Process32Next

From aldeid
Jump to navigation Jump to search

Description

Used to begin enumerating processes from a previous call to CreateToolhelp32Snapshot. Malware often enumerates through processes to find a process to inject into.

Syntax

BOOL WINAPI Process32Next(
  _In_   HANDLE hSnapshot,
  _Out_  LPPROCESSENTRY32 lppe
);

Parameters

hSnapshot [in]
A handle to the snapshot returned from a previous call to the CreateToolhelp32Snapshot function.
lppe [out]
A pointer to a PROCESSENTRY32 structure.

Return value

Returns TRUE if the next entry of the process list has been copied to the buffer or FALSE otherwise. The ERROR_NO_MORE_FILES error value is returned by the GetLastError function if no processes exist or the snapshot does not contain process information.

Retrieved from "https://www.aldeid.com/w/index.php?title=Process32Next&oldid=30548"