|
|
@ -92,11 +92,3 @@ BEDaisy checks the IRP's of every single loaded driver. Below is the checks done
|
|
|
|
00042981 92.56213379 [GoodEye]MmIsAddressValid Called From: 0xFFFFF804DEFE1116
|
|
|
|
00042981 92.56213379 [GoodEye]MmIsAddressValid Called From: 0xFFFFF804DEFE1116
|
|
|
|
00042982 92.56213379 [GoodEye] - NonPaged VirtualAddress: 0xFFFFF80499059670 // address of DxgkInternalDeviceIoctl
|
|
|
|
00042982 92.56213379 [GoodEye] - NonPaged VirtualAddress: 0xFFFFF80499059670 // address of DxgkInternalDeviceIoctl
|
|
|
|
```
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
As you can see `0xFFFFF8049905E400` is `DxgkCreateClose`.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<img src="https://imgur.com/rnkZ7Sl.png"/>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
As you can see `0xFFFFF80498F516A0` is `DxgkDeviceIoctl`
|
|
|
|
|
|
|
|
<img src="https://imgur.com/m9YEp50.png"/>
|
|
|
|
|