[request] Windows modules and symbols

#1857 by Alex
Sun Aug 08, 2010 7:24 pm

I'd like to ask you guys for uploading (rs, megaupload, hotfile, ...) few Windows modules from x86 Windows builds. If someone of you have also dumps of basic kernel structures like: KPROCESS/EPROCESS, KTHREAD/ETHREAD, TEB, PEB, OBJECT_TABLE, OBJECT_HEADER, OBJECT_TYPE, OBJECT_TYPE_INITIALIZER, ... and can upload them - it would be great!

I'm interested in such file as:

advapi32.dll
kernel32.dll
user32.dll
ntdll.dll

basesrv.dll
csrsrv.dll
winsrv.dll
csrss.exe
services.exe

ntoskrnl.exe
hal.dll
win32k.sys

Currently I have modules from Windows 2000 SP4 (5.0.2195.1), Windows XP SP1 (5.1.2600.0), Windows XP SP2 (5.1.2600.2180), Windows XP SP3 (5.1.2600.5938) and Windows 2003 SP1 (5.2.3790.1830). If you have access to other modules not mentioned here please upload them.

- Windows 2000 SP4
- Windows XP SP1
- Windows XP SP2
- Windows XP SP3
- Windows 2003 SP1

Thanks,
Alex

I am Jack's NULL pointer (actual e-mail contact.ntinternals_at_gmail.com)

Username

Alex

Posts

268

Joined

Sun Mar 07, 2010 11:34 am

Re: [request] Windows modules and symbols

#1859 by Eric_71
Sun Aug 08, 2010 11:39 pm

Hi Alex,

Windows modules from Vista sp2 x86 :

Windows Vista SP2

Regards,
Eric

Username

Eric_71

Posts

44

Joined

Sun Mar 14, 2010 9:25 am

Location

France

Re: [request] Windows modules and symbols

#1862 by EP_X0FF
Mon Aug 09, 2010 4:23 am

Windows 2003 SP2 == Windows 2003 SP1 (in most cases).
Windows Vista SP1 == Windows Vista SP2 (in most cases).

Some binaries from Windows 7
7600

kernel32.dll
user32.dll
win32k.sys
ntkrnlpa.exe
ntdll.dll
hal.dll

http://www.megaupload.com/?d=BEY64PZA

Windows 2003 no SP
5.2.3790.0 (srv03_rtm.030324-2048)
http://www.megaupload.com/?d=Y5TOKY8G

Windows Vista no SP
6.0.6000.16386 (vista_rtm.061101-2205)
http://www.megaupload.com/?d=UXTJN6HV

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: [request] Windows modules and symbols

#2200 by GamingMasteR
Mon Aug 23, 2010 5:37 am

Hi,

Anyone tried Windows 7 SP1 yet ?
Is there major changes in kernel structures ?

Username

GamingMasteR

Rank

Global Moderator

Posts

228

Joined

Sun Mar 07, 2010 10:52 am

Re: [request] Windows modules and symbols

#2201 by EP_X0FF
Mon Aug 23, 2010 6:01 am

EPROCESS/ETHREAD/OBJECT_TYPE/OBJECT_TYPE_INITIALIZER looks same :)

However it is beta.

Attachments

win32k.rar

(778 KiB) Downloaded 67 times

ntdll.rar

(434.31 KiB) Downloaded 32 times

halmacpi.rar

(74.39 KiB) Downloaded 30 times

ntkrnlmp.rar

(908.3 KiB) Downloaded 32 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: [request] Windows modules and symbols

#2203 by GamingMasteR
Mon Aug 23, 2010 6:45 am

Thanks alot EP_X0FF :)
Do you know if there's (shadow) service table changes ?

Username

GamingMasteR

Rank

Global Moderator

Posts

228

Joined

Sun Mar 07, 2010 10:52 am

Re: [request] Windows modules and symbols

#2204 by EP_X0FF
Mon Aug 23, 2010 7:18 am

It was reported that rku working OK on Windows 7 SP1 (well SR2 was designed with 7601 in mind), so I assume there no changes in shadow table :)

you can try SP1 from here
http://www.microsoft.com/downloads/deta ... 9b77cdfdda

7601.16562.100603-1800_Update_Sp_Wave0-B1SP1.0_DVD.iso
or windows6.1-KB976932-X86-INTL.exe

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact