- WMI Library -
WMI Libraly > Win32_Process Class

Win32_Process Class

The Win32_Process class represents a sequence of events on a Win32 system. Any sequence consisting of the interaction of one or more processors or interpreters, some executable code, and a set of inputs, is a descendent (or member) of this class.
Example: A client application running on a Win32 system.
Namespace value is root/CIMV2.
WMI Provider value is CIMWin32.


Properties

  • Caption
  • The Caption property is a short textual description (one-line string) of the object.

  • CommandLine
  • The CommandLine property specifies the command line used to start a particular process, if applicable.

  • CreationClassName
  • CreationClassName indicates the name of the class or the subclass used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.

  • CreationDate
  • Time that the process began executing.

  • CSCreationClassName
  • CSCreationClassName contains the scoping computer system's creation class name.

  • CSName
  • The scoping computer system's name.

  • Description
  • The Description property provides a textual description of the object.

  • ExecutablePath
  • The ExecutablePath property indicates the path to the executable file of the process.
    Example: C:\WINDOWS\EXPLORER.EXE

  • ExecutionState
  • Indicates the current operating condition of the process. Values include ready (2), running (3), and blocked (4), among others.

  • Handle
  • A string used to identify the process. A process ID is a kind of process handle.

  • HandleCount
  • The HandleCount property specifies the total number of handles currently open by this process. This number is the sum of the handles currently open by each thread in this process. A handle is used to examine or modify the system resources. Each handle has an entry in an internally maintained table. These entries contain the addresses of the resources and the means to identify the resource type.

  • InstallDate
  • The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.

  • KernelModeTime
  • Time in kernel mode, in 100 nanoseconds. If this information is not available, a value of 0 should be used.

  • MaximumWorkingSetSize
  • The MaximumWorkingSetSize property indicates the maximum working set size of the process. The working set of a process is the set of memory pages currently visible to the process in physical RAM. These pages are resident and available for an application to use without triggering a page fault.
    Example: 1413120.

  • MinimumWorkingSetSize
  • The MinimumWorkingSetSize property indicates the minimum working set size of the process. The working set of a process is the set of memory pages currently visible to the process in physical RAM. These pages are resident and available for an application to use without triggering a page fault.
    Example: 20480.

  • Name
  • The Name property defines the label by which the object is known. When subclassed, the Name property can be overridden to be a Key property.

  • OSCreationClassName
  • The scoping operating system's creation class name.

  • OSName
  • The scoping operating system's name.

  • OtherOperationCount
  • The OtherOperationCount property specifies the number of I/O operations performed, other than read and write operations.

  • OtherTransferCount
  • The OtherTransferCount property specifies the amount of data transferred during operations other than read and write operations.

  • PageFaults
  • The PageFaults property indicates the number of page faults generated by the process.
    Example: 10

  • PageFileUsage
  • The PageFileUsage property indicates the amountof page file space currently being used by the process.
    Example: 102435

  • ParentProcessId
  • The ParentProcessId property specifies the unique identifier of the process that created this process. Process identifier numbers are reused, so they only identify a process for the lifetime of that process. It is possible that the process identified by ParentProcessId has terminated, so ParentProcessId may not refer to an running process. It is also possible that ParentProcessId incorrectly refers to a process which re-used that process identifier. The CreationDate property can be used to determine whether the specified parent was created after this process was created.

  • PeakPageFileUsage
  • The PeakPageFileUsage property indicates the maximum amount of page file space used during the life of the process.
    Example: 102367

  • PeakVirtualSize
  • The PeakVirtualSize property specifies the maximum virtual address space the process has used at any one time. Use of virtual address space does not necessarily imply corresponding use of either disk or main memory pages. However, virtual space is finite, and by using too much, the process might limit its ability to load libraries.

  • PeakWorkingSetSize
  • The PeakWorkingSetSize property indicates the peak working set size of the process.
    Example: 1413120

  • Priority
  • The Priority property indicates the scheduling priority of the process within the operating system. The higher the value, the higher priority the process receives. Priority values can range from 0 (lowest priority) to 31 (highest priority).
    Example: 7.

  • PrivatePageCount
  • The PrivatePageCount property specifies the current number of pages allocated that are accessible only to this process

  • ProcessId
  • The ProcessId property contains the global process identifier that can be used to identify a process. The value is valid from the creation of the process until the process is terminated.

  • QuotaNonPagedPoolUsage
  • The QuotaNonPagedPoolUsage property indicates the quota amount of non-paged pool usage for the process.
    Example: 15

  • QuotaPagedPoolUsage
  • The QuotaPagedPoolUsage property indicates the quota amount of paged pool usage for the process.
    Example: 22

  • QuotaPeakNonPagedPoolUsage
  • The QuotaPeakNonPagedPoolUsage property indicates the peak quota amount of non-paged pool usage for the process.
    Example: 31

  • QuotaPeakPagedPoolUsage
  • The QuotaPeakPagedPoolUsage property indicates the peak quota amount of paged pool usage for the process.
    Example: 31

  • ReadOperationCount
  • The ReadOperationCount property specifies the number of read operations performed.

  • ReadTransferCount
  • The ReadTransferCount property specifies the amount of data read.

  • SessionId
  • The SessionId property specifies the unique identifier that is generated by the operating system when the session is created. A session spans a period of time from log in to log out on a particular system.

  • Status
  • The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are "OK", "Degraded" and "Pred Fail". "Pred Fail" indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. Non-operational statuses can also be specified. These are "Error", "Starting", "Stopping" and "Service". The latter, "Service", could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither "OK" nor in one of the other states.

  • TerminationDate
  • Time that the process was stopped or terminated.

  • ThreadCount
  • The ThreadCount property specifies the number of active threads in this process. An instruction is the basic unit of execution in a processor, and a thread is the object that executes instructions. Every running process has at least one thread. This property is for computers running Windows NT only.

  • UserModeTime
  • Time in user mode, in 100 nanoseconds. If this information is not available, a value of 0 should be used.

  • VirtualSize
  • The VirtualSize property specifies the current size in bytes of the virtual address space the process is using. Use of virtual address space does not necessarily imply corresponding use of either disk or main memory pages. Virtual space is finite, and by using too much, the process can limit its ability to load libraries.

  • WindowsVersion
  • The WindowsVersion property indicates the version of Windows in which the process is running.
    Example: 4.0

  • WorkingSetSize
  • The amount of memory in bytes that a process needs to execute efficiently, for an operating system that uses page-based memory management. If an insufficient amount of memory is available (< working set size), thrashing will occur. If this information is not known, NULL or 0 should be entered. If this data is provided, it could be monitored to understand a process' changing memory requirements as execution proceeds.

  • WriteOperationCount
  • The WriteOperationCount property specifies the number of write operations performed.

  • WriteTransferCount
  • The WriteTransferCount property specifies the amount of data written.


    Methods

  • Create
  • The Create method creates a new process.
    The method returns an integer value that can be interpretted as follows:
    0 - Successful completion.
    2 - The user does not have access to the requested information.
    3 - The user does not have sufficient privilge.
    8 - Unknown failure.
    9 - The path specified does not exist.
    21 - The specified parameter is invalid.
    Other - For integer values other than those listed above, refer to Win32 error code documentation.

  • Terminate
  • The Terminate method terminates a process and all of its threads. The method returns an integer value that can be interpretted as follows:
    0 - Successful completion.
    2 - The user does not have access to the requested information.
    3 - The user does not have sufficient privilge.
    8 - Unknown failure.
    9 - The path specified does not exist.
    21 - The specified parameter is invalid.
    Other - For integer values other than those listed above, refer to Win32 error code documentation.

    Note: The SE_DEBUG_PRIVILEGE privilege is required to invoke this method

  • GetOwner
  • The GetOwner method retrieves the user name and domain name under which the process is running.
    The method returns an integer value that can be interpretted as follows:
    0 - Successful completion.
    2 - The user does not have access to the requested information.
    3 - The user does not have sufficient privilge.
    8 - Unknown failure.
    9 - The path specified does not exist.
    21 - The specified parameter is invalid.
    Other - For integer values other than those listed above, refer to Win32 error code documentation.

  • GetOwnerSid
  • The GetOwnerSid method retrieves the security identifier (SID) for the owner of this process.
    The method returns an integer value that can be interpretted as follows:
    0 - Successful completion.
    2 - The user does not have access to the requested information.
    3 - The user does not have sufficient privilge.
    8 - Unknown failure.
    9 - The path specified does not exist.
    21 - The specified parameter is invalid.
    Other - For integer values other than those listed above, refer to Win32 error code documentation.

  • SetPriority
  • The SetPriority method attempts to change the execution priority of the process. In order to set the priority to Realtime, the caller must hold the SeIncreaseBasePriorityPrivilege. Without this privilege, the highest the priority can be set to is High priority.
    The method returns an integer value that can be interpretted as follows:
    0 - Successful completion.
    2 - The user does not have access to the requested information.
    3 - The user does not have sufficient privilge.
    8 - Unknown failure.
    9 - The path specified does not exist.
    21 - The specified parameter is invalid.
    Other - For integer values other than those listed above, refer to Win32 error code documentation.

  • AttachDebugger
  • The AttachDebugger method launches the currently registered debugger for this process. Dr. Watson, however, is not supported.
    The method returns a 'generic failure' if it finds an invalid string in the registry key or an integer value that can be interpretted as follows:
    0 - Successful completion.
    2 - The user does not have access to the requested information.
    3 - The user does not have sufficient privilge.
    8 - Unknown failure.
    9 - The path specified does not exist.
    21 - The specified parameter is invalid.
    Other - For integer values other than those listed above, refer to Win32 error code documentation.


    Example WQL

    SELECT * FROM Win32_Process
    About this site information

    This contents is created by WMI having class information.
    WMI Environment is Windows Server 2008 R2 Enterprise Edition.

    This link is Microsoft documents for "Managing Windows with WMI".
    That is VB(Visual Basic) scripting sample.
    This link is Microsoft documents for "Advanced Programming Topics in WMI .NET".
    That is VB.net(Visual Basic .net) scripting sample.

    - WMI Library -
    http://library.wmifun.net/

    WMI useful by VB,VB.Net,VC,VC.Net,VC#.Net,VBS(WSH),PowerShell for PC asset management, system monitoring and collecting hardware and software inventory.

    This website is created by Toh.
    Copyright(C) 1997-2016 WMI Fun !!. All rights reserved.
    ^ Go to the top...