I am developing a kernel mode module which reads the whole pages that are available in RAM. I am wondering if I get the list of processes and kernel modules from the RAM image I have created, is it possible to get no trace of an application because all its pages has gone to disk? If no, in there any specific part of applications (user-mode and kernel-mode) that will never become paged out?
↧