You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
load kernel syms:
|
|
.sympath srv*https://msdl.microsoft.com/download/symbols
|
|
.reload /f
|
|
|
|
get eprocess of a proc:
|
|
!process 0 0
|
|
or
|
|
!process calc.exe
|
|
then
|
|
dt nt!_EPROCESS <address>
|
|
|
|
vtop:
|
|
!vtop PFN VirtualAddress
|
|
!vtop 0 VirtualAddress
|