-
```
Mainly we need to:
* Find KiServiceTable (not exported, no longer referenced by KTHREAD)
* Fix the hard-coded i*4 stuff in ssdt.py
* Compute the function address (no longer absolute pointers like…
-
```
Mainly we need to:
* Find KiServiceTable (not exported, no longer referenced by KTHREAD)
* Fix the hard-coded i*4 stuff in ssdt.py
* Compute the function address (no longer absolute pointers like…
-
```
Mainly we need to:
* Find KiServiceTable (not exported, no longer referenced by KTHREAD)
* Fix the hard-coded i*4 stuff in ssdt.py
* Compute the function address (no longer absolute pointers like…
-
```
Mainly we need to:
* Find KiServiceTable (not exported, no longer referenced by KTHREAD)
* Fix the hard-coded i*4 stuff in ssdt.py
* Compute the function address (no longer absolute pointers like…
-
```
Mainly we need to:
* Find KiServiceTable (not exported, no longer referenced by KTHREAD)
* Fix the hard-coded i*4 stuff in ssdt.py
* Compute the function address (no longer absolute pointers like…
-
```
Mainly we need to:
* Find KiServiceTable (not exported, no longer referenced by KTHREAD)
* Fix the hard-coded i*4 stuff in ssdt.py
* Compute the function address (no longer absolute pointers like…
-
```
Mainly we need to:
* Find KiServiceTable (not exported, no longer referenced by KTHREAD)
* Fix the hard-coded i*4 stuff in ssdt.py
* Compute the function address (no longer absolute pointers like…
-
```
Mainly we need to:
* Find KiServiceTable (not exported, no longer referenced by KTHREAD)
* Fix the hard-coded i*4 stuff in ssdt.py
* Compute the function address (no longer absolute pointers like…
-
```
Mainly we need to:
* Find KiServiceTable (not exported, no longer referenced by KTHREAD)
* Fix the hard-coded i*4 stuff in ssdt.py
* Compute the function address (no longer absolute pointers like…
-
A table for monitoring all system calls. In its naive form, this would look like:
```
pid
syscall
```
Pragmatically, this would be a very large amount of data and we generally only care about syscal…