Enumerating Process Using EnumProcesses | Notion

In this section we will learn how to Enumerate Process on the victim device.

To do that we will use.

OpenProcess: that will open a handel to the remote process to query it’s information
EnumProcessModules: enumerate all the modules inside the process.
GetModuleBaseName: will retrun the name of the process.

OpenProcess WinAPI

This WinAPI open a local process running on the device.

Now let’s dive to it’s parameters.

dwDesiredAccess: this is the access you want to get on the process.

bInheriitHandel: if this parameter is set to True that mean if this process craeted any new process the handel will inheret to those processes too.

dwProcessId: This is the process Id of the remote process

EnumProcessModules