HEX DEREF SUPPORT
| #985 Title: Kernel physical memory scanner Administrator |
05/17/2022 20:20 - 708 days 14 hours 50 minutes #985 |
The professional version of the software includes physical memory scanner.
Memory scanning is in user mode by default. The process you opened from the process list by left-clicking on the process name. When you scan your PC or laptop physical memory through the kernel driver, there is no need to open a handle to any process.
The options for kernel driver must be initialized and the driver loaded using the KDI before you can scan kernel memory.
KERNEL_MEMORY: The memory allocated by the kernel and the loaded kernel modules is scanned.
KERNEL_MODULES: The kernel and drivers data and discardable sections are checked.
USER_MEMORY: The memory allocated by all user mode processes is checked. Scanning also includes all protected processes.
The above three together are the same as a computer's physical memory. The more narrowed the scan is, the better results you will get and needless to even mention, you get the results you was after faster as well.
Memory scanning is in user mode by default. The process you opened from the process list by left-clicking on the process name. When you scan your PC or laptop physical memory through the kernel driver, there is no need to open a handle to any process.
The options for kernel driver must be initialized and the driver loaded using the KDI before you can scan kernel memory.
KERNEL_MEMORY: The memory allocated by the kernel and the loaded kernel modules is scanned.
KERNEL_MODULES: The kernel and drivers data and discardable sections are checked.
USER_MEMORY: The memory allocated by all user mode processes is checked. Scanning also includes all protected processes.
The above three together are the same as a computer's physical memory. The more narrowed the scan is, the better results you will get and needless to even mention, you get the results you was after faster as well.
