For each process in the system Windows 95/98 keeps a list of modules and heaplists, whereas each heaplist references several heaps. Per process the following information is gathered: Process ID, module ID, number of threads, base priority, number of references, ID of default heap of process, ID of parent process. Per module of each process the following and other information is gathered: Global usage count, usage count in the context of the owning process, module handle, .exe path, base address of module in the context of the owning process, size in bytes of the module. Per heaplist of each process the heap ID is used. The information which is gathered per heap of a heaplist includes: handle of the heap, linear address, lock count, size of the heap block and the heap ID. A typical slow poll on my Windows 98 machine gathers about 30K of data (This jumps to 60K -- 70K if the Visual C++ IDE is running). Experiments under Windows 95 resulted in 15K of collected data on a system which only ran a DOS box.
What has to be mentioned is that the gathered information does not change very much from poll to poll. Certain events like the starting or terminating of a program do influence the result, but given the information which is gathered this comes not really as a surprise.