Win32_Process

The Win32_Process class represents a sequence of events on a Win32 system. Any sequence consisting of the interaction of one or more processors or interpreters, some executable code, and a set of inputs, is a descendent (or member) of this class.

Example: A client application running on a Win32 system.

Quick Start

Properties

In this WMI class, all WMI properties are read-only. You can only read values but not change them.

Caption

Data type String

The Caption property is a short textual description (one-line string) of the object.

CommandLine

Data type String

The CommandLine property specifies the command line used to start a particular process, if applicable.

CreationClassName

Data type String

CreationClassName indicates the name of the class or the subclass used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.

CreationDate

Data type DateTime

Time that the process began executing.

CSCreationClassName

Data type String

CSCreationClassName contains the scoping computer system’s creation class name.

CSName

Data type String

The scoping computer system’s name.

Description

Data type String

The Description property provides a textual description of the object.

DesktopInteract

Data type Boolean

The DesktopInteract parameter passes the value that indicates whether the service can create or communicate with windows on the desktop.

Values: $true or $false. A value of $true indicates the service can create or communicate with windows on the desktop.

DisplayName

Data type String

The DisplayName parameter passes the display name of the service. This string has a maximum length of 256 characters. The name is case-preserved in the service control manager. DisplayName comparisons are always case-insensitive.

Constraints: Accepts the same value as the Name parameter.

Example: Atdisk.

ErrorControl

Data type UInt8

If the Create method fails to start, the ErrorControl parameter passes the severity of the error. The value indicates the action taken by the startup program if failure occurs. All errors are logged by the system. The system does not notify the user of “Ignore” errors. With “Normal” errors the user is notified. With “Severe” errors, the system is restarted with the last-known-good configuration. Finally, on “Critical” errors, the system attempts to restart with a good configuration.

ExecutablePath

Data type String

The ExecutablePath property indicates the path to the executable file of the process.

Example: C:\WINDOWS\EXPLORER.EXE

ExecutionState

Data type UInt16

Indicates the current operating condition of the process. Values include ready (2), running (3), and blocked (4), among others.

Handle

Data type String

A string used to identify the process. A process ID is a kind of process handle.

HandleCount

Data type UInt32

The HandleCount property specifies the total number of handles currently open by this process. This number is the sum of the handles currently open by each thread in this process. A handle is used to examine or modify the system resources. Each handle has an entry in an internally maintained table. These entries contain the addresses of the resources and the means to identify the resource type.

InstallDate

Data type DateTime

The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.

KernelModeTime

Data type UInt64

Time in kernel mode, in 100 nanoseconds. If this information is not available, a value of 0 should be used.

LoadOrderGroup

Data type String

The LoadOrderGroup parameter passes the group name associated with the new service. Load order groups are contained in the registry, and determine the sequence in which services are loaded into the operating system. If the pointer is NULL or if it points to an empty string, the service does not belong to a group. Dependencies between groups should be listed in the LoadOrderGroupDependencies parameter. Services in the load-ordering group list are started first, followed by services in groups not in the load-ordering group list, followed by services that do not belong to a group. The registry has a list of load ordering groups located at:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ServiceGroupOrder.

LoadOrderGroupDependencies

Data type String

The LoadOrderGroupDependencies parameter passes a list of load ordering groups that must start before this service. The array is doubly null-terminated. If the pointer is NULL or if it points to an empty string, the service has no dependencies. Group names must be prefixed by the SC_GROUP_IDENTIFIER (defined in the WINSVC.H file) character to differentiate it from a service name, because services and service groups share the same name space. Dependency on a group means that this service can run if at least one member of the group is running after an attempt to start all members of the group.

MaximumWorkingSetSize

Data type UInt32

The MaximumWorkingSetSize property indicates the maximum working set size of the process. The working set of a process is the set of memory pages currently visible to the process in physical RAM. These pages are resident and available for an application to use without triggering a page fault.

Example: 1413120.

MinimumWorkingSetSize

Data type UInt32

The MinimumWorkingSetSize property indicates the minimum working set size of the process. The working set of a process is the set of memory pages currently visible to the process in physical RAM. These pages are resident and available for an application to use without triggering a page fault.

Example: 20480.

Name

Data type String

The Name property defines the label by which the object is known. When subclassed, the Name property can be overridden to be a Key property.

OSCreationClassName

Data type String

The scoping operating system’s creation class name.

OSName

Data type String

The scoping operating system’s name.

OtherOperationCount

Data type UInt64

The OtherOperationCount property specifies the number of I/O operations performed, other than read and write operations.

OtherTransferCount

Data type UInt64

The OtherTransferCount property specifies the amount of data transferred during operations other than read and write operations.

PageFaults

Data type UInt32

The PageFaults property indicates the number of page faults generated by the process.

Example: 10

PageFileUsage

Data type UInt32

The PageFileUsage property indicates the amountof page file space currently being used by the process.

Example: 102435

ParentProcessId

Data type UInt32

The ParentProcessId property specifies the unique identifier of the process that created this process. Process identifier numbers are reused, so they only identify a process for the lifetime of that process. It is possible that the process identified by ParentProcessId has terminated, so ParentProcessId may not refer to an running process. It is also possible that ParentProcessId incorrectly refers to a process which re-used that process identifier. The CreationDate property can be used to determine whether the specified parent was created after this process was created.

PathName

Data type String

The PathName parameter passes the fully qualified path to the executable file that implements the service.

Example: \SystemRoot\System32\drivers\afd.sys

PeakPageFileUsage

Data type UInt32

The PeakPageFileUsage property indicates the maximum amount of page file space used during the life of the process.

Example: 102367

PeakVirtualSize

Data type UInt64

The PeakVirtualSize property specifies the maximum virtual address space the process has used at any one time. Use of virtual address space does not necessarily imply corresponding use of either disk or main memory pages. However, virtual space is finite, and by using too much, the process might limit its ability to load libraries.

PeakWorkingSetSize

Data type UInt32

The PeakWorkingSetSize property indicates the peak working set size of the process.

Example: 1413120

Priority

Data type UInt32

The Priority property indicates the scheduling priority of the process within the operating system. The higher the value, the higher priority the process receives. Priority values can range from 0 (lowest priority) to 31 (highest priority).

Example: 7.

PrivatePageCount

Data type UInt64

The PrivatePageCount property specifies the current number of pages allocated that are accessible only to this process

ProcessId

Data type UInt32

The ProcessId property contains the global process identifier that can be used to identify a process. The value is valid from the creation of the process until the process is terminated.

QuotaNonPagedPoolUsage

Data type UInt32

The QuotaNonPagedPoolUsage property indicates the quota amount of non-paged pool usage for the process.

Example: 15

QuotaPagedPoolUsage

Data type UInt32

The QuotaPagedPoolUsage property indicates the quota amount of paged pool usage for the process.

Example: 22

QuotaPeakNonPagedPoolUsage

Data type UInt32

The QuotaPeakNonPagedPoolUsage property indicates the peak quota amount of non-paged pool usage for the process.

Example: 31

QuotaPeakPagedPoolUsage

Data type UInt32

The QuotaPeakPagedPoolUsage property indicates the peak quota amount of paged pool usage for the process.

Example: 31

ReadOperationCount

Data type UInt64

The ReadOperationCount property specifies the number of read operations performed.

ReadTransferCount

Data type UInt64

The ReadTransferCount property specifies the amount of data read.

ServiceDependencies

Data type String

The ServiceDependencies parameter passes a list containing names of services that must start before this service starts. The array is doubly null-terminated. If the pointer is NULL, or if it points to an empty string, the service has no dependencies. Dependency on a service means that this service can only run if the service it depends on is running.

ServiceType

Data type UInt8

The ServiceType parameter passes the type of services provided to processes that call them.

$KernelDriver=1
$FileSystemDriver=2
$Adapter=4
$RecognizerDriver=8
$OwnProcess=16
$ShareProcess=32

$ServiceType = $Adapter + $FileSystemDriver

SessionId

Data type UInt32

The SessionId property specifies the unique identifier that is generated by the operating system when the session is created. A session spans a period of time from log in to log out on a particular system.

StartMode

Data type String

The StartMode parameter passes the start mode of the Win32 base service. “Boot” specifies a device driver started by the operating system loader. This value is valid only for driver services. “System” specifies a device driver started by the IoInitSystem function. This value is valid only for driver services. “Automatic” specifies a service to be started automatically by the service control manager during system startup. “Manual” specifies a service to be started by the service control manager when a process calls the StartService function. “Disabled” specifies a service that can no longer be started.

$StartMode_ReturnValue = 
@{
  Boot='Boot Start'
  System='System Start'
  Automatic='Auto Start'
  Manual='Demand Start'
  Disabled='Disabled'
}

StartName

Data type String

The StartName parameter passes the account name the service runs under. Depending on the service type, the account name may be in the form of “DomainName\Username”.The service process will be logged using one of these two forms when it runs. If the account belongs to the built-in domain, “.\Username” can be specified. If NULL is specified, the service will be logged on as the LocalSystem account. For a kernel or system-level drivers, StartName contains the driver object name (that is, \FileSystem\Rdr or \Driver\Xns) which the input and output (I/O) system uses to load the device driver. If NULL is specified, the driver runs with a default object name created by the I/O system based on the service name.

Example: DWDOM\Admin.

StartPassword

Data type String

The StartPassword parameter passes the password to the account name specified by the StartName parameter. Specify NULL if you are not changing the password. Specify an empty string if the service has no password.

Status

Data type String

The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are “OK”, “Degraded” and “Pred Fail”. “Pred Fail” indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. Non-operational statuses can also be specified. These are “Error”, “Starting”, “Stopping” and “Service”. The latter, “Service”, could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither “OK” nor in one of the other states.

'OK','Error','Degraded','Unknown','Pred Fail','Starting','Stopping','Service','Stressed','NonRecover','No Contact','Lost Comm'

TerminationDate

Data type DateTime

Time that the process was stopped or terminated.

ThreadCount

Data type UInt32

The ThreadCount property specifies the number of active threads in this process. An instruction is the basic unit of execution in a processor, and a thread is the object that executes instructions. Every running process has at least one thread. This property is for computers running Windows NT only.

UserModeTime

Data type UInt64

Time in user mode, in 100 nanoseconds. If this information is not available, a value of 0 should be used.

VirtualSize

Data type UInt64

The VirtualSize property specifies the current size in bytes of the virtual address space the process is using. Use of virtual address space does not necessarily imply corresponding use of either disk or main memory pages. Virtual space is finite, and by using too much, the process can limit its ability to load libraries.

WindowsVersion

Data type String

The WindowsVersion property indicates the version of Windows in which the process is running.

Example: 4.0

WorkingSetSize

Data type UInt64

The amount of memory in bytes that a process needs to execute efficiently, for an operating system that uses page-based memory management. If an insufficient amount of memory is available (< working set size), thrashing will occur. If this information is not known, NULL or 0 should be entered. If this data is provided, it could be monitored to understand a process' changing memory requirements as execution proceeds.

WriteOperationCount

Data type UInt64

The WriteOperationCount property specifies the number of write operations performed.

WriteTransferCount

Data type UInt64

The WriteTransferCount property specifies the amount of data written.

Methods

Examples

See Also

Help and Questions

  Community Content

You are cordially invited to add knowledge to this page. If you have sample code or additional information related to this WMI class, please share it. Use the comment form to send your information. We will edit and incorparate it into the reference library. Thank you!

Please do not use the comment form to submit questions. If you have questions or need assistance, visit our free forum: Help me with WMI.

Content last updated: 2013-12-27 12:18:06 (UTC).

Facebooktwittergoogle_pluspinterestlinkedinFacebooktwittergoogle_pluspinterestlinkedin