Awesome
POC-ExFlushTb
A POC for monitoring Tb. This code is not neat, it's just a POC.
Principle
Hijack HalIommuDispatch + 0x48
KeFlushSingleTb
-> ExFlushTb
KeFlushTb
-> ExFlushTb
Compile
- Visual Studio 2022 & WDK11
- llvm-msvc [link]