processes

All running processes on the host system.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: processes

  • Windows
  • Linux
  • Mac OSX
  • Free BSD

Table schema

Name Type Description
pid BIGINT Process (or thread) ID
name TEXT The process path or shorthand argv[0]
path TEXT Path to executed binary
cmdline TEXT Complete argv
state TEXT Process state
cwd TEXT Process current working directory
root TEXT Process virtual root directory
uid BIGINT Unsigned user ID
gid BIGINT Unsigned group ID
euid BIGINT Unsigned effective user ID
egid BIGINT Unsigned effective group ID
suid BIGINT Unsigned saved user ID
sgid BIGINT Unsigned saved group ID
on_disk INTEGER The process path exists yes=1, no=0, unknown=-1
wired_size BIGINT Bytes of unpagable memory used by process
resident_size BIGINT Bytes of private memory used by process
total_size BIGINT Total virtual memory size
user_time BIGINT CPU time in milliseconds spent in user space
system_time BIGINT CPU time in milliseconds spent in kernel space
disk_bytes_read BIGINT Bytes read from disk
disk_bytes_written BIGINT Bytes written to disk
start_time BIGINT Process start in seconds since boot (non-sleeping)
parent BIGINT Process parent’s PID
pgroup BIGINT Process group
threads INTEGER Number of threads used by process
nice INTEGER Process nice level (-20 to 20, default 0)
upid BIGINT A 64bit pid that is never reused. Returns -1 if we couldn’t gather them from the system.
uppid BIGINT The 64bit parent pid that is never reused. Returns -1 if we couldn’t gather them from the system.
cpu_type INTEGER A 64bit pid that is never reused. Returns -1 if we couldn’t gather them from the system.
cpu_subtype INTEGER The 64bit parent pid that is never reused. Returns -1 if we couldn’t gather them from the system.

Query examples

select * from processes where pid = 1