Windows WMI - Win32_ProcessStartTrace 和 __InstanceCreationEvent 之间有什么区别(和顺序)?
[英]Windows WMI - What is the difference (and order) between Win32_ProcessStartTrace and __InstanceCreationEvent?
问题描述
Just getting started with WMI, and I am trying to understand what is the difference between Win32_ProcessStartTrace and __InstanceCreationEvent .
刚刚开始使用 WMI,我试图了解Win32_ProcessStartTrace和__InstanceCreationEvent之间的区别。 They both are available when a new process starts, however which one is first ?当一个新进程开始时,它们都可用,但是哪个是第一个?
I have tested several examples provided by Microsoft and I cannot see any major difference like performance issues, besides the fact that one provides some useful=l information and the other does not.我已经测试了 Microsoft 提供的几个示例,除了一个提供一些有用的信息而另一个不提供这一事实之外,我看不出有任何重大差异,例如性能问题。 (or does it?) (或者是吗?)
From the documentantion for Win32_ProcessStartTrace and __InstanceCreationEvent we can see quite a difference, as the Win32_ provides more details like ProcessID whilst __Instance does not.从Win32_ProcessStartTrace和__InstanceCreationEvent的文档中,我们可以看到很大的不同,因为 Win32_ 提供了更多详细信息,例如 ProcessID 而 __Instance 没有。
If one wants to monitor process creation effectively (asynchronously) which one of these 2 should be used ?如果想要有效地(异步)监控流程创建,应该使用这两个中的哪一个?
Getting information about the process is a must, at least the ProcessID.获取有关进程的信息是必须的,至少是 ProcessID。
A good explanation is much appreciated, I`m sure others are interested as well.非常感谢一个很好的解释,我相信其他人也会感兴趣。
1 个解决方案
解决方案1
2 已采纳 2019-12-11 15:36:09
_InstanceCreationEvent有一个TargetInstance字段,对于新进程,它是一个Win32_Process对象,它具有Win32_ProcessStartTrace提供的大多数相同字段(以及更多)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.