Muninn 1.0.0
Loading...
Searching...
No Matches
Muninn::Models::ProcessEntry Struct Reference

PROCESSENTRY32W @ Tlhelp32.h. More...

#include <WindowsModels.h>

Public Attributes

std::wstring processName {}
 The file name of the executable image.
std::wstring userFullProcessImageName {}
 LPWSTR lpExeName @ QueryFullProcessImageNameW().
std::wstring NativeImageFileName {}
 UNICODE_STRING SystemInformation @ NtQueryInformationProcess().
uintptr_t pebBaseAddress {}
uintptr_t moduleBaseAddress {}
DWORD processId {}
DWORD parentProcessId {}
BOOL isProtectedProcess {}
BOOL isWow64Process {}
 Indicates that the process is 32-bit and runs under the WoW64 emulation.
BOOL isBackgroundProcess {}
 The process belongs to a background job.
BOOL isSecureProcess {}
 The process runs in Isolated User Mode (IUM).
BOOL isSubsystemProcess {}
 The process is a Pico or a WSL process.
BOOL hasVisibleWindow {}
ArchitectureType architectureType {}

Detailed Description

PROCESSENTRY32W @ Tlhelp32.h.

QueryFullProcessImageNameW @ WinBase.h

SYSTEM_PROCESS_INFORMATION @ ntdll.h

PROCESS_EXTENDED_BASIC_INFORMATION @ ntdll.h

Member Data Documentation

◆ architectureType

ArchitectureType Muninn::Models::ProcessEntry::architectureType {}

◆ hasVisibleWindow

BOOL Muninn::Models::ProcessEntry::hasVisibleWindow {}

◆ isBackgroundProcess

BOOL Muninn::Models::ProcessEntry::isBackgroundProcess {}

The process belongs to a background job.

◆ isProtectedProcess

BOOL Muninn::Models::ProcessEntry::isProtectedProcess {}

◆ isSecureProcess

BOOL Muninn::Models::ProcessEntry::isSecureProcess {}

The process runs in Isolated User Mode (IUM).

◆ isSubsystemProcess

BOOL Muninn::Models::ProcessEntry::isSubsystemProcess {}

The process is a Pico or a WSL process.

◆ isWow64Process

BOOL Muninn::Models::ProcessEntry::isWow64Process {}

Indicates that the process is 32-bit and runs under the WoW64 emulation.

◆ moduleBaseAddress

uintptr_t Muninn::Models::ProcessEntry::moduleBaseAddress {}

◆ NativeImageFileName

std::wstring Muninn::Models::ProcessEntry::NativeImageFileName {}

UNICODE_STRING SystemInformation @ NtQueryInformationProcess().

Arg: PROCESSINFOCLASS::ProcessImageFileName (27)

◆ parentProcessId

DWORD Muninn::Models::ProcessEntry::parentProcessId {}

◆ pebBaseAddress

uintptr_t Muninn::Models::ProcessEntry::pebBaseAddress {}

◆ processId

DWORD Muninn::Models::ProcessEntry::processId {}

◆ processName

std::wstring Muninn::Models::ProcessEntry::processName {}

The file name of the executable image.

WCHAR szExeFile[MAX_PATH] @ PROCESSENTRY32W

UNICODE_STRING ImageName @ SYSTEM_PROCESS_INFORMATION

◆ userFullProcessImageName

std::wstring Muninn::Models::ProcessEntry::userFullProcessImageName {}

LPWSTR lpExeName @ QueryFullProcessImageNameW().

The documentation for this struct was generated from the following file: