Different versions of Windows kernel structures
 omeg <omegared o2 pl> |
Tuesday, March 11 2008 12:40.10 CDT |
During research for my next little project I've gathered detailed type information of few key Windows kernel structures: KPCR, KPRCB, KTHREAD, TEB, PEB. Various flavors of Windows were examined: 2000 SP4, XP SP2 (32/64bit), 2003 SP2 (32bit), Vista SP0 (32/64bit), 2008 SP0 (32/64bit). All data is from windbg on live targets, so it should be accurate.
http://omeg.pl/code/windows_kernel_structures.zip
Comments
 jms |
Posted: Saturday, March 15 2008 08:55.06 CDT |
| Awesome! We should figure out how to get these into the reference section of the site, just like the call chains. Fire Pedram an email. | |