.Alright, i've been sitting hear to day looking at two programs one of which is written by microsoft the other by mark at sysinternals. The microsoft program is Open Handle(Oh) and the sysinternals programs is handle. Both of the programs list the open handles for a given process in two entirely different ways from what i can see. I would like to try and reimplement this without the use of a device driver therefore i've been trying to study Oh versus handle. Does anyone here have any insight into how I can accomplish this? I see in oh that they use a few of the 'undocumented' nt function NtOpenProcess, NtQueryInformationProcess, but before any of these calls i see a reference to \\WindowsSS . If you know anything regarding this please share your information. Thanks
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}