[dazzer]

Hi there,

I'm looking for some sort of callback that I can set that will notify me when ZwOpenSection is called to open a handle to PhysicalMemory. I was thinking ObRegisterCallbacks, but I don't think that would pick it up if ZwOpenSection is being called from Kernel Mode. Any ideas?

[EP_X0FF]

Hello,

which Windows version and type (32/64)?

[s0me]

Hey,

also interested if this is possible at all, win7 onwards 64bit.