A snapshot that includes the process list contains information about each currently executing process. You can retrieve information for the first process in the list by using the Process32First function. After retrieving the first process in the list, you can traverse the process list for subsequent entries by using the Process32Next function. Process32First and Process32Next fill a PROCESSENTRY32 structure with information about a process in the snapshot.
You can retrieve an extended error status code for Process32First and Process32Next by using the GetLastError function.
You can read the memory in a specific process into a buffer by using the Toolhelp32ReadProcessMemory function (or the VirtualQueryEx function).
Note The contents of the th32ProcessID and th32ParentProcessID members of PROCESSENTRY32 are process identifiers and can be used by Win32 Application Programming Interface (API) elements.