def get_ntkrnl_obj(kernel_file):
robj = r2wrapper.R2Wrapper(kernel_file)
ntbuildnumber = bytes_to_int(robj.read_bytes('sym.ntoskrnl.exe_NtBuildNumber', 2))
kpti = False
try:
_ = robj.read_bytes('pdb.KiKvaShadow', 1)
kpti = True
except:
pass
sf = r2structs.StructFactory(robj)
return CamiNtoskrnl(robj, sf, ntbuildnumber, kpti, robj.info.bin.bits == 64)
def get_ntdll_obj(ntdll_file):
robj = r2wrapper.R2Wrapper(ntdll_file)
return CamiNtdll(robj, robj.info.bin.bits)