A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about kernel-mode development.
 #20230  by EP_X0FF
 Sat Jul 27, 2013 6:22 am
p4r4n0id wrote:Any chance to have it as well for win32k.sys file?
Which particular structure/declaration you are looking for? I'm afraid even in PDB files there not so many useful info regarding win32k.
 #20822  by rkhunter
 Fri Sep 13, 2013 2:37 pm
Windows 8.1 RTM (ntoskrnl 6.3.9600.16384 symbols)
.h + .idc in attach
You do not have the required permissions to view the files attached to this post.
 #24035  by rkhunter
 Thu Oct 02, 2014 3:17 pm
Windows 10 TP (ntoskrnl 6.4.9841.0 symbols)
.h file in attach
You do not have the required permissions to view the files attached to this post.
 #25757  by rkhunter
 Thu Apr 30, 2015 10:42 am
ntoskrnl 10.0.10074.1 types & structures (header file) .
You do not have the required permissions to view the files attached to this post.
 #28265  by rkhunter
 Sun Apr 10, 2016 5:27 pm
[10.0.14316] ntoskrnl + ntdll + hal types & structures
You do not have the required permissions to view the files attached to this post.
 #30059  by rkhunter
 Thu Mar 02, 2017 10:34 am
Windows 10 Redstone 1 (1607) ntoskrnl (10.0.14393.693) pdb + extracted structures.
You do not have the required permissions to view the files attached to this post.
 #30489  by rkhunter
 Wed Jun 21, 2017 10:30 am
Windows 10 Redstone 2 (1703) ntoskrnl (10.0.15063.413) pdb + extracted structures.
You do not have the required permissions to view the files attached to this post.
 #30928  by rkhunter
 Fri Oct 20, 2017 7:30 pm
Windows 10 Redstone 3 (1709) ntoskrnl (10.0.16299.15) pdb + extracted structures.
You do not have the required permissions to view the files attached to this post.