Process X-Ray > Documentation > Details Window

 Process X-Ray Details Window

Details Window

Double clicking on a process in the main window’s process list brings up a Details Window containing all the details about that process. You can open up as many detail windows as you want. This makes it useful to compare multiple processes simultaneously.

The title of each process details window begins with “PID”, followed by the process ID number, followed by the most recently executed program.

The name of each process detail is in the left column, and the information about that detail is in the right column.

The details are grouped into four sections described below.

Process Summary

Process summary

At the top of the window is summary of the process. The details are:

  • pid - The process ID.

  • first observed - The timestamp when the process was first observed. Usually this is when the process was created by a fork().

  • last observed - The timestamp when the process was last observed. If the last event was an exit(), this is when the process died.

Program Details

Program details

The next section is details about the program the process is currently executing. During a process’s life it can run several different programs. The details about the current program the process is running are:

  • program - The executable’s name

  • program path - The full path to the program. This tells you where the program lives.

  • signing ID - The identifier the developer gave to the program when signing it.

  • team ID - The development team that signed the program. Apple keeps details about each registered developer. The same developer can sign many different programs. Programs that are part of Apple’s operating system often don’t have a team ID. Older 3rd party programs may not have a team ID also, but Apple is forcing all developers to sign their code going forward.

  • program modification date - The last known modification timestamp for the program. This can often be when the developer compiled the program.

  • program status date - The timestamp when the program was last modified on your filesystem. This can often be when you installed the program.

  • program hash: Apple’s hash value for the program. If the same program is installed in a different location or under a different name, its hash value will remain the same.

Parent Details

Parent program details

The next section contains details about the process that created this process. These details are the same as the program details (previous section), so are not repeated here.

Events

Process Events

Process Events

The events section identifies key details in a process’s life. Typically it will begin with a FORK(), followed by one or more EXEC() calls, followed by an exit().

Each FORK and EXEC are followed by the program it executed.

If you have “Arguments” checked in the main window when you create a details window, a list of arguments passed to each EXEC() is also shown.

If you have “Environment” checked in the main window when you create a details window, a list of environment variables passed into each EXEC() is also shown.