1. scan memory 2. scan PCIe 3. scan UEFI 4. exit drvscan operation: 1 1. [4] target process id 2. [ntoskrnl.exe] (optional) name of the image e.g. explorer.exe 3. [0] the amount of bytes that have to be different before logging the patch 4. [0] if option is selected, we use local dumps instead of original disk files 5. dump 6. scan 7. back operation: