Hello,

I want to build an application to find and kill any virus and malware.

Until now, I build codes based on API psapi.dll but this codes don't list all the processes, a few processes like wowexec.exe is lot becouse lock him memory.

Private Const TH32CS_SNAPHEAPLIST = &H1 Private Const TH32CS_SNAPPROCESS = &H2 Private Const TH32CS_SNAPTHREAD = &H4 Private Const TH32CS_SNAPMODULE = &H8 Public Const TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST Or TH32CS_SNAPPROCESS Or TH32CS_SNAPTHREAD Or TH32CS_SNAPMODULE) Private Const PROCESS_ALL_ACCESS = &H1F0FFF Private Const PROCESS_QUERY_INFORMATION = 1024 Private Const PROCESS_VM_READ = 16 Private Const MAX_PATH As Integer = 260 Public Type PROCESSENTRY32     dwSize As Long     cntUsage As Long     th32ProcessID As Long     th32DefaultHeapID As Long     th32ModuleID As Long     cntThreads As Long     th32ParentProcessID As Long     pcPriClassBase As Long     dwFlags As Long     szExeFile As String * MAX_PATH End Type Public Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long Public Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long Public Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long Public Declare Sub CloseHandle Lib "kernel32" (ByVal hPass As Long) Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Private Declare Function GetModuleFileNameExA Lib "psapi.dll" (ByVal hProcess As Long, ByVal hModule As Long, ByVal pathProcess As String, ByVal nSize As Long) As Long Public Sub TakeProcesses()     Dim uProcess As PROCESSENTRY32          hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0&)     uProcess.dwSize = Len(uProcess)     r = Process32First(hSnapShot, uProcess)     Do While r         name_process = Left(uProcess.szExeFile, IIf(InStr(1, uProcess.szExeFile, Chr(0)) > 0, InStr(1, uProcess.szExeFile, Chr(0)) - 1, 0))         If name_process <> Empty And name_process <> "System" And name_process <> "[System Process]" Then                 path_process = TakePath(uProcess.th32ProcessID, uProcess.th32ModuleID)                 End If         r = Process32Next(hSnapShot, uProcess)     Loop     CloseHandle hSnapShot End Sub Public Function TakePath(pId As Long, mId As Long) As String     Dim pathProcess As String          hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, pId)     If hProcess = 0 Then Exit Function     pathProcess = Space(MAX_PATH)     lRet = GetModuleFileNameExA(hProcess, mId, pathProcess, 500)     If lRet <> 0 Then         TakePath = Left(pathProcess, lRet)     End If End Function

I tried also the EnumProcesses API function with same result.

How can I find the maximum list of hide applications which lock their memory and other?