Freigeben über


Win32_ThreadStartTrace class

The Win32_ThreadStartTrace event WMI class indicates that a new thread has started.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties. Properties and methods are in alphabetic order, not MOF order.

Syntax

[AMENDMENT]
class Win32_ThreadStartTrace : Win32_ThreadTrace
{
  uint8  SECURITY_DESCRIPTOR[];
  uint64 TIME_CREATED;
  uint32 ProcessID;
  uint32 ThreadID;
  uint64 StackBase;
  uint64 StackLimit;
  uint64 StartAddr;
  uint64 UserStackBase;
  uint64 UserStackLimit;
  uint32 WaitMode;
  uint64 Win32StartAddr;
};

Members

The Win32_ThreadStartTrace class has these types of members:

Properties

The Win32_ThreadStartTrace class has these properties.

ProcessID

Data type: uint32

Access type: Read-only

Process identifier of the thread involved in the event.

This property is inherited from Win32_ThreadTrace.

SECURITY_DESCRIPTOR

Data type: uint8 array

Access type: Read-only

Descriptor used by the event provider to determine which users can receive the event. This property is inherited from __Event. For more information about constants used to set this security descriptor, see WMI Security Constants.

StackBase

Data type: uint64

Access type: Read-only

Base address of the thread's stack.

For more information about using uint64 values in scripts, see Scripting in WMI.

StackLimit

Data type: uint64

Access type: Read-only

Limit of the thread's stack.

For more information about using uint64 values in scripts, see Scripting in WMI.

StartAddr

Data type: uint64

Access type: Read-only

Memory address at which the trace starts.

For more information about using uint64 values in scripts, see Scripting in WMI.

ThreadID

Data type: uint32

Access type: Read-only

Thread identifier of the thread involved in the event.

This property is inherited from Win32_ThreadTrace.

TIME_CREATED

Data type: uint64

Access type: Read-only

Unique value that indicates the time at which the event was generated. This is a 64-bit value that represents the number of 100-nanosecond intervals after January 1, 1601. The information is in the Coordinated Universal Times (UTC) format. This property is inherited from __Event.

For more information about using uint64 values in scripts, see Scripting in WMI.

UserStackBase

Data type: uint64

Access type: Read-only

Base address of the thread's user-mode stack.

For more information about using uint64 values in scripts, see Scripting in WMI.

UserStackLimit

Data type: uint64

Access type: Read-only

Limit of the thread's user-mode stack.

For more information about using uint64 values in scripts, see Scripting in WMI.

WaitMode

Data type: uint32

Access type: Read-only

Processor mode in which the wait is to occur.

0

Kernel

1

User

Win32StartAddr

Data type: uint64

Access type: Read-only

Starting address of the function to be executed by this thread.

For more information about using uint64 values in scripts, see Scripting in WMI.

Remarks

The Win32_ThreadStartTrace class is derived from Win32_ThreadTrace.

Requirements

Minimum supported client
Windows Vista
Minimum supported server
Windows Server 2008
Namespace
Root\CIMV2
MOF
Krnlprov.mof
DLL
Krnlprov.dll

See also

Win32_ThreadTrace

Operating System Classes