Subsets of non-paged pool unused pages entries are flushed from a translation lookaside buffer (TLB). An attempt to access malicious code within a not present page within the non-paged pool unused pages is made, e.g., by malicious code. The attempt to access the page generates a page fault, which is...http://www.google.de/patents/US7797747?utm_source=gb-gplus-sharePatent US7797747 - Detection of malicious code in non-paged pool unused pages
