@splinter_code : I noticed an interesting change starting from Windows 11 22H2 in the behavior of NtSystemDebugControl when taking a live kernel dump (SysDbgGetLiveKernelDump) including user-mode pages (flag IncludeUserSpaceMemoryPages). Until Windows 11 21H2 code in nt!DbgkCaptureLiveKernelDump • TwiCopy

Antonio Cocomazzi

@splinter_code

+ Follow

offensive security - windows internals | BlueSky: bsky.app/profile/splint… | Mastodon: infosec.exchange/@splinter_code

ID: 765654623461994496

linkhttps://splintercod3.blogspot.com/ calendar_today16-08-2016 21:01:02

1,1K Tweet

8,8K Followers

329 Following

Antonio Cocomazzi

@splinter_code

2 years ago

I noticed an interesting change starting from Windows 11 22H2 in the behavior of NtSystemDebugControl when taking a live kernel dump (SysDbgGetLiveKernelDump) including user-mode pages (flag IncludeUserSpaceMemoryPages). Until Windows 11 21H2 code in nt!DbgkCaptureLiveKernelDump

thumb_up_off_alt132

chat_bubble_outline0

repeat40

shareShare