|
|
@ -91,4 +91,10 @@ BEDaisy checks the IRP's of every single loaded driver. Below is the checks done
|
|
|
|
00042980 92.56213379 [GoodEye] - NonPaged VirtualAddress: 0xFFFFF80498F516A0 // address of DxgkDeviceIoctl
|
|
|
|
00042980 92.56213379 [GoodEye] - NonPaged VirtualAddress: 0xFFFFF80498F516A0 // address of DxgkDeviceIoctl
|
|
|
|
00042981 92.56213379 [GoodEye]MmIsAddressValid Called From: 0xFFFFF804DEFE1116
|
|
|
|
00042981 92.56213379 [GoodEye]MmIsAddressValid Called From: 0xFFFFF804DEFE1116
|
|
|
|
00042982 92.56213379 [GoodEye] - NonPaged VirtualAddress: 0xFFFFF80499059670 // address of DxgkInternalDeviceIoctl
|
|
|
|
00042982 92.56213379 [GoodEye] - NonPaged VirtualAddress: 0xFFFFF80499059670 // address of DxgkInternalDeviceIoctl
|
|
|
|
```
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Imports
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
All of import addresses are stored in the `.data` section of the driver and can easily be changed to hook imported functions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<img src="https://imgur.com/hafZdDd.png"/>
|