[Vol-dev] A doubt about vista_sp0_x86_vtypes.py

neofito vjaviergarcia at ono.com
Wed Jan 26 12:25:49 CST 2011


The current Vista profile is working well, it was just a doubt

Thanks


El 20/01/2011 7:37, AAron Walters escribió:
>
>
> neofito,
>
> I would guess that is the file that Bradley was interested in when he 
> generated the profile.  If you would prefer to use types from 
> ntkrpamp.pdb, please feel free. With all the changes in the upcoming 
> 1.4, adding new types and profiles has become a lot easier. Hopefully 
> you will also decide to submit them back and assist with Vista testing.
>
> Have you run into problems with the current profile?  Is it not working?
> Thanks,
>
> AW
>
>
>
>
> On Wed, 19 Jan 2011, neofito wrote:
>
>> Hello,
>>
>> From "Windows Internals, Fifth Edition":
>>
>> On 32-bit x86 systems, the flag in the page table entry to mark a 
>> page as nonexecutable is available only when processor is running in 
>> Physical Address Extension (PAE) mode. Thus, support for hardware DEP 
>> on 32-bit systems requires loading the PAE kernel
>>
>> Why the file used is ntkrnlmp.pdb instead of ntkrpamp.pdb?
>>
>> Thanks,
>> ---
>> La verdad nos hara libres
>>
>> http://neosysforensics.blogspot.com
>> http://www.wadalbertia.org
>> -<|:-P[G]
>> _______________________________________________
>> Vol-dev mailing list
>> Vol-dev at volatilityfoundation.org
>> http://lists.volatilityfoundation.org/mailman/listinfo/vol-dev
>>
>
>
> -----
> Se certifico que el correo no contiene virus.
> Comprobada por AVG - www.avg.es
> Version: 10.0.1191 / Base de datos de virus: 1435/3392 - Fecha de la 
> version: 20/01/2011
>
>



More information about the Vol-dev mailing list