def Initialize(cls, profile):
super(Ntoskrnl, cls).Initialize(profile)
# Add undocumented types.
profile.add_enums(**undocumented.ENUMS)
if profile.metadata("arch") == "AMD64":
profile.add_overlay(undocumented.AMD64)
elif profile.metadata("arch") == "I386":
profile.add_overlay(undocumented.I386)
# Detect if this is a PAE system. PAE systems have 64 bit PTEs:
if profile.get_obj_size("_MMPTE") == 8:
profile.set_metadata("pae", True)
# Install the base windows support.
common.InitializeWindowsProfile(profile)
crashdump.InstallKDDebuggerProfile(profile)
# Get the windows version of this profile.
version = cls.GuessVersion(profile)
if version in ("6.2", "6.3"):
win8.InitializeWindows8Profile(profile)
elif version == "6.1":
win7.InitializeWindows7Profile(profile)
elif version == "6.0":
vista.InitializeVistaProfile(profile)
elif version in ("5.2", "5.1"):
xp.InitializeXPProfile(profile)
def InitializeWindows10Profile(profile):
"""Initialize windows 10 profiles."""
win8.InitializeWindows8Profile(profile)
profile.add_overlay(win10_overlays)
if profile.metadata("arch") == "AMD64":
profile.add_overlay(win10_undocumented_amd64)
profile.add_classes(dict(
_HANDLE_TABLE=_HANDLE_TABLE_WIN10
))
else:
profile.add_overlay(win10_undocumented_i386)
# Older Win10 releases include SystemNodeInformation inside
# _MI_SYSTEM_INFORMATION
if not profile.has_type("_MI_HARDWARE_STATE"):
profile.add_overlay({
"_MI_SYSTEM_INFORMATION": [None, {
"SystemNodeInformation": [None, ["Pointer", dict(
target="Array",
target_args=dict(
target="_MI_SYSTEM_NODE_INFORMATION",
count=lambda x: x.obj_profile.get_constant_object(
"KeNumberNodes", "unsigned int").v(),
)
)]],
}],
})
def InitializeWindows10Profile(profile):
"""Initialize windows 10 profiles."""
win8.InitializeWindows8Profile(profile)
profile.add_overlay(win10_overlays)
if profile.metadata("arch") == "AMD64":
profile.add_overlay(win10_undocumented_amd64)
else:
profile.add_overlay(win10_undocumented_i386)
def Initialize(cls, profile):
super(Ntoskrnl, cls).Initialize(profile)
profile.add_enums(**undocumented.ENUMS)
if profile.metadata("arch") == "AMD64":
profile.add_overlay(undocumented.AMD64)
elif profile.metadata("arch") == "I386":
profile.add_overlay(undocumented.I386)
# Detect if this is a PAE system. PAE systems have 64 bit PTEs:
if profile.get_obj_size("_MMPTE") == 8:
profile.set_metadata("pae", True)
# Install the base windows support.
common.InitializeWindowsProfile(profile)
crashdump.InstallKDDebuggerProfile(profile)
tokens.InitializeTokenProfiles(profile)
heap.InitializeHeapProfile(profile)
# Get the windows version of this profile.
version = cls.GuessVersion(profile)
if 10 <= version:
win10.InitializeWindows10Profile(profile)
elif 6.2 <= version < 10:
win8.InitializeWindows8Profile(profile)
elif version == 6.1:
win7.InitializeWindows7Profile(profile)
elif version == 6.0:
vista.InitializeVistaProfile(profile)
elif 5.1 <= version <= 5.2:
xp.InitializeXPProfile(profile)