Process privileges in windows

http://msdn.microsoft.com/en-us/library/ms682623(VS.85).aspx

>If OpenProcess fails, the output shows the process name as <unknown>. For example, OpenProcess fails for the Idle and CSRSS processes because their access restrictions prevent user-level code from opening them.

I'm able to access only liek 70% of SYSTEM's processes on PROCESS_QUERY_LIMITED_INFORMATION / PROCESS_QUERY_INFORMATION. Very well.
But...
How does default taskmgr.exe access these secured processes like csrss, displaying all the info about them as if it had PROCESS_ALL_ACCESS granted? After all, it's just an application, additional tool for end users, not any sort of integral kernel part. I don't think I have to remind you that it executes on user's account privileges.

>>1
taskmgr makes uses of internal "undocumented"(documented in plenty of places, including Microsoft's own places, but there's a big red disclaimer stating that APIs may be subject to change in future versions of NT) NT APIs like NtQuerySystemInformation, NtOpenThread,  NtShutdownSystem and others. If you want to see how that works, just use a debugger or disassembler, it's very simple. Using an API monitor is also a (crappier) solution if you really suck at x86 assembly. There are also a lot of non-MS tools which implement the same functionality as taskmgr, and more ( prcview, procexp, lord pe, pe tools, and so on ). Google more next time, or do your own research.