Informative Information for the Uninformed
Current
v9
v8
v7
v6
v5
v4
v3
v2
v1
All
About
Vol 4
»
2006.Jun
Next:
Contents
Contents
GREPEXEC: Grepping Executive Objects from Pool Memory
May 30, 2006
bugcheck
chris@bugcheck.org
Contents
Foreword
Introduction
Scanning Memory
Retrieving Pool Ranges
Locking Memory
Detecting Executive Objects
Generic Object Information
Validating Pool Block Information
Object Specific Signatures
Process Objects
Thread Objects
Driver Objects
Device Objects
Miscellaneous
Found An Object, Now What?
Process Objects
Thread Objects
Driver Objects
Device Objects
Breaking Signatures
Pointer Based Signatures
N-Depth Pointer Validation
Miscellaneous
GrepExec: The Tool
The Signature
Usage
Sample Output
Conclusion
Bibliography
About this document ...