Using C Sharp to Enumerate Windows Processes
In previous posts, I covered how to observe process information in Windbg by starting a debugging session and dumping the Process Environment Block. And how we can view the EPROCESS structure, including a doubly linked-list of active processes via ActiveProcessLinks. But in this post, we’ll discuss yet another way of gleaning information about processes in Windows, this time from another structure within the Windows ecosystem: the SYSTEM_PROCESS_INFORMATION structure. SYSTEM_PROCESS_INFORMATION Structure Microsoft tells us in their documentation that this structure holds various entries which hold system and process information....