GdiProcs is a small utility that attempts to detect hidden processes.
The Process Environment Block (PEB) has a field labeled GDISharedHandleTable. This table contains 0x4000 entries that GDI uses to track resources. The table is shared among all processes, and each entry contains several fields including the owning process ID.
By cycling through all elements in this table and recording unique process IDs, we can attempt to detect processes that may be hidden from other enumeration mechanisms.
More information on the GDI shared handle table is available in this MSDN Magazine article.