From Collaborative RCE Tool Library

Jump to: navigation, search

SymbolFinder

Tool name: SymbolFinder
Rating: 0.0 (0 votes)
Author: deroko of ARTeam                        
Website: http://www.woodmann.com/forum/showthread.php?t=11917
Current version:
Last updated: July 19, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: This small program is designed to locate structs, enums, and symbols from ntoskrnl.exe, and guess what, it's OPEN SOURCE!!!

Googling for some samples of symbol listers is kinda hard, as there is no any open source symbol lister availalbe (or I couldn't find it), so here is source code which might help ppl to figure how to deal with symbols...

Program only tries to locate ntosknrl.exe/ntkrnlpa.exe/ntkrnlmp.exe and loads proper symbols for running kernel, this is required as when you specify -a option, it will give you symbols name and it's address in used(running) kernel.


Usage:

SymbolFinder.exe <name_of_struct or enum_type>
SymbolFinder.exe -s - list all structures from ntos pdb file
SymbolFinder.exe -e - list all enums from ntos pdb file
SymbolFinder.exe -a - list all symbols with addresses in running ntos
Related URLs: No related URLs have been submitted for this tool yet


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Needs New Category  (3)