[Vol-dev] A doubt about vista_sp0_x86_vtypes.py

neofito vjaviergarcia at ono.com
Wed Jan 19 16:42:37 CST 2011


Hello,

 From "Windows Internals, Fifth Edition":

On 32-bit x86 systems, the flag in the page table entry to mark a page 
as nonexecutable is available only when processor is running in Physical 
Address Extension (PAE) mode. Thus, support for hardware DEP on 32-bit 
systems requires loading the PAE kernel

Why the file used is ntkrnlmp.pdb instead of ntkrpamp.pdb?

Thanks,
---
La verdad nos hara libres

http://neosysforensics.blogspot.com
http://www.wadalbertia.org
-<|:-P[G]


More information about the Vol-dev mailing list