xntsv 3.01

XNTSV program for detailed viewing of system structures in Windows.

During process creation in Windows, special system structures appear in the system such as:

PEB

TEB *

PEB_LDR_DATA

LDR_DATA_TABLE_ENTRY

RTL_USER_PROCESS_PARAMETERS

EPROCESS etc.

The list of different structures is large and specific for each version of the operating system.

You could easily add your oun structs (Edit structs/ARCH/custom.json)

Officially it is not fully documented and change in different Windows versions.

This program shows complete information about these structures. It can be useful for researchers of Windows internals, as well as creators of software protection.

The program supports now:

Windows 7

Windows 7 SP1

Windows 8

Windows 8.1

Windows Server 2016

Windows Server 2019

Windows 10 (all builds)

Windows 11 (build 22000)

The program does not support now Windows 2000,XP and Vista. If you need structs for these OS use old versions of XNTSV.

The program supports now kernel mode. But you need sign driver with valid driver cert or use test cert. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/how-to-test-sign-a-driver-package

Download: https://github.com/horsicq/xntsv/releases

How to run: https://github.com/horsicq/xntsv/blob/master/docs/RUN.md

How to build: https://github.com/horsicq/xntsv/blob/master/docs/BUILD.md

Changelog: https://github.com/horsicq/xntsv/blob/master/changelog.txt

[培训]《安卓高级研修班(网课)》月薪三万计划，掌 握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法