Win32_ModuleLoadTrace, ROOT\CIMV2\ms_409

Class | Methods | Properties (9) | Qualifiers (4) | Instances | Namespaces (2)
Samples: VB Script | C# | VB.Net | Search on:Microsoft

Description

The ModuleLoadTrace event class indicates a process has loaded a new module.

Win32_ModuleLoadTrace properties

Win32_ModuleLoadTrace has 9 properties (7 Local, 2 Derived)

Name	Origin	CIMType
DefaultBase	Win32_ModuleLoadTrace	21 [uint64]
FileName	Win32_ModuleLoadTrace	8 [string]
ImageBase	Win32_ModuleLoadTrace	21 [uint64]
ImageChecksum	Win32_ModuleLoadTrace	19 [uint32]
ImageSize	Win32_ModuleLoadTrace	21 [uint64]
ProcessID	Win32_ModuleLoadTrace	19 [uint32]
SECURITY_DESCRIPTOR	__Event	17 [uint8]
TIME_CREATED	__Event	21 [uint64]
TimeDateStamp	Win32_ModuleLoadTrace	19 [uint32]

Detailed description of Win32_ModuleLoadTrace properties

Local properties (7) of Win32_ModuleLoadTrace class

▲ DefaultBase property
CIMTYPE	'uint64'
Description	'default load base address, as listed in the NT image header; if the requested address is unavailable the image will be loaded at a different address (ImageBase), causing rebasing.'
DefaultBase property is in 1 class (Win32_ModuleLoadTrace) of ROOT\CIMV2\ms_409 and in 4 namespaces

▲ FileName property
CIMTYPE	'string'
Description	'The FileName property indicates the filename of the loaded module.'
FileName property is in 18 classes of ROOT\CIMV2\ms_409 and in 23 namespaces

▲ ImageBase property
CIMTYPE	'uint64'
Description	'The ImageBase property indicates the base address where the module was loaded into process memory.'
ImageBase property is in 1 class (Win32_ModuleLoadTrace) of ROOT\CIMV2\ms_409 and in 4 namespaces

▲ ImageChecksum property
CIMTYPE	'uint32'
Description	'NT image checksum (usually set at link time), as listed in the NT image header; it is a hash used to verify the image was not changed or it's the same. Note: This is not a cryptographic hash, therefore it's weak.'
ImageChecksum property is in 1 class (Win32_ModuleLoadTrace) of ROOT\CIMV2\ms_409 and in 4 namespaces

▲ ImageSize property
CIMTYPE	'uint64'
Description	'The ImageSize property indicates the size in bytes of the loaded module.'
ImageSize property is in 1 class (Win32_ModuleLoadTrace) of ROOT\CIMV2\ms_409 and in 4 namespaces

▲ ProcessID property
CIMTYPE	'uint32'
Description	'The ProcessID property indentifies the process that loaded the module.'
ProcessID property is in 10 classes of ROOT\CIMV2\ms_409 and in 18 namespaces

▲ TimeDateStamp property
CIMTYPE	'uint32'
Description	'NT image timestamp (usually set at link time), as listed in the NT image header; it is a used to identify the binary image along with the original file name and ImageSize, which is also retrieved from the NT image header.'
TimeDateStamp property is in 1 class (Win32_ModuleLoadTrace) of ROOT\CIMV2\ms_409 and in 4 namespaces

Derived properties (2) of Win32_ModuleLoadTrace class

▲ SECURITY_DESCRIPTOR property
CIMTYPE	'uint8'
SECURITY_DESCRIPTOR property is in 79 classes of ROOT\CIMV2\ms_409 and in 142 namespaces

▲ TIME_CREATED property
CIMTYPE	'uint64'
TIME_CREATED property is in 84 classes of ROOT\CIMV2\ms_409 and in 142 namespaces

Win32_ModuleLoadTrace Qualifiers

Name	Value	ToInstance	ToSubclass	Overridable	Amended	Local
abstract	True	✓	✓	✗	✗	✗
AMENDMENT	True	✗	✗	✓	✗	✓
Description	'The ModuleLoadTrace event class indicates a process has loaded a new module.'	✗	✓	✓	✗	✓
LOCALE	1033	✓	✗	✓	✗	✓

Win32_ModuleLoadTrace System properties

Name	Value	Origin	CIMType	Local	Array
__PATH	'\\.\ROOT\CIMV2\ms_409:Win32_ModuleLoadTrace'	___SYSTEM	8	✗	✗
__NAMESPACE	'ROOT\CIMV2\ms_409'	___SYSTEM	8	✗	✗
__SERVER	'.'	___SYSTEM	8	✗	✗
__DERIVATION	['Win32_ModuleTrace', 'Win32_SystemTrace', '__ExtrinsicEvent', '__Event', '__IndicationRelated', '__SystemClass']	___SYSTEM	8	✗	✓
__PROPERTY_COUNT	9	___SYSTEM	3	✗	✗
__RELPATH	'Win32_ModuleLoadTrace'	___SYSTEM	8	✗	✗
__DYNASTY	'__SystemClass'	___SYSTEM	8	✗	✗
__SUPERCLASS	'Win32_ModuleTrace'	___SYSTEM	8	✗	✗
__CLASS	'Win32_ModuleLoadTrace'	___SYSTEM	8	✗	✗
__GENUS	1	___SYSTEM	3	✗	✗

Similar Classes to Win32_ModuleLoadTrace

Number of classes:8

Class name	Childs	Properties	Methods	Class Instances	Child Instances	Abstract	Singleton
Win32_ModuleTrace	1	2	0	-	-	✓	-
Win32_ProcessStartTrace	0	7	0	-	-	✓	-
Win32_ProcessStopTrace	0	8	0	-	-	✓	-
Win32_ProcessTrace	2	7	0	-	-	✓	-
Win32_SystemTrace	3	2	0	-	-	✓	-
Win32_ThreadStartTrace	0	8	0	-	-	✓	-
Win32_ThreadStopTrace	0	4	0	-	-	✓	-
Win32_ThreadTrace	2	4	0	-	-	✓	-