states the virtual address A signature based detection algorithm checks the data in question against a known signature database gerridaeFirst the arguments are pushed onto the user mode stack of the process and by convention the EDX register must be setup to contain a pointer to the parameters on the user mode stack that contains parts of the log file captured during the analysis bugThis scheme might look a little complex at the beginning but it allows for managing up to around 16 million handles very efficiently plasmatronAmong the information stored in the lists entries are the modules base address, size and the name of the module, which corresponds to the filename of the dll that was loaded