Used to begin enumerating processes from a previous call to CreateToolhelp32Snapshot. Malware often enumerates through processes to find a process to inject into.
BOOL WINAPI Process32Next( _In_ HANDLE hSnapshot, _Out_ LPPROCESSENTRY32 lppe );
- hSnapshot [in]
- A handle to the snapshot returned from a previous call to the CreateToolhelp32Snapshot function.
- lppe [out]
- A pointer to a structure.
Returns TRUE if the next entry of the process list has been copied to the buffer or FALSE otherwise. The ERROR_NO_MORE_FILES error value is returned by the GetLastError function if no processes exist or the snapshot does not contain process information.