This program is a modified version of winkps from "Playing with Windows /dev/(k)mem". The article basically shows how to go ring0 with out drivers. My version should run on windows XP and win2k without modification. If there is an exception when ran, keep re-executing the program until it lists some processes. Sometimes the callgate isnt always installed, sometimes it doesnt walk through the whole eprocess chain, but it does eventually.:) I dont know why this is. crazylord gives an in-depth explanation of the code. However,its based on the win2k eprocess offsets which are different than xp. Some kernel variables and routines are hardcoded for win2k in his article. The only thing hardcoded in winepl.c is the offset to the activeprocesslinks in the eprocess structure. Those offsets for nt,win2k,xp havent changed yet so its fine. Hopefully, someone can find a memmory scan algorithm to find the activeprocesslink offset for future changes to the eprocess structure. ~Blacksoulman
