The Win32_Process class represents a sequence of events on a Win32 system. Any sequence consisting of the interaction of one or more processors or interpreters, some executable code, and a set of inputs, is a descendent (or member) of this class.
Example: A client application running on a Win32 system.
'The AttachDebugger method launches the currently registered debugger for this process. Dr. Watson, however, is not supported. The method returns a 'generic failure' if it finds an invalid string in the registry key or an integer value that can be interpretted as follows: 0 - Successful completion. 2 - The user does not have access to the requested information. 3 - The user does not have sufficient privilge. 8 - Unknown failure. 9 - The path specified does not exist. 21 - The specified parameter is invalid. Other - For integer values other than those listed above, refer to Win32 error code documentation.'
{'Description':'The CommandLine parameter specifies the command line to execute. The system adds a null character to the command line, trimming the string if necessary, to indicate which file was actually used. A fully qualified path must be specified in cases where the program to be launched is not in the search path of Winmgmt (not the user's path).','In':True,'MappingStrings':['Win32API|Process and Thread Functions|lpCommandLine ']}
CurrentDirectory
string
1
✓
-
{'Description':'The CurrentDirectory parameter specifies the current drive and directory for the child process. The string requires that the current directory resolves to a known path. A user can specify an absolute path or a path relative to the current working directory. If this parameter is NULL, the new process will have the same path as the calling process. This option is provided primarily for shells that must start an application and specify the application's initial drive and working directory.','In':True,'MappingStrings':['Win32API|Process and Thread Functions|CreateProcess|lpCurrentDirectory ']}
{'Description':'The ProcessStartupInformation parameter represents the startup configuration of a Win32 process. It includes information about displaying the window, characteristics of a console application, and handling errors. Note that in Windows XP and beyond, the WinstationDesktop string property (which previously defaulted to "winsta0\default") is ignored in all cases. The value used in place of this parameter is an empty string ("").','In':True,'MappingStrings':['WMI|Win32_ProcessStartup']}
ProcessId
uint32
3
-
✓
{'Description':'The ProcessId parameter returns a global process identifier that can be used to identify a process. The value is valid from the time the process is created until the time the process is terminated. ','MappingStrings':['Win32API|Process and Thread Functions|CreateProcess|lpProcessInformation|dwProcessId'],'Out':True}
Constructor
True
Description
'The Create method creates a new process. The method returns an integer value that can be interpretted as follows: 0 - Successful completion. 2 - The user does not have access to the requested information. 3 - The user does not have sufficient privilge. 8 - Unknown failure. 9 - The path specified does not exist. 21 - The specified parameter is invalid. Other - For integer values other than those listed above, refer to Win32 error code documentation.'
Implemented
True
MappingStrings
['Win32API|Process and Thread Functions|CreateProcess']
{'Description':'The AvailableVirtualSize property returns the free virtual address space available to this process.','MappingStrings':['WMI'],'Out':True}
Description
'The GetAvailableVirtualSize method retrieves the currently size in bytes of the free virtual address space available to this process. The method returns an integer value that can be interpretted as follows: 0 - Successful completion. 2 - The user does not have access to the requested information. 3 - The user does not have sufficient privilge. 8 - Unknown failure. 9 - The path specified does not exist. 21 - The specified parameter is invalid. Other - For integer values other than those listed above, refer to Win32 error code documentation.'
{'Description':'The User parameter returns the user name of the owner of this process.','MappingStrings':['WMI'],'Out':True}
Domain
string
1
-
✓
{'Description':'The Domain parameter returns the domain name under which this process is running.','MappingStrings':['WMI'],'Out':True}
Description
'The GetOwner method retrieves the user name and domain name under which the process is running. The method returns an integer value that can be interpretted as follows: 0 - Successful completion. 2 - The user does not have access to the requested information. 3 - The user does not have sufficient privilge. 8 - Unknown failure. 9 - The path specified does not exist. 21 - The specified parameter is invalid. Other - For integer values other than those listed above, refer to Win32 error code documentation.'
{'Description':'The Sid property returns the security identifier descriptor for this process.','MappingStrings':['WMI'],'Out':True}
Description
'The GetOwnerSid method retrieves the security identifier (SID) for the owner of this process. The method returns an integer value that can be interpretted as follows: 0 - Successful completion. 2 - The user does not have access to the requested information. 3 - The user does not have sufficient privilge. 8 - Unknown failure. 9 - The path specified does not exist. 21 - The specified parameter is invalid. Other - For integer values other than those listed above, refer to Win32 error code documentation.'
{'Description':'The Priority parameter specifies the new priority class for the process. Values:Idle - Specified for a process whose threads run only when the system is idle. The threads of the process are preempted by the threads of any process running in a higher priority class. An example is a screen saver. The idle-priority class is inherited by child processes.Below Normal - Indicates a process that has priority above IDLE_PRIORITY_CLASS but below NORMAL_PRIORITY_CLASS. For Windows 2000.Normal - Specified for a process with no special scheduling needs.Above Normal - Indicates a process that has priority above NORMAL_PRIORITY_CLASS but below HIGH_PRIORITY_CLASS. For Windows 2000.High Priority - Specified for a process that performs time-critical tasks that must be executed immediately. The threads of the process preempt the threads of normal or idle priority class processes. An example is the Task List, which must respond quickly when called by the user, regardless of the load on the operating system. Use extreme care when using the high-priority class, because a high-priority class application can use nearly all available CPU time.Realtime - Specified for a process that has the highest possible priority. The threads of the process preempt the threads of all other processes, including operating system processes performing important tasks. For example, a real-time process that executes for more than a very brief interval can cause disk caches not to flush or cause the mouse to be unresponsive.','in':True,'MappingStrings':['Win32API|Process and Thread Functions|SetPriorityClass|dwPriorityClass'],'ValueMap':['0x00000040', '0x00004000', '0x00000020', '0x00008000', '0x00000080', '0x00000100'],'Values':['Idle', 'Below Normal', 'Normal', 'Above Normal', 'High Priority', 'Realtime']}
Description
'The SetPriority method attempts to change the execution priority of the process. In order to set the priority to Realtime, the caller must hold the SeIncreaseBasePriorityPrivilege. Without this privilege, the highest the priority can be set to is High priority. The method returns an integer value that can be interpretted as follows: 0 - Successful completion. 2 - The user does not have access to the requested information. 3 - The user does not have sufficient privilge. 8 - Unknown failure. 9 - The path specified does not exist. 21 - The specified parameter is invalid. Other - For integer values other than those listed above, refer to Win32 error code documentation.'
Implemented
True
MappingStrings
['Win32API|Process and Thread Functions|SetPriorityClass']
{'Description':'The Reason parameter specifies the exit code for the process and for all threads terminated as a result of this call. ','In':True,'MappingStrings':['Win32API|Process and Thread Functions|TerminateProcess|uExitCode ']}
Description
'The Terminate method terminates a process and all of its threads. The method returns an integer value that can be interpretted as follows: 0 - Successful completion. 2 - The user does not have access to the requested information. 3 - The user does not have sufficient privilge. 8 - Unknown failure. 9 - The path specified does not exist. 21 - The specified parameter is invalid. Other - For integer values other than those listed above, refer to Win32 error code documentation.
Note: The SE_DEBUG_PRIVILEGE privilege is required to invoke this method'
Destructor
True
Implemented
True
MappingStrings
['Win32API|Process and Thread Functions|TerminateProcess']
'The HandleCount property specifies the total number of handles currently open by this process. This number is the sum of the handles currently open by each thread in this process. A handle is used to examine or modify the system resources. Each handle has an entry in an internally maintained table. These entries contain the addresses of the resources and the means to identify the resource type.'
'The MaximumWorkingSetSize property indicates the maximum working set size of the process. The working set of a process is the set of memory pages currently visible to the process in physical RAM. These pages are resident and available for an application to use without triggering a page fault. Example: 1413120.'
'The MinimumWorkingSetSize property indicates the minimum working set size of the process. The working set of a process is the set of memory pages currently visible to the process in physical RAM. These pages are resident and available for an application to use without triggering a page fault. Example: 20480.'
'The ParentProcessId property specifies the unique identifier of the process that created this process. Process identifier numbers are reused, so they only identify a process for the lifetime of that process. It is possible that the process identified by ParentProcessId has terminated, so ParentProcessId may not refer to an running process. It is also possible that ParentProcessId incorrectly refers to a process which re-used that process identifier. The CreationDate property can be used to determine whether the specified parent was created after this process was created.'
'The PeakVirtualSize property specifies the maximum virtual address space the process has used at any one time. Use of virtual address space does not necessarily imply corresponding use of either disk or main memory pages. However, virtual space is finite, and by using too much, the process might limit its ability to load libraries.'
'The ProcessId property contains the global process identifier that can be used to identify a process. The value is valid from the creation of the process until the process is terminated.'
DisplayName
'Process Id'
MappingStrings
['Win32API|Process and Thread Structures|PROCESS_INFORMATION|dwProcessId ']
'The SessionId property specifies the unique identifier that is generated by the operating system when the session is created. A session spans a period of time from log in to log out on a particular system.'
'The ThreadCount property specifies the number of active threads in this process. An instruction is the basic unit of execution in a processor, and a thread is the object that executes instructions. Every running process has at least one thread. This property is for computers running Windows NT only.'
'The VirtualSize property specifies the current size in bytes of the virtual address space the process is using. Use of virtual address space does not necessarily imply corresponding use of either disk or main memory pages. Virtual space is finite, and by using too much, the process can limit its ability to load libraries.'
'CreationClassName indicates the name of the class or the subclass used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.'
'The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.'
'The Priority property indicates the scheduling priority of the process within the operating system. The higher the value, the higher priority the process receives. Priority values can range from 0 (lowest priority) to 31 (highest priority). Example: 7.'
'The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are "OK", "Degraded" and "Pred Fail". "Pred Fail" indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. Non-operational statuses can also be specified. These are "Error", "Starting", "Stopping" and "Service". The latter, "Service", could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither "OK" nor in one of the other states.'
'The amount of memory in bytes that a process needs to execute efficiently, for an operating system that uses page-based memory management. If an insufficient amount of memory is available (< working set size), thrashing will occur. If this information is not known, NULL or 0 should be entered. If this data is provided, it could be monitored to understand a process' changing memory requirements as execution proceeds.'
'The Win32_Process class represents a sequence of events on a Win32 system. Any sequence consisting of the interaction of one or more processors or interpreters, some executable code, and a set of inputs, is a descendent (or member) of this class. Example: A client application running on a Win32 system.'