|Informative Information for the Uninformed
Next: Retrieving Pool Ranges Up: GREPEXEC: Grepping Executive Objects Previous: Introduction Contents
Enumerating arbitrary system memory is nowhere near a science since its state can change at anytime while you are attempting to access it. While this is true, the memory that surrounds kernel executive objects should be fairly consistent. With proper care, memory accesses should be safe and the chance of false positives and negatives should be fairly minimal. The following sections will outline a safe method to enumerate the contents of both the system's PagedPool and NonPagedPool.