[Vol-dev] Supported Windows?

Brendan Dolan-Gavitt bdolangavitt at wesleyan.edu
Tue Jan 13 11:20:49 CST 2009


Type information is contained in the debugging symbols (PDB files)  
for ntoskrnl.exe. I have a couple blog posts about extracting this  
information:

http://moyix.blogspot.com/2007/08/pdb-stream-decomposition.html
http://moyix.blogspot.com/2007/10/types-stream.html

Cheers,
Brendan

On Jan 13, 2009, at 10:43 AM, Jun Koi wrote:

> On Sat, Jan 10, 2009 at 6:02 AM, AAron Walters <awalters at 4tphi.net>  
> wrote:
>>
>> Hi Jun Koi,
>>
>>> Does the 1.3 support Windows XP SP3? Or only SP2 is supported?
>>
>> SP3 is supported.
>>
>>> Anybody knows if 1.3 works with XP-SP2 of Windows of all languages
>>> (French, Spain, Japan,...), or only English is supported?
>>
>> We have only tested on English.  I know people are using it with  
>> other
>> languages based on output people have sent me. You may want to ask  
>> on the
>> users list.
>>
>>> Final question: is there any plan to support Vista in the near  
>>> future??
>>
>> Sure. I know of atleast two different groups that have been  
>> working on Vista
>
> So I wonder where did we get the structure information on Windows
> from? (file vtypes.py). And how hard it is to have those data for
> Vista & Windows 7??
>
> Thanks,
> J
> _______________________________________________
> Vol-dev mailing list
> Vol-dev at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev
>



More information about the Vol-dev mailing list