The ASSOCIATORS OF query may be used for any given object path. For example, using the preceding object path results in the following command:
Get-CimInstance -Query "ASSOCIATORS OF {Win32_Process.Handle=$PID}"
This query will return objects from three different classes: Win32_LogonSession, Win32_ComputerSystem, and CIM_DataFile.
The query can be refined to filter a specific resultant class, for example:
Get-CimInstance -Query "ASSOCIATORS OF {Win32_Process.Handle=$PID} WHERE ResultClass = CIM_DATAFILE"
The value in the ResultClass condition is not quoted.
The result of this operation is a long list of files that are used by the PowerShell process. A snippet of this is shown here:
PS> Get-CimInstance -Query "ASSOCIATORS OF {Win32_Process.Handle=$PID} WHERE ResultClass = CIM_DATAFILE" |
Select-Object Name
Name
----
c:windowssystem32windowspowershellv1.0powershell_ise.exe
c:windowssystem32
tdll.dll
c:windowssystem32mscoree.dll
c:windowssystem32sysfer.dll
c:windowssystem32kernel32.dll