Win32_ProcessTrace class
The Win32_ProcessTrace event WMI class is the base event for process events.
The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties. Properties and methods are in alphabetic order, not MOF order.
Syntax
[AMENDMENT]
class Win32_ProcessTrace : Win32_SystemTrace
{
uint8 SECURITY_DESCRIPTOR[];
uint64 TIME_CREATED;
uint32 ProcessID;
uint32 ParentProcessID;
string ProcessName;
uint32 SessionID;
uint8 Sid[];
};
Members
The Win32_ProcessTrace class has these types of members:
Properties
The Win32_ProcessTrace class has these properties.
-
ParentProcessID
-
-
Data type: uint32
-
Access type: Read-only
Process that starts an event.
-
-
ProcessID
-
-
Data type: uint32
-
Access type: Read-only
The ProcessID property identifies the process involved in the event.
-
-
ProcessName
-
-
Data type: string
-
Access type: Read-only
Name of the process. You can use this name to get the instance of Win32_Process for the same process.
-
-
SECURITY_DESCRIPTOR
-
-
Data type: uint8 array
-
Access type: Read-only
Descriptor used by the event provider to determine which users can receive the event. This property is inherited from __Event. For more information about constants used to set this security descriptor, see WMI Security Constants.
-
-
SessionID
-
-
Data type: uint32
-
Access type: Read-only
Session under which the process exists.
-
-
Sid
-
-
Data type: uint8 array
-
Access type: Read-only
The Sid property is the security identifier representing the user context under which the event happened.
-
-
TIME_CREATED
-
-
Data type: uint64
-
Access type: Read-only
Unique value that indicates the time at which the event was generated. This is a 64-bit value that represents the number of 100-nanosecond intervals after January 1, 1601. The information is in the Coordinated Universal Times (UTC) format. This property is inherited from __Event.
For more information about using uint64 values in scripts, see Scripting in WMI.
-
Remarks
The Win32_ProcessTrace class is derived from Win32_SystemTrace.
Requirements
| Minimum supported client |
Windows Vista |
| Minimum supported server |
Windows Server 2008 |
| Namespace |
Root\CIMV2 |
| MOF |
|
| DLL |
|