From Collaborative RCE Tool Library
SymbolFinder
| Tool name: | SymbolFinder |
|
||
|---|---|---|---|---|
| Author: | deroko of ARTeam | |||
| Website: | http://www.woodmann.com/forum/showthread.php?t=11917 | |||
| Current version: | ||||
| Last updated: | July 19, 2008 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | This small program is designed to locate structs, enums, and symbols from ntoskrnl.exe, and guess what, it's OPEN SOURCE!!! Googling for some samples of symbol listers is kinda hard, as there is no any open source symbol lister availalbe (or I couldn't find it), so here is source code which might help ppl to figure how to deal with symbols... Program only tries to locate ntosknrl.exe/ntkrnlpa.exe/ntkrnlmp.exe and loads proper symbols for running kernel, this is required as when you specify -a option, it will give you symbols name and it's address in used(running) kernel. Usage: SymbolFinder.exe <name_of_struct or enum_type> SymbolFinder.exe -s - list all structures from ntos pdb file SymbolFinder.exe -e - list all enums from ntos pdb file SymbolFinder.exe -a - list all symbols with addresses in running ntos |
|||
| Related URLs: | No related URLs have been submitted for this tool yet | |||
Feed containing all updates for this tool.
(please also edit it if you think it fits well in some additional category, since this can also be controlled)
You are welcome to add your own useful notes about this tool, for others to see!