Unix memory model relies on a strong separation between user-space memory and kernel-space memory. This tag refers to mechanisms that lie in kernel-space.
Questions tagged [kernel-mode]
84 questions
4
votes
2 answers
How does Kernel Detective check if API functions are hooked?
One of the many features of Kernel Detective is the possibility to retrieve the original addresses of the native apis functions implemented in the driver win32k.sys and checking if they are hooked. What are the possible ways to achieve the same ?
user4170
- 95
- 1
- 5
1
vote
2 answers
How do I get ring0 code coverage?
I wonder, whether there is a way to get a code coverage of a r0 code? PIN tool is designed for usermode, if i'm right.
Though i've seen on twitter somebody mentioned such a tool, that's why i'm sure it exists.
fasmotol
- 139
- 6