MemoryMon icon indicating copy to clipboard operation
MemoryMon copied to clipboard

Published 20 hours ago verified publisher icon tandasat

mtf

Open Frankenstein-bit opened this issue 5 years ago • 1 comments

thanks for your excellent work, I learned a lot from it. And I try to use this project to monitor windows kernel memory access. And I set corresponding ept entry's r/w to false. Every time windows kernel access memory, I set corresponding ept entry's r/w to ture ,and mtf flag. However, the windows always get stuck somewhere. Can you give some suggestion.

Frankenstein-bit avatar Oct 12 '20 07:10 Frankenstein-bit

If you can reproduce the issue on VMware, try gdb debugging and see where the processors are stuck. If you have IDA Pro, I'd recommend using that for this as it can interpret PDB.

tandasat avatar Oct 21 '20 02:10 tandasat