All projects and the code within this repository are solely proof of concepts and have not been thoroughly tested on different versions of Microsoft Windows.
The DriverEntry routines of each driver checks for the version of the operating system and will make sure it is Windows 10 (20h2) - 19044.1706, as it the Windows 10 version I used to test the drivers.
All structures and other typedef have been defined via available PDBs, WinDBG and resym tool. Structures and data may differ from one version to another - use with caution.
Experiments with the Windows Memory Manager (Mm/Mi). Currently listing Virtual Address Descriptors (VADs) of a process.
Kernel Device Name: \\Device\\MManager
List of User-Mode applications:
- vadlist.exe