EnumProcesses

From aldeid
Jump to navigation Jump to search

Description

Retrieves the process identifier for each process object in the system.

Malware often enumerates through processes to find a process to inject into.

Syntax

BOOL WINAPI EnumProcesses(
  _Out_  DWORD *pProcessIds,
  _In_   DWORD cb,
  _Out_  DWORD *pBytesReturned
);

Parameters

pProcessIds [out]
A pointer to an array that receives the list of process identifiers.
cb [in]
The size of the pProcessIds array, in bytes.
pBytesReturned [out]
The number of bytes returned in the pProcessIds array.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

DLL

  • Kernel32.dll on Windows 7 and Windows Server 2008 R2;
  • Psapi.dll (if PSAPI_VERSION=1) on Windows 7 and Windows Server 2008 R2;
  • Psapi.dll on Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP