mvankuipers/tf-article2-windbg-29.txt Secret

## tf-article2-windbg-29.txt
kd> !vad
VAD           Level     Start       End Commit
ffffa50dcf7a1660  4     7ffe0     7ffe0      1 Private      READONLY
ffffa50dcf78c450  3     7ffe1     7ffef     -1 Private      READONLY
ffffa50dcf8a3240  4   6f29440   6f2953f      7 Private      READWRITE
ffffa50dcf78b280  2   6f29600   6f297ff      3 Private      READWRITE
ffffa50dd1bd9180  3  1fe15080  1fe1508f      0 Mapped       READWRITE          Pagefile section, shared commit 0
ffffa50dcf74b890  4  1fe15090  1fe15096      1 Private      READWRITE
ffffa50dcfb58620  1  1fe150a0  1fe150b7      0 Mapped       READONLY           Pagefile section, shared commit 0
ffffa50dcf7595f0  3  1fe150c0  1fe150c3      0 Mapped       READONLY           Pagefile section, shared commit 0
ffffa50dcf669330  2  1fe150d0  1fe150d0      0 Mapped       READONLY           Pagefile section, shared commit 0
ffffa50dd027cdc0  0  1fe150e0  1fe150e0      1 Private      READWRITE
ffffa50dd16580b0  4  1fe150f0  1fe151b4      0 Mapped       READONLY           \Windows\System32\locale.nls
ffffa50dd15f0470  3  1fe151c0  1fe151c0      1 Private      READWRITE
ffffa50dd2313a20  4  1fe151d0  1fe151d0      0 Mapped       READWRITE          Pagefile section, shared commit 0
ffffa50dcfd121a0  2  1fe15280  1fe1537f     21 Private      READWRITE
ffffa50dcf791350  3 7ff7f5c60 7ff7f5d5f      0 Mapped       READONLY           Pagefile section, shared commit 0
ffffa50dcf74fd50  1 7ff7f5d60 7ff7f5d82      0 Mapped       READONLY           Pagefile section, shared commit 0
ffffa50dcf721450  4 7ff7f62e0 7ff7f643d     95 Mapped  Exe  EXECUTE_WRITECOPY  \Users\Michael\Desktop\memdemo.exe
ffffa50dcf7a5780  3 7ffc3d340 7ffc3d3bd      5 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\apphelp.dll
ffffa50dcf7515c0  4 7ffc3f6d0 7ffc3f918      9 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\KernelBase.dll
ffffa50dd1708390  2 7ffc40120 7ffc401cd      6 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\kernel32.dll
ffffa50dcf74fdf0  3 7ffc42750 7ffc4292a     12 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\ntdll.dll

Total VADs: 21, average level: 3, maximum depth: 4
Total private commit: 0xa2 pages (648 KB)
Total shared commit:  0 pages (0 KB)
	kd> !vad
	VAD Level Start End Commit
	ffffa50dcf7a1660 4 7ffe0 7ffe0 1 Private READONLY
	ffffa50dcf78c450 3 7ffe1 7ffef -1 Private READONLY
	ffffa50dcf8a3240 4 6f29440 6f2953f 7 Private READWRITE
	ffffa50dcf78b280 2 6f29600 6f297ff 3 Private READWRITE
	ffffa50dd1bd9180 3 1fe15080 1fe1508f 0 Mapped READWRITE Pagefile section, shared commit 0
	ffffa50dcf74b890 4 1fe15090 1fe15096 1 Private READWRITE
	ffffa50dcfb58620 1 1fe150a0 1fe150b7 0 Mapped READONLY Pagefile section, shared commit 0
	ffffa50dcf7595f0 3 1fe150c0 1fe150c3 0 Mapped READONLY Pagefile section, shared commit 0
	ffffa50dcf669330 2 1fe150d0 1fe150d0 0 Mapped READONLY Pagefile section, shared commit 0
	ffffa50dd027cdc0 0 1fe150e0 1fe150e0 1 Private READWRITE
	ffffa50dd16580b0 4 1fe150f0 1fe151b4 0 Mapped READONLY \Windows\System32\locale.nls
	ffffa50dd15f0470 3 1fe151c0 1fe151c0 1 Private READWRITE
	ffffa50dd2313a20 4 1fe151d0 1fe151d0 0 Mapped READWRITE Pagefile section, shared commit 0
	ffffa50dcfd121a0 2 1fe15280 1fe1537f 21 Private READWRITE
	ffffa50dcf791350 3 7ff7f5c60 7ff7f5d5f 0 Mapped READONLY Pagefile section, shared commit 0
	ffffa50dcf74fd50 1 7ff7f5d60 7ff7f5d82 0 Mapped READONLY Pagefile section, shared commit 0
	ffffa50dcf721450 4 7ff7f62e0 7ff7f643d 95 Mapped Exe EXECUTE_WRITECOPY \Users\Michael\Desktop\memdemo.exe
	ffffa50dcf7a5780 3 7ffc3d340 7ffc3d3bd 5 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\apphelp.dll
	ffffa50dcf7515c0 4 7ffc3f6d0 7ffc3f918 9 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\KernelBase.dll
	ffffa50dd1708390 2 7ffc40120 7ffc401cd 6 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\kernel32.dll
	ffffa50dcf74fdf0 3 7ffc42750 7ffc4292a 12 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\ntdll.dll

	Total VADs: 21, average level: 3, maximum depth: 4
	Total private commit: 0xa2 pages (648 KB)
	Total shared commit: 0 pages (0 KB)