Informative Information for the Uninformed | ||||||||||||||
|
||||||||||||||
Process ObjectsHere are just a few of the most basic EPROCESS fields which can form a simple signature using rather predictable constant values which hold true for all EPROCESS structures in the same system.
Note that there are several other DISPATCH_HEADERs embedded within locks, events, timers, etc in the structure which also have a predicable Header.Type and Header.Size.
|