mvankuipers/tf-article2-windbg-6.txt Secret

## tf-article2-windbg-6.txt
6: kd> !vad
VAD           Level     Start       End Commit
fffffa8019785170  5        10        1f      0 Mapped       READWRITE          Pagefile section, shared commit 0x10
fffffa8019229650  4        20        26      0 Mapped       READONLY           Pagefile section, shared commit 0x7
fffffa802aec35c0  5        30        33      0 Mapped       READONLY           Pagefile section, shared commit 0x4
fffffa80291085a0  3        40        41      0 Mapped       READONLY           Pagefile section, shared commit 0x2
fffffa802b25c180  5        50        50      1 Private      READWRITE
fffffa802b0b8940  4        60        c6      0 Mapped       READONLY           \Windows\System32\locale.nls
fffffa8019544940  5        d0        d1      0 Mapped       READWRITE          Pagefile section, shared commit 0x2
fffffa80193c5570  2        e0        e2      3 Mapped       WRITECOPY          \Windows\System32\en-US\notepad.exe.mui
fffffa802b499e00  5        f0        f0      1 Private      READWRITE
fffffa802b4a6160  4       100       100      1 Private      READWRITE
fffffa801954d3a0  5       110       110      0 Mapped       READWRITE          Pagefile section, shared commit 0x1
fffffa80197cf8c0  3       120       121      0 Mapped       READONLY           Pagefile section, shared commit 0x2
fffffa802b158240  4       160       16f      2 Private      READWRITE
fffffa802b24f180  1       1a0       21f     20 Private      READWRITE
fffffa802b1fc680  6       220       31f    104 Private      READWRITE
fffffa802b44d110  5       320       41f    146 Private      READWRITE
fffffa802910ece0  6       420       4fe      0 Mapped       READONLY           Pagefile section, shared commit 0xdf
fffffa802b354c60  4       540       54f      7 Private      READWRITE
fffffa8029106660  6       550       6d7      0 Mapped       READONLY           Pagefile section, shared commit 0x6
fffffa802b4738b0  5       6e0       860      0 Mapped       READONLY           Pagefile section, shared commit 0x181
fffffa802942ea30  6       870      1c6f      0 Mapped       READONLY           Pagefile section, shared commit 0x23
fffffa802b242260  3      1cf0      1d6f     28 Private      READWRITE
fffffa802aa66d60  5      1e10      1e8f    113 Private      READWRITE
fffffa8019499560  4      3030      395f      0 Mapped       READONLY           \Windows\Fonts\StaticCache.dat
fffffa8019246370  5      3960      3c2e      0 Mapped       READONLY           \Windows\Globalization\Sorting\SortDefault.nls
fffffa802b184c50  6      3c30      3d2f      1 Private      READWRITE
fffffa802b45f180  2     77420     77519      3 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\user32.dll
fffffa80192afa20  4     77520     7763e      4 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\kernel32.dll
fffffa802a8ba9c0  3     77640     777e9     14 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\ntdll.dll
fffffa802910a440  5     7efe0     7f0df      0 Mapped       READONLY           Pagefile section, shared commit 0x5
fffffa802b26d180  4     7f0e0     7ffdf      0 Private      READONLY
fffffa802b4cb160  0     7ffe0     7ffef     -1 Private      READONLY
fffffa802b4e60d0  5     ffd50     ffd84      4 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\notepad.exe
fffffa801978d170  4  7fefa530  7fefa5a0      3 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\winspool.drv
fffffa80197e0970  5  7fefaab0  7fefab05      4 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\uxtheme.dll
fffffa802a6d9720  6  7fefafd0  7fefafe7      5 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\dwmapi.dll
fffffa80197ecc50  3  7fefb390  7fefb583      6 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
fffffa802a91e010  5  7fefc3c0  7fefc3cb      2 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\version.dll
fffffa80197cb010  6  7fefd1d0  7fefd1de      2 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\cryptbase.dll
fffffa80290fe9c0  4  7fefd440  7fefd4a9      3 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\KernelBase.dll
fffffa8029109e30  5  7fefd6f0  7fefd6fd      2 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\lpk.dll
fffffa8029522520  6  7fefd720  7fefd74d      3 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\imm32.dll
fffffa802910bce0  2  7fefd800  7fefd8da      7 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\advapi32.dll
fffffa80290d9500  5  7fefd8e0  7fefdadb      9 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\ole32.dll
fffffa802af4a0c0  4  7fefdae0  7fefe86a     13 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\shell32.dll
fffffa8019787170  5  7fefea50  7fefea6e      4 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\sechost.dll
fffffa802a6e8010  3  7fefeda0  7fefee36      6 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\comdlg32.dll
fffffa802a6ae010  5  7fefee50  7fefef58      4 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\msctf.dll
fffffa802910dac0  4  7feff0f0  7feff21c      3 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\rpcrt4.dll
fffffa801948e940  1  7feff2a0  7feff33e      7 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\msvcrt.dll
fffffa802aac1010  5  7feff340  7feff3b0      3 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\shlwapi.dll
fffffa8029156010  4  7feff3c0  7feff48a      4 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\usp10.dll
fffffa801956e170  5  7feff800  7feff8d9      4 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\oleaut32.dll
fffffa8019789170  3  7feff8e0  7feff946      3 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\gdi32.dll
fffffa801958e170  4  7feff960  7feff960      0 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\apisetschema.dll
fffffa80290f3c10  2  7fffffb0  7fffffd2      0 Mapped       READONLY           Pagefile section, shared commit 0x23
fffffa802af28110  3  7fffffd5  7fffffd5      1 Private      READWRITE
fffffa802a714a30  4  7fffffde  7fffffdf      2 Private      READWRITE

Total VADs: 58, average level: 5, maximum depth: 6
Total private commit: 0x228 pages (2208 KB)
Total shared commit:  0x2d3 pages (2892 KB)
	6: kd> !vad
	VAD Level Start End Commit
	fffffa8019785170 5 10 1f 0 Mapped READWRITE Pagefile section, shared commit 0x10
	fffffa8019229650 4 20 26 0 Mapped READONLY Pagefile section, shared commit 0x7
	fffffa802aec35c0 5 30 33 0 Mapped READONLY Pagefile section, shared commit 0x4
	fffffa80291085a0 3 40 41 0 Mapped READONLY Pagefile section, shared commit 0x2
	fffffa802b25c180 5 50 50 1 Private READWRITE
	fffffa802b0b8940 4 60 c6 0 Mapped READONLY \Windows\System32\locale.nls
	fffffa8019544940 5 d0 d1 0 Mapped READWRITE Pagefile section, shared commit 0x2
	fffffa80193c5570 2 e0 e2 3 Mapped WRITECOPY \Windows\System32\en-US\notepad.exe.mui
	fffffa802b499e00 5 f0 f0 1 Private READWRITE
	fffffa802b4a6160 4 100 100 1 Private READWRITE
	fffffa801954d3a0 5 110 110 0 Mapped READWRITE Pagefile section, shared commit 0x1
	fffffa80197cf8c0 3 120 121 0 Mapped READONLY Pagefile section, shared commit 0x2
	fffffa802b158240 4 160 16f 2 Private READWRITE
	fffffa802b24f180 1 1a0 21f 20 Private READWRITE
	fffffa802b1fc680 6 220 31f 104 Private READWRITE
	fffffa802b44d110 5 320 41f 146 Private READWRITE
	fffffa802910ece0 6 420 4fe 0 Mapped READONLY Pagefile section, shared commit 0xdf
	fffffa802b354c60 4 540 54f 7 Private READWRITE
	fffffa8029106660 6 550 6d7 0 Mapped READONLY Pagefile section, shared commit 0x6
	fffffa802b4738b0 5 6e0 860 0 Mapped READONLY Pagefile section, shared commit 0x181
	fffffa802942ea30 6 870 1c6f 0 Mapped READONLY Pagefile section, shared commit 0x23
	fffffa802b242260 3 1cf0 1d6f 28 Private READWRITE
	fffffa802aa66d60 5 1e10 1e8f 113 Private READWRITE
	fffffa8019499560 4 3030 395f 0 Mapped READONLY \Windows\Fonts\StaticCache.dat
	fffffa8019246370 5 3960 3c2e 0 Mapped READONLY \Windows\Globalization\Sorting\SortDefault.nls
	fffffa802b184c50 6 3c30 3d2f 1 Private READWRITE
	fffffa802b45f180 2 77420 77519 3 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\user32.dll
	fffffa80192afa20 4 77520 7763e 4 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\kernel32.dll
	fffffa802a8ba9c0 3 77640 777e9 14 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\ntdll.dll
	fffffa802910a440 5 7efe0 7f0df 0 Mapped READONLY Pagefile section, shared commit 0x5
	fffffa802b26d180 4 7f0e0 7ffdf 0 Private READONLY
	fffffa802b4cb160 0 7ffe0 7ffef -1 Private READONLY
	fffffa802b4e60d0 5 ffd50 ffd84 4 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\notepad.exe
	fffffa801978d170 4 7fefa530 7fefa5a0 3 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\winspool.drv
	fffffa80197e0970 5 7fefaab0 7fefab05 4 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\uxtheme.dll
	fffffa802a6d9720 6 7fefafd0 7fefafe7 5 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\dwmapi.dll
	fffffa80197ecc50 3 7fefb390 7fefb583 6 Mapped Exe EXECUTE_WRITECOPY \Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
	fffffa802a91e010 5 7fefc3c0 7fefc3cb 2 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\version.dll
	fffffa80197cb010 6 7fefd1d0 7fefd1de 2 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\cryptbase.dll
	fffffa80290fe9c0 4 7fefd440 7fefd4a9 3 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\KernelBase.dll
	fffffa8029109e30 5 7fefd6f0 7fefd6fd 2 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\lpk.dll
	fffffa8029522520 6 7fefd720 7fefd74d 3 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\imm32.dll
	fffffa802910bce0 2 7fefd800 7fefd8da 7 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\advapi32.dll
	fffffa80290d9500 5 7fefd8e0 7fefdadb 9 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\ole32.dll
	fffffa802af4a0c0 4 7fefdae0 7fefe86a 13 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\shell32.dll
	fffffa8019787170 5 7fefea50 7fefea6e 4 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\sechost.dll
	fffffa802a6e8010 3 7fefeda0 7fefee36 6 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\comdlg32.dll
	fffffa802a6ae010 5 7fefee50 7fefef58 4 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\msctf.dll
	fffffa802910dac0 4 7feff0f0 7feff21c 3 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\rpcrt4.dll
	fffffa801948e940 1 7feff2a0 7feff33e 7 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\msvcrt.dll
	fffffa802aac1010 5 7feff340 7feff3b0 3 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\shlwapi.dll
	fffffa8029156010 4 7feff3c0 7feff48a 4 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\usp10.dll
	fffffa801956e170 5 7feff800 7feff8d9 4 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\oleaut32.dll
	fffffa8019789170 3 7feff8e0 7feff946 3 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\gdi32.dll
	fffffa801958e170 4 7feff960 7feff960 0 Mapped Exe EXECUTE_WRITECOPY \Windows\System32\apisetschema.dll
	fffffa80290f3c10 2 7fffffb0 7fffffd2 0 Mapped READONLY Pagefile section, shared commit 0x23
	fffffa802af28110 3 7fffffd5 7fffffd5 1 Private READWRITE
	fffffa802a714a30 4 7fffffde 7fffffdf 2 Private READWRITE

	Total VADs: 58, average level: 5, maximum depth: 6
	Total private commit: 0x228 pages (2208 KB)
	Total shared commit: 0x2d3 pages (2892 KB)