AndreyBazhan / Symstore
The history of Windows Internals via symbols.
Stars: ✭ 133
Projects that are alternatives of or similar to Symstore
U Root
A fully Go userland with Linux bootloaders! u-root can create a one-binary root file system (initramfs) containing a busybox-like set of tools written in Go.
Stars: ✭ 1,816 (+1265.41%)
Mutual labels: kernel
Bsodsurvivor
This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!
Stars: ✭ 122 (-8.27%)
Mutual labels: kernel
Diosix
A lightweight, secure, multiprocessor bare-metal hypervisor written in Rust for RISC-V
Stars: ✭ 116 (-12.78%)
Mutual labels: kernel
Inspector
The Inspector tool is a privilege escalation helper (PoC), easy to deployed on web server, this tool can list process running with root, check kernel version, check history file, get possible exploit ...
Stars: ✭ 119 (-10.53%)
Mutual labels: kernel
M5p01 muprokaron
A tiny real-time kernel focusing on formal reliability and simplicity.
Stars: ✭ 132 (-0.75%)
Mutual labels: kernel
Uc Os2
µC/OS-II is a preemptive, highly portable, and scalable real-time kernels. Designed for ease of use on a huge number of CPU architectures.
Stars: ✭ 120 (-9.77%)
Mutual labels: kernel
Raspberry Pi Os
Learning operating system development using Linux kernel and Raspberry Pi
Stars: ✭ 11,000 (+8170.68%)
Mutual labels: kernel
Proton Clang
Proton Clang toolchains builds in the form of a continuously updating Git repository. Clone with --depth=1.
Stars: ✭ 126 (-5.26%)
Mutual labels: kernel
Sassykitdi
Kernel Mode TCP Sockets + LSASS Dump (Rust Shellcode)
Stars: ✭ 115 (-13.53%)
Mutual labels: kernel
Blizzard Jailbreak
An Open-Source iOS 11.0 -> 11.4.1 (soon iOS 13) Jailbreak, made for teaching purposes.
Stars: ✭ 130 (-2.26%)
Mutual labels: kernel
Aura Operating System
AuraOS, the Franco-English Operating System developed in C# using Cosmos!
Stars: ✭ 111 (-16.54%)
Mutual labels: kernel
Djy Oneplus6 Or Oneplus6t Nethunter Andrax Kernel
DJY Nethunter And Andrax Kernel Oneplus6-Oneplus6T
Stars: ✭ 132 (-0.75%)
Mutual labels: kernel
SymStore
This repository contains header files with structures, unions, enums, global variables and functions names from the symbol files for the core Windows operating system components, and tools to help get and compare the files.
Note: Because there is no correct way to get information about nested unnamed structures and unions, some structures and unions are not the exact copy of the original.
How to install tools
Symbols Explorer
- Download Symbols Explorer.
- Copy SymExp.exe to a Debugging Tools for Windows folder. For example: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64.
Tools
- Copy SymStore folder from the Tools folder to "C:\Users\%UserName%\Documents\WindowsPowerShell\Modules".
- Copy Diff.bat from the Tools folder to "C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\SendTo".
- Install Visual Studio Editor.
Copy-Item -Path SymStore -Destination "C:\Users\$env:UserName\Documents\WindowsPowerShell\Modules" -Recurse
Copy-Item -Path Diff.bat -Destination "C:\Users\$env:UserName\AppData\Roaming\Microsoft\Windows\SendTo"
How to compare header files
- Select two header files.
- Right click on the first file and then select "Send To->Diff" from the context menu.
How to download symbol and image files
Get-Symbols -FilePath "C:\SymStore\Manifest.txt" -Destination "C:\SymStore\Symbols"
Note: Unfortunately, some symbol and image files are missing from the Microsoft symbol server and some image files are stored with original name and SymChk from Debugging Tools for Windows is not able to download those image files.
How to store image files by version
Add-ImageFile -FilePath "C:\SymStore\Symbols\ntoskrnl.exe\a45bf00aa6f000\ntoskrnl.exe" -Destination "C:\SymStore\Binaries"
Add-ImageFiles -Path "C:\SymStore\Symbols" -Destination "C:\SymStore\Binaries" -Recurse
Add-ImageFiles -Path "C:\SymStore\Symbols" -Destination "C:\SymStore\Binaries" -Include *.exe -Recurse
Add-ImageFiles -Path "C:\SymStore\Symbols" -Destination "C:\SymStore\Binaries" -Include hal*.dll -Recurse
How to get header files
New-HeaderFile -FilePath "C:\SymStore\Binaries\ntoskrnl.exe\10.0.17763.316\x64\ntoskrnl.exe" -Destination "C:\SymStore\Include\ntoskrnl.exe"
New-HeaderFiles -Path "C:\SymStore\Binaries" -Destination "C:\SymStore\Include\ntoskrnl.exe" -Include nt*.exe -Recurse
New-HeaderFiles -Path "C:\SymStore\Binaries" -Destination "C:\SymStore\Include\ntdll.dll" -Include ntdll.dll -Recurse
New-HeaderFiles -Path "C:\SymStore\Binaries" -Destination "C:\SymStore\Include\hal.dll" -Include hal*.dll -Recurse
How to update SymStore
$StorePath = "C:\SymStore"
$Files = "C:\ImageFiles\19042.508.200927-1902.20h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso",
"C:\ImageFiles\19042.508.200927-1902.20h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x86FRE_en-us.iso"
$RelativePath = "Windows\System32"
$Include = "ntoskrnl.exe", "ntdll.dll"
$Files | % { Update-SymStore -StorePath $StorePath -ImagePath $_ -RelativePath $RelativePath -Include $Include }
$StorePath = "C:\SymStore"
$Files =
@{
ImagePath = "C:\ImageFiles\19042.508.200927-1902.20h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso"
PackagePath = "C:\Packages\windows10.0-kb4586853-x64_9c181d397b4b5d320af7e6f385ebc4bba693a95c.msu",
"C:\Packages\windows10.0-kb4592438-x64_b6914251264f8f973c3f82f99b894935f33c38e6.msu"
},
@{
ImagePath = "C:\ImageFiles\19042.508.200927-1902.20h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x86FRE_en-us.iso"
PackagePath = "C:\Packages\windows10.0-kb4586853-x86_0468c67fa7cdd1262da75bd97a9f8daac3a4f7c2.msu",
"C:\Packages\windows10.0-kb4592438-x86_95758bd6e2c3a4a98a19efaa4056213531f84f5c.msu"
}
$RelativePath = "Windows\System32"
$Include = "ntoskrnl.exe", "ntdll.dll"
$Files | % { Update-SymStore -StorePath $StorePath -ImagePath $_.ImagePath -PackagePath $_.PackagePath -RelativePath $RelativePath -Include $Include }
How to update manifest file
$SymStore = "C:\SymStore"
Remove-Item -Path "$SymStore\Manifest.txt"
symchk.exe "$SymStore\Binaries" /r /om "$SymStore\Manifest.txt" /ob /od /os
Windows Version Information
| Version | Name |
|---|---|
| 5.0.2195.7376 | Windows 2000 SP4 |
| 5.1.2600.0 | Windows XP |
| 5.1.2600.1106 | Windows XP SP11 |
| 5.1.2600.2180 | Windows XP SP2 |
| 5.1.2600.6419 | Windows XP SP3 |
| 5.2.3790.0 | Windows Server 20031 |
| 5.2.3790.1830 | Windows Server 2003 SP1 |
| 5.2.3790.3959 | Windows Server 2003 SP2 |
| 6.0.6000.16386 | Windows Vista |
| 6.0.6001.18000 | Windows Vista SP1 |
| 6.0.6002.18005 | Windows Vista SP2 |
| 6.1.7600.16385 | Windows 7 |
| 6.1.7601.17514 | Windows 7 SP1 |
| 6.2.9200.16384 | Windows 8 |
| 6.3.9600.16384 | Windows 8.1 |
| 6.3.9600.17031 | Windows 8.1 Update |
| 10.0.10240.16384 | Windows 10 1507 |
| 10.0.10586.0 | Windows 10 1511 |
| 10.0.14393.0 | Windows 10 1607 |
| 10.0.15063.0 | Windows 10 1703 |
| 10.0.16299.15 | Windows 10 1709 |
| 10.0.17134.1 | Windows 10 1803 |
| 10.0.17763.1 | Windows 10 1809 |
| 10.0.18362.1 | Windows 10 1903 |
| 10.0.18362.418 | Windows 10 19092 |
| 10.0.19041.264 | Windows 10 20043 |
| 10.0.19041.508 | Windows 10 20H2 |
1 Header files are not present because there are no symbol files on the Microsoft symbol server.
2 Windows 10, versions 1903 and 1909 share a common core operating system and an identical set of system files.
3 64-bit version of ntoskrnl.exe contains implementation of hal.dll.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].