HEX DEREF SUPPORT
| #985 Title: Advanced kernel memory scanning options in HEX DEREF Administrator |
05/17/2022 20:20 - 38 days 13 hours 57 minutes #985 |
Memory scanning is in user mode by default. The process you opened from the process list by left-clicking on the process name. When you scan your PC or laptop physical memory through the kernel driver, there is no need to open a handle to any process.
The options for kernel driver must be initialized and the driver loaded using the KDI before you can scan kernel memory.
KERNEL_MEMORY: The memory allocated by the kernel and the loaded kernel modules is scanned.
KERNEL_MODULES: The kernel and drivers data and discardable sections are checked.
USER_MEMORY: The memory allocated by all user mode processes is checked. Scanning also includes all protected processes.
The above three together are the same as a computer's physical memory. The more narrowed the scan is, the better results you will get and needless to even mention, you get the results you was after faster as well.
The options for kernel driver must be initialized and the driver loaded using the KDI before you can scan kernel memory.
KERNEL_MEMORY: The memory allocated by the kernel and the loaded kernel modules is scanned.
KERNEL_MODULES: The kernel and drivers data and discardable sections are checked.
USER_MEMORY: The memory allocated by all user mode processes is checked. Scanning also includes all protected processes.
The above three together are the same as a computer's physical memory. The more narrowed the scan is, the better results you will get and needless to even mention, you get the results you was after faster as well.
