Kayaker
February 19th, 2013, 00:26
Someone added a couple of interesting tools to the CRCETL recently (Thank You!) They're rather unique so I thought they deserved mention.
Both are from
http://ntinfo.biz/
The first, XNTSV, is a utility that displays detailed information about Windows system structures, both user and kernel, for running processes. You can traverse linked structures, read the values, create and save prototypes, etc. A lot easier than working with a bunch of cryptic Windbg commands to accomplish the same thing.
The second, PDBRipper, does what it says, extract structure/enum/type information from PDB files.
Both fun to play with if you're into that kind of thing.
http://www.woodmann.com/collaborative/tools/XNTSV
http://www.woodmann.com/collaborative/tools/PDBRipper
Both are from
http://ntinfo.biz/
The first, XNTSV, is a utility that displays detailed information about Windows system structures, both user and kernel, for running processes. You can traverse linked structures, read the values, create and save prototypes, etc. A lot easier than working with a bunch of cryptic Windbg commands to accomplish the same thing.
The second, PDBRipper, does what it says, extract structure/enum/type information from PDB files.
Both fun to play with if you're into that kind of thing.
http://www.woodmann.com/collaborative/tools/XNTSV
http://www.woodmann.com/collaborative/tools/PDBRipper