The ASSOCIATORS OF query may be used for any given object path; for example, using the preceding object path results in the following command:
Get-CimInstance -Query "ASSOCIATORS OF {Win32_Process.Handle=$PID}"
This query will return objects from three different classes: Win32_LogonSession, Win32_ComputerSystem, and CIM_DataFile. The classes returned are shown in the following example:
PS> Get-CimInstance -Query "ASSOCIATORS OF {Win32_Process.Handle=$PID}" |
>> Select-Object CimClass -Unique
CimClass
--------
root/cimv2:Win32_ComputerSystem
root/cimv2:Win32_LogonSession
root/cimv2:CIM_DataFile
The query can be refined to filter a specific resulting class; an example is as follows:
Get-CimInstance -Query "ASSOCIATORS OF {Win32_Process.Handle=$PID} WHERE ResultClass = CIM_DATAFILE"
The value in the ResultClass condition is deliberately not quoted.
The result of this operation is a long list of files that are used by the PowerShell process. A snippet of this is shown as follows:
PS> Get-CimInstance -Query "ASSOCIATORS OF {Win32_Process.Handle=$PID} WHERE ResultClass = CIM_DATAFILE" |
>> Select-Object Name
Name
----
c:windowssystem32windowspowershellv1.0powershell_ise.exe
c:windowssystem32
tdll.dll
c:windowssystem32mscoree.dll
c:windowssystem32sysfer.dll
c:windowssystem32kernel32.dll