[Vol-dev] A doubt about vista_sp0_x86_vtypes.py
vjaviergarcia at ono.com
Wed Jan 26 12:25:49 CST 2011
The current Vista profile is working well, it was just a doubt
El 20/01/2011 7:37, AAron Walters escribió:
> I would guess that is the file that Bradley was interested in when he
> generated the profile. If you would prefer to use types from
> ntkrpamp.pdb, please feel free. With all the changes in the upcoming
> 1.4, adding new types and profiles has become a lot easier. Hopefully
> you will also decide to submit them back and assist with Vista testing.
> Have you run into problems with the current profile? Is it not working?
> On Wed, 19 Jan 2011, neofito wrote:
>> From "Windows Internals, Fifth Edition":
>> On 32-bit x86 systems, the flag in the page table entry to mark a
>> page as nonexecutable is available only when processor is running in
>> Physical Address Extension (PAE) mode. Thus, support for hardware DEP
>> on 32-bit systems requires loading the PAE kernel
>> Why the file used is ntkrnlmp.pdb instead of ntkrpamp.pdb?
>> La verdad nos hara libres
>> Vol-dev mailing list
>> Vol-dev at volatilityfoundation.org
> Se certifico que el correo no contiene virus.
> Comprobada por AVG - www.avg.es
> Version: 10.0.1191 / Base de datos de virus: 1435/3392 - Fecha de la
> version: 20/01/2011
More information about the Vol-dev