Find suspended Windows processes using WMI, why is "ExecutionState" always null?

I am running the following code in a console program: -

 var query = string.Format("select * from Win32_Process");
            var searcher = new ManagementObjectSearcher(query);
            var collection = searcher.Get();
            foreach (ManagementObject o in collection)
            {         
                if(o["CommandLine"] == null) continue;
                if (o["ProcessId"] == null) continue;
                if( o["ExecutionState"] == null)continue;                
                var executionState =o["ExecutionState"].ToString();
                var commandLine = o["CommandLine"].ToString();
                var processId = o["ProcessId"];
                Console.WriteLine("{0}: {1} [{2}]", 
                   processId,
                   executionState,
                   commandLine);                
            }

      

However, the execution status is always zero. Does anyone know why? I've tried working as an administrator.

using a process handler, I definitely have a process in a suspended state: -

enter image description here

+3


source to share


1 answer


It seems that it is ExecutionState

not implemented and always null

. The official docs don't mention it, but the third party docs do.



+4


source







All Articles