Process_TypeGroup1 class

This class is the event type class for process events.

The following syntax is simplified from MOF code.

Syntax

[EventType{1, 2, 3, 4, 39}, EventTypeName{"Start", "End", "DCStart", "DCEnd", "Defunct"}]class Process_TypeGroup1 : Process
{
  uint32 UniqueProcessKey;
  uint32 ProcessId;
  uint32 ParentId;
  uint32 SessionId;
  sint32 ExitStatus;
  uint32 DirectoryTableBase;
  object UserSID;
  string ImageFileName;
  string CommandLine;
};

Members

The Process_TypeGroup1 class has these types of members:

Properties

The Process_TypeGroup1 class has these properties.

CommandLine
Data type: string
Access type: Read-only
Qualifiers: WmiDataId(9), StringTermination("NullTerminated"), Format("w")

Full command line of the process.

DirectoryTableBase
Data type: uint32
Access type: Read-only
Qualifiers: WmiDataId(6), Pointer

The physical address of the page table of the process.

ExitStatus
Data type: sint32
Access type: Read-only
Qualifiers: WmiDataId(5)

Exit status of the stopped process.

ImageFileName
Data type: string
Access type: Read-only
Qualifiers: WmiDataId(8), StringTermination("NullTerminated")

Path to the executable file of the process.

ParentId
Data type: uint32
Access type: Read-only
Qualifiers: WmiDataId(3), Format("x")

Unique identifier of the process that creates this process. Process identifier numbers are reused, so they only identify a process for the lifetime of that process. It is possible that the process identified by ParentProcessId is terminated, so ParentProcessId may not refer to a running process. It is also possible that ParentProcessId incorrectly refers to a process that reuses a process identifier.

ProcessId
Data type: uint32
Access type: Read-only
Qualifiers: WmiDataId(2), Format("x")

Global process identifier that you can use to identify a process. The value is valid from the time a process is created until it is terminated.

SessionId
Data type: uint32
Access type: Read-only
Qualifiers: WmiDataId(4)

Unique identifier that an operating system generates when it creates a new session. A session spans a period of time from log on until log off from a specific system.

UniqueProcessKey
Data type: uint32
Access type: Read-only
Qualifiers: WmiDataId(1), Pointer

The address of the process object in the kernel.

UserSID
Data type: object
Access type: Read-only
Qualifiers: WmiDataId(7), Extension("Sid")

Security identifier (SID) for the user context under which the event happens.

Remarks

The DCStart and DCEnd event types enumerate the process that are currently running, including idle and system process, at the time the kernel session starts and ends, respectively.

Requirements

Minimum supported client

Windows 2000 Professional [desktop apps only]

Minimum supported server

Windows 2000 Server [desktop apps only]

See also

Process

 

 

Community Additions

ADD
Show:
© 2014 Microsoft