Find suspended Windows processes using WMI, why is "ExecutionState" always null?

I am running the following code in a console program: -

 var query = string.Format("select * from Win32_Process");
            var searcher = new ManagementObjectSearcher(query);
            var collection = searcher.Get();
            foreach (ManagementObject o in collection)
                if(o["CommandLine"] == null) continue;
                if (o["ProcessId"] == null) continue;
                if( o["ExecutionState"] == null)continue;                
                var executionState =o["ExecutionState"].ToString();
                var commandLine = o["CommandLine"].ToString();
                var processId = o["ProcessId"];
                Console.WriteLine("{0}: {1} [{2}]", 


However, the execution status is always zero. Does anyone know why? I've tried working as an administrator.

using a process handler, I definitely have a process in a suspended state: -

enter image description here


source to share

1 answer

It seems that it is ExecutionState

not implemented and always null

. The official docs don't mention it, but the third party docs do.



All Articles