3
If execute the !process command in the windwos debugger you get output in this format:
PROCESS fffffa8006bff940
SessionId: 0 Cid: 03ec Peb: 7f79ae1f000 ParentCid: 02e4
DirBase: 084ed000 ObjectTable: fffff8a002c3fd80 HandleCount: <Data Not Accessible>
Image: svchost.exe
It's well documented that Cid is the ProcessId (pid) in hex. However, I don't see what the C stands for.
Justin Dearing
Posted 2013-01-03T03:18:42.930
Reputation: 2 704
3
It stands for CLIENT_ID.
From this MSDN blog post (emphasis mine):
Recently someone asked me what was the real meaning of the ‘Cid’ field which appears in the output of commands such as !process and !thread in the kernel debugger (kd). Though from a practical perspective I was aware that these represent the Process ID and Thread ID, I was unsure of what Cid stands for. In course of a search, I found a public source which answers the question. Cid is short for
CLIENT_IDwhich in turn is an undocumented structure.
That posts cites that the original source as Undocumented Windows 2000 Secrets: A Programmer's Cookbook, by Sven B. Schreiber.
ckhan
Posted 2013-01-03T03:18:42.930
Reputation: 5 689
-1
03ec = 1004 in dec. 'c' is a last hexidecimal digit of that number, it doesn't stand for anything (well, 12dec by itself).
the cid/pid is a 4 digit hex value, not 3.
Solemnity
Posted 2013-01-03T03:18:42.930
Reputation: 533
2That's not the "c" he's talking about. – ckhan – 2013-01-03T07:39:28.500
lol, I reread his output a few times, thinking it was an odd question. Misinterpretation on my part. – Solemnity – 2013-01-04T00:32:00.390