def Initialize(cls, profile):
super(Ntoskrnl, cls).Initialize(profile)
# Add undocumented types.
profile.add_enums(**undocumented.ENUMS)
if profile.metadata("arch") == "AMD64":
profile.add_overlay(undocumented.AMD64)
elif profile.metadata("arch") == "I386":
profile.add_overlay(undocumented.I386)
# Detect if this is a PAE system. PAE systems have 64 bit PTEs:
if profile.get_obj_size("_MMPTE") == 8:
profile.set_metadata("pae", True)
# Install the base windows support.
common.InitializeWindowsProfile(profile)
crashdump.InstallKDDebuggerProfile(profile)
# Get the windows version of this profile.
version = cls.GuessVersion(profile)
if version in ("6.2", "6.3"):
win8.InitializeWindows8Profile(profile)
elif version == "6.1":
win7.InitializeWindows7Profile(profile)
elif version == "6.0":
vista.InitializeVistaProfile(profile)
elif version in ("5.2", "5.1"):
xp.InitializeXPProfile(profile)
def Initialize(cls, profile):
super(Ntoskrnl, cls).Initialize(profile)
profile.add_enums(**undocumented.ENUMS)
if profile.metadata("arch") == "AMD64":
profile.add_overlay(undocumented.AMD64)
elif profile.metadata("arch") == "I386":
profile.add_overlay(undocumented.I386)
# Detect if this is a PAE system. PAE systems have 64 bit PTEs:
if profile.get_obj_size("_MMPTE") == 8:
profile.set_metadata("pae", True)
# Install the base windows support.
common.InitializeWindowsProfile(profile)
crashdump.InstallKDDebuggerProfile(profile)
tokens.InitializeTokenProfiles(profile)
heap.InitializeHeapProfile(profile)
# Get the windows version of this profile.
version = cls.GuessVersion(profile)
if 10 <= version:
win10.InitializeWindows10Profile(profile)
elif 6.2 <= version < 10:
win8.InitializeWindows8Profile(profile)
elif version == 6.1:
win7.InitializeWindows7Profile(profile)
elif version == 6.0:
vista.InitializeVistaProfile(profile)
elif 5.1 <= version <= 5.2:
xp.InitializeXPProfile(profile)
def Initialize(cls, profile):
super(cls, Ntdll).Initialize(profile)
InitializeHeapProfile(profile)
common.InitializeWindowsProfile(profile)
