A process is an object. The Windows operating system is object-based (not to be confused with the term object used in object-oriented languages). An object refers to a system resource such as a process, file, device, directory, mutant, and so on, and they are managed by a component of a kernel called object manager. To get an idea of all the object types on Windows, you can use the WinObj tool (https://docs.microsoft.com/en-us/sysinternals/downloads/winobj). To look at the object types in WinObj, launch WinObj as an Administrator and, in the left-hand pane, click on ObjectTypes, which will display all the Windows objects.

The objects (such as processes, files, threads, and so on) are represented as structures in C. What this means is that a process object has a structure associated with it, and this structure is called the _EPROCESS structure. The _EPROCESS structure resides in the kernel memory, and the Windows kernel uses the EPROCESS structure to represent a process internally. The _EPROCESS structure contains various information related to a process such as the name of the process, process ID, parent process ID, number of threads associated with the process, the creation time of the process, and so on. Now, go back to the pslist output and note what kind of information is displayed for a particular process. For example, if you look at the second entry from the pslist output, it shows the name of the smss.exe process, its process ID (272), parent process ID (4), and so on. As you might have guessed, the information related to a process is coming from its _EPROCESS structure.