Thanks for this groundbreaking post. Totally not tools out there that already have way more information than you posted and ALSO not like people can’t enable kernel debugging, open Windbg and type !dt STRUCT
Thats why i posted the new link as well. I just had the deprecated offset page bookmarked.
You again suggest people to have a vm for every different kernel in case they need to check it via windbg. I think i said enough about it already. You are ignorant
How do you think i got the posted offsets?! The whole discussion is about forcing several .pdb files within 1 debug session under 1 kernel version because daax tried to tell me that its possible. But it isnt. All he explained is how to set the sympath which is trivial, at least for me. The offsets i posted were dumped by me via windbg in different debug sessions which obviously means i had the correct symbols. Setting another sympath doesnt change the .pdb file windbg wants to load. Incompetently trying to shut people down seems to be your business why else you leaked stuff of others as well
If you want to do it on your own the fastest way, get the kernel .exe of choice and open it in IDA.
Last edited by skadro; Yesterday at 03:39 AM.
This is a syndicated post. Read the original post at Source link .