Win32_ModuleLoadTrace, ROOT\CIMV2

Class | Methods | Properties (9) | Qualifiers (3) | Instances | Namespaces (2)
Samples: VB Script | C# | VB.Net | Search on:Microsoft

Description

The ModuleLoadTrace event class indicates a process has loaded a new module.

Win32_ModuleLoadTrace properties

Win32_ModuleLoadTrace has 9 properties (7 Local, 2 Derived)

NameOriginCIMType
DefaultBaseWin32_ModuleLoadTrace21 [uint64]
FileNameWin32_ModuleLoadTrace8 [string]
ImageBaseWin32_ModuleLoadTrace21 [uint64]
ImageChecksumWin32_ModuleLoadTrace19 [uint32]
ImageSizeWin32_ModuleLoadTrace21 [uint64]
ProcessIDWin32_ModuleLoadTrace19 [uint32]
SECURITY_DESCRIPTOR__Event17 [uint8]
TIME_CREATED__Event21 [uint64]
TimeDateStampWin32_ModuleLoadTrace19 [uint32]

Detailed description of Win32_ModuleLoadTrace properties

Local properties (7) of Win32_ModuleLoadTrace class

DefaultBase property
CIMTYPE'uint64'
Description'default load base address, as listed in the NT image header; if the requested address is unavailable the image will be loaded at a different address (ImageBase), causing rebasing.'
readTrue
DefaultBase property is in 1 class (Win32_ModuleLoadTrace) of ROOT\cimv2 and in 4 namespaces
FileName property
CIMTYPE'string'
Description'The FileName property indicates the filename of the loaded module.'
readTrue
FileName property is in 21 classes of ROOT\cimv2 and in 23 namespaces
ImageBase property
CIMTYPE'uint64'
Description'The ImageBase property indicates the base address where the module was loaded into process memory.'
readTrue
ImageBase property is in 1 class (Win32_ModuleLoadTrace) of ROOT\cimv2 and in 4 namespaces
ImageChecksum property
CIMTYPE'uint32'
Description'NT image checksum (usually set at link time), as listed in the NT image header; it is a hash used to verify the image was not changed or it's the same. Note: This is not a cryptographic hash, therefore it's weak.'
readTrue
ImageChecksum property is in 1 class (Win32_ModuleLoadTrace) of ROOT\cimv2 and in 4 namespaces
ImageSize property
CIMTYPE'uint64'
Description'The ImageSize property indicates the size in bytes of the loaded module.'
readTrue
ImageSize property is in 1 class (Win32_ModuleLoadTrace) of ROOT\cimv2 and in 4 namespaces
ProcessID property
CIMTYPE'uint32'
Description'The ProcessID property indentifies the process that loaded the module.'
readTrue
ProcessID property is in 15 classes of ROOT\cimv2 and in 18 namespaces
TimeDateStamp property
CIMTYPE'uint32'
Description'NT image timestamp (usually set at link time), as listed in the NT image header; it is a used to identify the binary image along with the original file name and ImageSize, which is also retrieved from the NT image header.'
readTrue
TimeDateStamp property is in 1 class (Win32_ModuleLoadTrace) of ROOT\cimv2 and in 4 namespaces

Derived properties (2) of Win32_ModuleLoadTrace class

SECURITY_DESCRIPTOR property
CIMTYPE'uint8'
SECURITY_DESCRIPTOR property is in 144 classes of ROOT\cimv2 and in 142 namespaces
TIME_CREATED property
CIMTYPE'uint64'
TIME_CREATED property is in 149 classes of ROOT\cimv2 and in 142 namespaces

Win32_ModuleLoadTrace Qualifiers

NameValueToInstanceToSubclassOverridableAmendedLocal
abstractTrue
Description'The ModuleLoadTrace event class indicates a process has loaded a new module.'
Locale1033

Win32_ModuleLoadTrace System properties

NameValueOriginCIMTypeLocalArray
__PATH'\\.\ROOT\cimv2:Win32_ModuleLoadTrace'___SYSTEM8
__NAMESPACE'ROOT\cimv2'___SYSTEM8
__SERVER'.'___SYSTEM8
__DERIVATION['Win32_ModuleTrace', 'Win32_SystemTrace', '__ExtrinsicEvent', '__Event', '__IndicationRelated', '__SystemClass']___SYSTEM8
__PROPERTY_COUNT9___SYSTEM3
__RELPATH'Win32_ModuleLoadTrace'___SYSTEM8
__DYNASTY'__SystemClass'___SYSTEM8
__SUPERCLASS'Win32_ModuleTrace'___SYSTEM8
__CLASS'Win32_ModuleLoadTrace'___SYSTEM8
__GENUS1___SYSTEM3

Similar Classes to Win32_ModuleLoadTrace

Number of classes:16
comments powered by Disqus
WUtils.com