Phrozen Timeline

You will find below an example of how to enumerate process modules using the well known Windows API CreateToolHelp32Snapshot(), I will cover additional methods soon.

You may notice that when using CreateToolHelp32Snapshot(), first result (row) is generally the Image Path of the process owning module. I ignore that row by checking the value of szExePath with owner process image path.

GetProcessName() is compatible since Windows Vista. It is possible to support Windows XP and below but not in this example.

You will find GetProcessName() and alternatives in separated snippets threads.

Read more...