blaquee/processlist.cpp

## processlist.cpp
	HANDLE curHandle = nullptr;
	NTSTATUS status;
	ULONG dwLen = 0;
	UNICODE_STRING strProcNameBuffer = { 0 };
	PUNICODE_STRING ucBuffer = nullptr;
	//enumerate next processes, use flag 1 to enumerate the processlist backwards
	while (NtGetNextProcess(curHandle, MAXIMUM_ALLOWED, 0, 0, &curHandle) == STATUS_SUCCESS)
	{

		status = NtQueryInformationProcess(curHandle, ProcessImageFileName, 0, 0, &dwLen);
		if (status != STATUS_INFO_LENGTH_MISMATCH)
			break;

		if (dwLen)
		{
			ucBuffer = (PUNICODE_STRING)malloc(dwLen);
			if (ucBuffer)
			{
				status = NtQueryInformationProcess(curHandle, ProcessImageFileName, ucBuffer, dwLen, &dwLen);
				printf("procname len: %d\n", ucBuffer->Length);
				printf("Process Name: %wZ\n", ucBuffer);
			}
		}
		if(ucBuffer)
			free(ucBuffer);
	}
	HANDLE curHandle = nullptr;
	NTSTATUS status;
	ULONG dwLen = 0;
	UNICODE_STRING strProcNameBuffer = { 0 };
	PUNICODE_STRING ucBuffer = nullptr;
	//enumerate next processes, use flag 1 to enumerate the processlist backwards
	while (NtGetNextProcess(curHandle, MAXIMUM_ALLOWED, 0, 0, &curHandle) == STATUS_SUCCESS)
	{

	status = NtQueryInformationProcess(curHandle, ProcessImageFileName, 0, 0, &dwLen);
	if (status != STATUS_INFO_LENGTH_MISMATCH)
	break;

	if (dwLen)
	{
	ucBuffer = (PUNICODE_STRING)malloc(dwLen);
	if (ucBuffer)
	{
	status = NtQueryInformationProcess(curHandle, ProcessImageFileName, ucBuffer, dwLen, &dwLen);
	printf("procname len: %d\n", ucBuffer->Length);
	printf("Process Name: %wZ\n", ucBuffer);
	}
	}
	if(ucBuffer)
	free(ucBuffer);
	}