What are the two different dwOptions values used in DuplicateHandle in this technique, and what is their purpose?

The two values are `DUPLICATE_SAME_ATTRIBUTES` (value 0) and `DUPLICATE_SAME_ACCESS` (value `0x00000002`). First, `DUPLICATE_SAME_ATTRIBUTES` is used during handle enumeration to safely obtain handle attributes without affecting the source. Once the target log file handle is identified, `DUPLICATE_SAME_ACCESS` is used to duplicate the handle with full permissions, allowing subsequent operations like `CreateFileMapping` to modify the EVTX file. This distinction is critical for safely traversing handles and then gaining write access.