Introduction Microsoft introduced a new system service routine named NtCompareObjects - user-mode caller access through a system call transition is supported - at the beginning of Windows 10; this kernel routine allows you to accurately determine whether two handles represent the same kernel object. NtCompareObjects will work for at-least process object and thread object handles. … Continue reading Accurately comparing process & thread kernel objects in Windows 10 →