[Vol-dev] Supported Windows?

Jun Koi junkoi2004 at gmail.com
Wed Jan 14 01:45:29 CST 2009


Hi Brendan,

On Wed, Jan 14, 2009 at 2:20 AM, Brendan Dolan-Gavitt
<bdolangavitt at wesleyan.edu> wrote:
> Type information is contained in the debugging symbols (PDB files) for
> ntoskrnl.exe. I have a couple blog posts about extracting this information:
>
> http://moyix.blogspot.com/2007/08/pdb-stream-decomposition.html
> http://moyix.blogspot.com/2007/10/types-stream.html
>

So we can use this technique for Vista and Windows 7? Or there are
some differences that we have to care about??

Thanks,
J



> On Jan 13, 2009, at 10:43 AM, Jun Koi wrote:
>
>> On Sat, Jan 10, 2009 at 6:02 AM, AAron Walters <awalters at 4tphi.net> wrote:
>>>
>>> Hi Jun Koi,
>>>
>>>> Does the 1.3 support Windows XP SP3? Or only SP2 is supported?
>>>
>>> SP3 is supported.
>>>
>>>> Anybody knows if 1.3 works with XP-SP2 of Windows of all languages
>>>> (French, Spain, Japan,...), or only English is supported?
>>>
>>> We have only tested on English.  I know people are using it with other
>>> languages based on output people have sent me. You may want to ask on the
>>> users list.
>>>
>>>> Final question: is there any plan to support Vista in the near future??
>>>
>>> Sure. I know of atleast two different groups that have been working on
>>> Vista
>>
>> So I wonder where did we get the structure information on Windows
>> from? (file vtypes.py). And how hard it is to have those data for
>> Vista & Windows 7??
>>
>> Thanks,
>> J
>> _______________________________________________
>> Vol-dev mailing list
>> Vol-dev at volatilityfoundation.org
>> http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev
>>
>
>


More information about the Vol-dev mailing list