How does the article propose to obtain the handle to the specified log file without injecting into svchost.exe?

The approach uses the kernel API `NtQuerySystemInformation` with `SystemHandleInformation` to enumerate all open handles across processes. It filters for file-type handles, optionally narrows the search to the log service process (e.g., by enumerating services), and then uses `NtDuplicateObject` to retrieve handle names and filter for the target EVTX file. This yields the handle without requiring code injection, as explained in Windows XML Event Log (EVTX) Single Log Entry Deletion (Part 5).