"Amugy azt probalhatod meg esetleg, hogy windows sysinternals, elinditod a szamlalot, es megnezegeted milyen dlleket nyitogat meg..."
http://www.processlist.com/info/nthandle.html
példa ->
Handle v1.33
Copyright (C) 1997-2000 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
System pid: 4
------------------------------------------------------------------------------
smss.exe pid: 604 (NT AUTHORITY:SYSTEM)
------------------------------------------------------------------------------
csrss.exe pid: 664 (NT AUTHORITY:SYSTEM)
d4: Section \Windows\WindowStations\WinSta0
2bc: Section \Windows\WindowStations\WinSta0
568: Section \Windows\WindowStations\Service-0x0-3e7$
------------------------------------------------------------------------------
winlogon.exe pid: 688 (NT AUTHORITY:SYSTEM)
ac: Section \Windows\WindowStations\WinSta0
b4: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
services.exe pid: 732 (NT AUTHORITY:SYSTEM)
2c: Section \Windows\WindowStations\Service-0x0-3e7$
38: Section \Windows\WindowStations\Service-0x0-3e7$
------------------------------------------------------------------------------
lsass.exe pid: 744 (NT AUTHORITY:SYSTEM)
2c: Section \Windows\WindowStations\Service-0x0-3e7$
38: Section \Windows\WindowStations\Service-0x0-3e7$
------------------------------------------------------------------------------
ati2evxx.exe pid: 904 (NT AUTHORITY:SYSTEM)
10: Section \Windows\WindowStations\WinSta0
24: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
svchost.exe pid: 924 (NT AUTHORITY:SYSTEM)
2c: Section \Windows\WindowStations\Service-0x0-3e7$
38: Section \Windows\WindowStations\Service-0x0-3e7$
------------------------------------------------------------------------------
svchost.exe pid: 1016
28: Section \Windows\WindowStations\Service-0x0-3e4$
34: Section \Windows\WindowStations\Service-0x0-3e4$
------------------------------------------------------------------------------
svchost.exe pid: 1112 (NT AUTHORITY:SYSTEM)
2c: Section \Windows\WindowStations\Service-0x0-3e7$
38: Section \Windows\WindowStations\Service-0x0-3e7$
4c0: Section \Windows\WindowStations\SAWinSta
------------------------------------------------------------------------------
svchost.exe pid: 1240
28: Section \Windows\WindowStations\Service-0x0-3e4$
34: Section \Windows\WindowStations\Service-0x0-3e4$
------------------------------------------------------------------------------
svchost.exe pid: 1340
28: Section \Windows\WindowStations\Service-0x0-3e5$
34: Section \Windows\WindowStations\Service-0x0-3e5$
------------------------------------------------------------------------------
vsmon.exe pid: 1364 (NT AUTHORITY:SYSTEM)
24: Section \Windows\WindowStations\WinSta0
30: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
spoolsv.exe pid: 1648 (NT AUTHORITY:SYSTEM)
2c: Section \Windows\WindowStations\WinSta0
38: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
AppleMobileDeviceService.exe pid: 1892 (NT AUTHORITY:SYSTEM)
24: Section \Windows\WindowStations\Service-0x0-3e7$
30: Section \Windows\WindowStations\Service-0x0-3e7$
------------------------------------------------------------------------------
sqlservr.exe pid: 1960 (NT AUTHORITY:SYSTEM)
34: Section \Windows\WindowStations\Service-0x0-3e7$
3c: Section \Windows\WindowStations\Service-0x0-3e7$
------------------------------------------------------------------------------
svchost.exe pid: 124 (NT AUTHORITY:SYSTEM)
2c: Section \Windows\WindowStations\Service-0x0-3e7$
38: Section \Windows\WindowStations\Service-0x0-3e7$
------------------------------------------------------------------------------
sqlagent.exe pid: 964 (NT AUTHORITY:SYSTEM)
1c: Section \Windows\WindowStations\Service-0x0-3e7$
24: Section \Windows\WindowStations\Service-0x0-3e7$
------------------------------------------------------------------------------
alg.exe pid: 1412
10: Section \Windows\WindowStations\Service-0x0-3e5$
28: Section \Windows\WindowStations\Service-0x0-3e5$
------------------------------------------------------------------------------
wbload.exe pid: 524 (PETI-HOME:peti)
7e0: Section \Windows\WindowStations\WinSta0
7f4: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
ati2evxx.exe pid: 204 (PETI-HOME:peti)
10: Section \Windows\WindowStations\WinSta0
24: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
WgaTray.exe pid: 1260 (PETI-HOME:peti)
28: Section \Windows\WindowStations\WinSta0
34: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
explorer.exe pid: 1216 (PETI-HOME:peti)
28: Section \Windows\WindowStations\WinSta0
34: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
SOUNDMAN.EXE pid: 2892 (PETI-HOME:peti)
1c: Section \Windows\WindowStations\WinSta0
24: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
atiptaxx.exe pid: 2936 (PETI-HOME:peti)
10: Section \Windows\WindowStations\WinSta0
24: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
PDVDServ.exe pid: 2944 (PETI-HOME:peti)
10: Section \Windows\WindowStations\WinSta0
24: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
DATALA~1.EXE pid: 3084 (PETI-HOME:peti)
10: Section \Windows\WindowStations\WinSta0
24: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
TRAYAP~1.EXE pid: 3096 (PETI-HOME:peti)
10: Section \Windows\WindowStations\WinSta0
24: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
winampa.exe pid: 3124 (PETI-HOME:peti)
1c: Section \Windows\WindowStations\WinSta0
24: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
jusched.exe pid: 3136 (PETI-HOME:peti)
24: Section \Windows\WindowStations\WinSta0
30: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
iTunesHelper.exe pid: 3196 (PETI-HOME:peti)
24: Section \Windows\WindowStations\WinSta0
30: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
zlclient.exe pid: 3204 (PETI-HOME:peti)
28: Section \Windows\WindowStations\WinSta0
34: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
ctfmon.exe pid: 3224 (PETI-HOME:peti)
28: Section \Windows\WindowStations\WinSta0
34: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
sqlmangr.exe pid: 3320 (PETI-HOME:peti)
1c: Section \Windows\WindowStations\WinSta0
24: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
SERVIC~1.EXE pid: 3448 (PETI-HOME:peti)
24: Section \Windows\WindowStations\WinSta0
30: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
iPodService.exe pid: 3672 (NT AUTHORITY:SYSTEM)
24: Section \Windows\WindowStations\Service-0x0-3e7$
30: Section \Windows\WindowStations\Service-0x0-3e7$
------------------------------------------------------------------------------
seamonkey.exe pid: 644 (PETI-HOME:peti)
24: Section \Windows\WindowStations\WinSta0
30: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
Far.exe pid: 1600 (PETI-HOME:peti)
24: Section \Windows\WindowStations\WinSta0
2c: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
cmd.exe pid: 2472 (PETI-HOME:peti)
10: Section \Windows\WindowStations\WinSta0
24: Section \Windows\WindowStations\WinSta0
------------------------------------------------------------------------------
NTHANDLE.EXE pid: 1704 (PETI-HOME:peti)
7e0: Section \Windows\WindowStations\WinSta0
--
"No trees were destroyed in the sending of this message. However,
a large number of electrons were terribly inconvenienced."