RestrictedKernelLeaks
List of KASLR bypass techniques in Windows 10 kernel.
-
ZwQuerySystemInformation/SystemModuleInformation
-
ZwQuerySystemInformation/SystemModuleInformationEx
-
ZwQuerySystemInformation/SystemProcessInformation
-
ZwQuerySystemInformation/SystemExtendedProcessInformation
-
ZwQuerySystemInformation/SystemSessionProcessInformation
-
ZwQuerySystemInformation/SystemLocksInformation
-
ZwQuerySystemInformation/SystemHandleInformation
-
ZwQuerySystemInformation/SystemExtendedHandleInformation
-
ZwQuerySystemInformation/SystemObjectInformation
-
ZwQuerySystemInformation/SystemBigPoolInformation
-
ZwQuerySystemInformation/SystemSessionBigPoolInformation
-
ZwQueryInformationProcess/ProcessHandleTracing
-
ZwQueryInformationProcess/ProcessWorkingSetWatch
-
ZwQueryInformationProcess/ProcessWorkingSetWatchEx
N.B. These techniques are only valid from outside the sandbox.