this is for holding javascript data
Igor.Korkin renamed 3.2.2. Memory Dump Approach2.tex to Memory Dump Approach2.tex
over 9 years ago
Commit id: 08e8d07d48c19ed130171828a4ea9f0c3f0886c3
deletions | additions
diff --git a/Memory Dump Approach2.tex b/Memory Dump Approach2.tex
new file mode 100644
index 0000000..08cfaa4
--- /dev/null
+++ b/Memory Dump Approach2.tex
...
The disadvantage of this method lies in ignoring physical memory ranges of all PCI devices to avoid crashes, no matter whether DMA is supported and used by this device or not. However it is possible to manually set the physical memory ranges that should be ignored. This disadvantage does not diminish the importance of MASHKA, because the essential structures such as EPROCESS and DRIVER_OBJECT cannot be located in the memory of these devices.
