State

  • Article

The condition of a running computer is constantly changing. The amount of free space on a disk drive decreases and increases as files are created and deleted, or the drive may cease to function entirely; the amount of free RAM changes as programs are launched and terminated; the number of clients accessing a server is in a constant state of flux. The condition of the computer system at any point in time is referred to as its "state" and is a composite of all of the information that exists about that system, the number of users, the names of users, the available resources, the hardware components, what software is running and the state of each program (variables and their values, next line of code to be executed, condition of the stack and heap, and so on).

Note  For more information about support and installation of this component on a specific operating system, see Operating System Availability of WMI Components.

Because state is constantly changing over time, you cannot look at the system's current state and know anything for certain about an earlier state. Therefore, if you are going to correlate events over time, you must be able to somehow maintain the state of the system, or at least the part of the system in which you are interested, in such a way as to permit you to effectively look back in time and find out what you need to know about a former state.

To use a trivial example, suppose you are interested in whether the tilde (~) key is ever used. The programmatic way of determining this is to create a program that starts when the computer is started and that contains the Boolean variable TildeStruck, initialized to false. Each time a key on the keyboard is struck, your program would have to intercept the keystroke and analyze it before passing it on to the user's application. In analyzing the keystroke, your program would compare its value to a tilde, and if it matched, the variable TildeStruck would be assigned the value true, thereby maintaining the state of the tilde key at that point in time for later review.

Or, continuing with the example, suppose that, instead of being interested in whether or not the tilde key was struck, you are interested in how many times it was struck. The programmatic approach would be much the same except that TildeStruck would be an integer variable rather than Boolean and you would initialize it to zero. Each time the tilde key is struck, instead of assigning true to the variable, you would add 1 to its value. The point is, that at a time when the tilde key is not being struck, you can query the variable to determine a previous state of that part of the system. With just a few more variables, and the code to maintain them, you could determine not only if or how many times the key was struck, but the relative frequency of the tilde key's use as compared with other keys, the first or last time it was struck, and so on.

As the scenario becomes more complex, the number of program variables and the code becomes increasingly complex, but the essence of state is still the condition of the system at a point in time. The essence of maintaining state is to take a snapshot of the system as a point in time so that at a later time you can look back and determine something useful about an earlier state of the system.