The latest version of Windows 10 (Anniversary Update) has raised the bar again when it comes to successfully exploiting a kernel vulnerability. Microsoft made a step forward by killing the GDI Objects kernel pointers leakage which was widely used after the infamous hacking team exploit. Also, with the randomization of the paging structures, the system now boosts full KASLR, which leads to the requirement of a memory disclosure bug in order to get control of RIP either by ROPing or DKOM techniques. This presentation is going to show the side-channel attack called DrK aka “De-randomizing Kernel Address Space” (presented at Blackhat 2016) applied to the randomization of the PML4 structure. By Combining the TSX instructions and several tricks to get reliability, one is able to determine the exact location of the “PML4 SelfRef Entry”. After this point, all the known attacks against the paging structures can be carried out as if the KASLR never existed.