Rediger

Del via


Process_V0_TypeGroup1 class

This class is the event type class for process events.

The following syntax is simplified from MOF code.

Syntax

[EventType{1, 2, 3, 4}, EventTypeName{"Start", "End", "DCStart", "DCEnd"}]
class Process_V0_TypeGroup1 : Process_V0
{
  uint32 ProcessId;
  uint32 ParentId;
  object UserSID;
  string ImageFileName;
};

Members

The Process_V0_TypeGroup1 class has these types of members:

Properties

The Process_V0_TypeGroup1 class has these properties.

ImageFileName

Data type: string

Access type: Read-only

Qualifiers: WmiDataId(4), StringTermination("NullTerminated")

Path to the executable file of the process.

ParentId

Data type: uint32

Access type: Read-only

Qualifiers: WmiDataId(2), Pointer

Unique identifier of the process that creates a process. Process identifier numbers are reused, so they only identify a process for the lifetime of that process. It is possible that the process identified by ParentProcessId is terminated, so ParentProcessId may not refer to a running process. It is also possible that ParentProcessId incorrectly refers to a process that reuses a process identifier.

ProcessId

Data type: uint32

Access type: Read-only

Qualifiers: WmiDataId(1), Pointer

Global process identifier that you can use to identify a process. The value is valid from the time a process is created until it is terminated.

UserSID

Data type: object

Access type: Read-only

Qualifiers: WmiDataId(3), Extension("Sid")

Security identifier (SID) for the user context under which the event happens.

Requirements

Requirement Value
Minimum supported client
Windows XP [desktop apps only]
Minimum supported server
Windows Server 2003 [desktop apps only]

See also

Process_V0