Find suspended Windows processes using WMI, why is "ExecutionState" always null?

Question

Find suspended Windows processes using WMI, why is "ExecutionState" always null?

I am running the following code in a console program: -

 var query = string.Format("select * from Win32_Process");
            var searcher = new ManagementObjectSearcher(query);
            var collection = searcher.Get();
            foreach (ManagementObject o in collection)
            {         
                if(o["CommandLine"] == null) continue;
                if (o["ProcessId"] == null) continue;
                if( o["ExecutionState"] == null)continue;                
                var executionState =o["ExecutionState"].ToString();
                var commandLine = o["CommandLine"].ToString();
                var processId = o["ProcessId"];
                Console.WriteLine("{0}: {1} [{2}]", 
                   processId,
                   executionState,
                   commandLine);                
            }

However, the execution status is always zero. Does anyone know why? I've tried working as an administrator.

using a process handler, I definitely have a process in a suspended state: -

enter image description here

+3

c # wmi

Keith nicholas Sep 16 14 at 3:02

source to share

1 answer

Helen · Accepted Answer · 2014-09-17T12:40:52+0000

It seems that it is ExecutionState

not implemented and always null

. The official docs don't mention it, but the third party docs do.

Find suspended Windows processes using WMI, why is "ExecutionState" always null?

More articles: