Please, i need know how to i can write a function that:
Get all running process
if process isn't created by system, check his folder for a dll, if dll is found, kill the process...
someprocess1.exe - SYSTEM
someprocess2.exe - USER
someprocess3.exe - USER
someprocess1 - not checked.
someprocess2 - checked, dll isn't found, still running...
someprocess3 - checked, dll found, killed.
sorry for english.
may I ask why you would want to do that?
it sounds like a good way to get yourself into some undesired and undefined behaviour, considering most SYSTEM process directories will almost always contain a DLL, as will a lot of Windows processes that are not running with SYSTEM privileges.
Find all the processes with EnumProcesses, get their paths with GetModuleHandle, and check for dlls there with FindFirstFile and FindNextFile. To find their paths you will need a handle; to get one from their PID, use OpenProcess.