptor used by the event provider to determine which users can receive the event. This property is inherited from __Event.

StackBase
Data type: uint64
Access type: Read-only

Base address of the thread's stack.

For more information about using uint64 values in scripts, see Scripting in WMI.

StackLimit
Data type: uint64
Access type: Read-only

Limit of the thread's stack.

For more information about using uint64 values in scripts, see Scripting in WMI.

StartAddr
Data type: uint64
Access type: Read-only

Memory address at which the trace starts.

For more information about using uint64 values in scripts, see Scripting in WMI.

ThreadID
Data type: uint32
Access type: Read-only

Thread identifier of the thread involved in the event. This property is inherited from Win32_ThreadTrace.

TIME_CREATED
Data type: uint64
Access type: Read-only

Unique value that indicates the time at which the event was generated. This property is inherited from __Event.

For more information about using uint64 values in scripts, see Scripting in WMI.

UserStackBase
Data type: uint64
Access type: Read-only

Base address of the thread's user-mode stack.

For more information about using uint64 values in scripts, see Scripting in WMI.

UserStackLimit
Data type: uint64
Access type: Read-only

Limit of the thread's user-mode stack.

For more information about using uint64 values in scripts, see Scripting in WMI.

WaitMode
Data type: uint32
Access type: Read-only

Processor mode in which the wait is to occur.

ValueMeaning
0

Kernel

1

User

 

Win32StartAddr
Data type: uint64
Access type: Read-only

Starting address of the function to be executed by this thread.

For more information about using uint64 values in scripts, see Scripting in WMI.

Remarks

The Win32_ThreadStartTrace class is derived from Win32_ThreadTrace.

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2003

Namespace

\root\CIMV2

MOF

Krnlprov.mof

DLL

Krnlprov.dll

See also

Operating System Classes

 

 

Show:
© 2014 Microsoft