Windows hides a vast amount of live data just below Win32. In this module you learn to pull back the curtain. Starting with NtQuerySystemInformation, you’ll enumerate processes, threads, and even every open handle on the system. Along the way Pavel demystifies the Object Manager-its types, names, and namespace hierarchy. The module wraps with a look at KUSER_SHARED_DATA, the always-mapped page that gives you fast, syscall-free access to clocks, CPU info and more.