XNTSV program for detailed viewing of system structures in Windows.
During process creation in Windows, special system structures appear in the system such as:
PEB
TEB *
PEB_LDR_DATA
LDR_DATA_TABLE_ENTRY
RTL_USER_PROCESS_PARAMETERS
EPROCESS etc.
The list of different structures is large and specific for each version of the operating system.
You could easily add your oun structs (Edit structs/ARCH/custom.json)
Officially it is not fully documented and change in different Windows versions.
This program shows complete information about these structures. It can be useful for researchers of Windows internals, as well as creators of software protection.
The program supports now:
Windows 7
Windows 7 SP1
Windows 8
Windows 8.1
Windows Server 2016
Windows Server 2019
Windows 10 (all builds)
Windows 11 (build 22000)
The program does not support now Windows 2000,XP and Vista. If you need structs for these OS use old versions of XNTSV.
The program supports now kernel mode. But you need sign driver with valid driver cert or use test cert. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/how-to-test-sign-a-driver-package
