PROCESS_TELEMETRY_ID_INFORMATION - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTPSAPI_H
#if (PHNT_MODE != PHNT_MODE_KERNEL)
// begin_private

typedef struct _PROCESS_TELEMETRY_ID_INFORMATION
{
    ULONG HeaderSize;
    ULONG ProcessId;
    ULONGLONG ProcessStartKey;
    ULONGLONG CreateTime;
    ULONGLONG CreateInterruptTime;
    ULONGLONG CreateUnbiasedInterruptTime;
    ULONGLONG ProcessSequenceNumber;
    ULONGLONG SessionCreateTime;
    ULONG SessionId;
    ULONG BootId;
    ULONG ImageChecksum;
    ULONG ImageTimeDateStamp;
    ULONG UserSidOffset;
    ULONG ImagePathOffset;
    ULONG PackageNameOffset;
    ULONG RelativeAppNameOffset;
    ULONG CommandLineOffset;
} PROCESS_TELEMETRY_ID_INFORMATION, *PPROCESS_TELEMETRY_ID_INFORMATION;

// end_private
#endif
#endif

View code on GitHub

Contains various telemetry-related information about the process. This structure is documented in Windows SDK.

Applicable to

Members

HeaderSize

The size of the header of this structure in bytes. Fields beyond this size are not populated and will contain invalid data.

ProcessId

The PID of the process.

See also

ProcessStartKey

The unique value identifying the process across reboots. In the current implementation contains ProcessSequenceNumber | (BootId << 48).

CreateTime

The number of 100-nanosecond intervals since the 1st of January 1600 to the creation of the process.

See also

CreateInterruptTime

The number of 100-nanosecond intervals passed since boot to the creation of the process.

See also

CreateUnbiasedInterruptTime

The number of 100-nanosecond intervals the system was active since boot to the creation of the process.

ProcessSequenceNumber

A unique sequence number of the process.

See also

SessionCreateTime

The number of 100-nanosecond intervals passed since boot to the creation of the process's session.

SessionId

The ID of the process's session.

See also

BootId

The sequence number of the current OS boot.

ImageChecksum

The checksum value from the process's PE file header.

ImageTimeDateStamp

The timestamp value from the process's PE file header.

UserSidOffset

An offset from the start of this structure to the user SID from the process's primary token.

See also

ImagePathOffset

An offset from the start of this structure to the native filename of the process's image.

See also

PackageNameOffset

An offset from the start of this structure to the full package name for processes with package identity.

See also

RelativeAppNameOffset

An offset from the start of this structure to the relative application user model ID for processes with package identity.

See also

CommandLineOffset

An offset from the start of this structure to the command line string for the process.

See also

Required OS version

This structure was introduced in Windows 10 TH1 (1507).

Edit description on GitHub