GdiProcs is a small utility that attempts to detect hidden processes. The Process Environment Block (PEB) has a field labeled GDISharedHandleTable. This table contains 0x4000 entries that GDI uses to track resources. This table is shared amongst all processes. Each table entry contains several fields, including the owning process id. By cycling through all of the elements in this table and recording unique process id's we can attempt to detect processes which may be hidden from other mechanisms. More information on the GDISharedHandle Table can be found at the following link: http://msdn.microsoft.com/msdnmag/issues/03/01/GDILeaks/default.aspx