daaximus
/ working_set_peb_search.cpp
Last active
July 26, 2025 08:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // author: daax | |
| // 0x4a65 = 19045 (windows version) | |
| int main() | |
| { | |
| PSAPI_WORKING_SET_INFORMATION* w = ( PSAPI_WORKING_SET_INFORMATION* ) malloc( 1 << 20 ); | |
| QueryWorkingSet( GetCurrentProcess(), w, 1 << 20 ); | |
| for ( u32 i = 0; i < w->NumberOfEntries; i++ ) | |
| if ( ( w->WorkingSetInfo[ i ].Flags & 31 ) == 4 ) | |
| for ( u8* p = ( u8* ) ( ( w->WorkingSetInfo[ i ].Flags >> 12 ) << 12 ), |
daaximus
/ symcache.ps1
Created
September 1, 2025 14:06
symcache - recurse and dump all windbg symbols for a given directory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # probably exists in a better form; but script is useful for caching OS modules based on major OS version/build and file | |
| # hash. intended to make life easier, ymmv. | |
| # | |
| # .\symcache.ps1 -src "C:\Windows\System32\drivers" -dst "X:\Windows\drivers" | |
| # ^^ This will copy and organize the bins in the subdirectory and recurse through all subdirectories, and then download | |
| # the symbols if they are available. | |
| # | |
| # - daax | |
| param( |
OlderNewer