#kernel

LIVE
1.2k

Anya Rossi

sweetdream.ai

SweetDream.aiSponsoredLivecam
Streaming Now

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

HD live stream
Exclusive private shows
1.2k viewers online

Free preview available • Premium content

#IDA TIP to load #Windows #Kernel types: [1/2] Windows Kernel types (e.g., EPROCESS, ETHREAD, etc.) are not a part of the built-in IDA TILs (because they are changing across different WIN versions). 1. These types are a part of the "ntoskrnl.exe" debug symbols -> "ntkrnlmp.pdb". 2. IDA supports loading "only types" from arbitrary "pdb" file. 3. One can also use the IDA->File->Load file->PDB file dialog to load specific version of "ntoskrnl.exe" and IDA will proceed with automatic download of appropriate "ntkrnlmp.pdb" applying "only types" (if optional checkbox is selected). 4. See example video...
2:08
vinopaljiri's profile picture

#IDA TIP to load #Windows #Kernel types: [1/2] Windows Kernel types (e.g., EPROCESS, ETHREAD, etc.) are not a part of the built-in IDA TILs (because they are changing across different WIN versions). 1. These types are a part of the "ntoskrnl.exe" debug symbols -> "ntkrnlmp.pdb". 2. IDA supports loading "only types" from arbitrary "pdb" file. 3. One can also use the IDA->File->Load file->PDB file dialog to load specific version of "ntoskrnl.exe" and IDA will proceed with automatic download of appropriate "ntkrnlmp.pdb" applying "only types" (if optional checkbox is selected). 4. See example video...

Jiří Vinopal

21,737 Aufrufe • vor 1 Jahr

Keine weiteren Inhalte verfügbar