Question

[Narumiii]

Hello tandasat, first of all thank you for your contribution to the community. I was experimimenting with your HyperVisor and works great hoewer and im trying to log System Drivers API calls but seems like ddimon dones't catch it, i tried hooking PsLookupProcessByProcessId and it only logs the calls from userland, is there anyway to log the ones from kernel too? thanks.

[Narumiii]

Resolved, i am getting the driver caller image name by scanning loaded module list and passing return address then getting image name.