processes ========= All running processes on the host system. Platform support ---------------- Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. **Running a query against an unsupported platform will result in the following error:** ``no such table: processes`` - Windows - Linux - Mac OSX - Free BSD Table schema ------------ ================== ======= ================================================================================================= Name Type Description ================== ======= ================================================================================================= pid BIGINT Process (or thread) ID name TEXT The process path or shorthand argv[0] path TEXT Path to executed binary cmdline TEXT Complete argv state TEXT Process state cwd TEXT Process current working directory root TEXT Process virtual root directory uid BIGINT Unsigned user ID gid BIGINT Unsigned group ID euid BIGINT Unsigned effective user ID egid BIGINT Unsigned effective group ID suid BIGINT Unsigned saved user ID sgid BIGINT Unsigned saved group ID on_disk INTEGER The process path exists yes=1, no=0, unknown=-1 wired_size BIGINT Bytes of unpagable memory used by process resident_size BIGINT Bytes of private memory used by process total_size BIGINT Total virtual memory size user_time BIGINT CPU time in milliseconds spent in user space system_time BIGINT CPU time in milliseconds spent in kernel space disk_bytes_read BIGINT Bytes read from disk disk_bytes_written BIGINT Bytes written to disk start_time BIGINT Process start time in seconds since Epoch, in case of error -1 parent BIGINT Process parent's PID pgroup BIGINT Process group threads INTEGER Number of threads used by process nice INTEGER Process nice level (-20 to 20, default 0) upid BIGINT A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system. uppid BIGINT The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system. cpu_type INTEGER A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system. cpu_subtype INTEGER The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system. ================== ======= ================================================================================================= Query examples -------------- .. code-block:: sql select * from processes where pid = 1