Skip to content

tinysec/rtypes

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
doc
doc
 
 
include
include
 
 
scripts
scripts
 
 
src
src
 
 
.drone.yml
.drone.yml
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
clean.bat
clean.bat
 
 
ddkbuild.cmd
ddkbuild.cmd
 
 
dirs
dirs
 
 

Repository files navigation

Windows Reversed Types.

A simple but useful project maybe help you reverse Windows.

This project include header files that contain undocuments types can be compiled by both WDK , IDAPro , BinaryNinja.

1. Use for develop

Just copy header files in the include directory.

2. Use for IDAPro & Binary Ninja

Just Parse header files in the include directory.

3. Use for online debugging.

Install ktypes.sys at target guest virtual machine and setup a kernel debugger at host machine to debug it.

4. Use for offline debugging

Start windbg at host machine and debug utypes.exe , it will auto break into the debugger.

Now you can use windbg to display any undocuments types.
tagWND.png

5. Warning

  1. If there is no special instructions, the type definition is reverse-engineered on the latest stable version of Windows 10 x64 & Windows 11 x64.

  2. When this types applied to other versions, some type definitions may need to be adjusted.

  3. Microsoft owns the full copyright of Windows.

  4. Reverse engineering of these structures is only for research and learning purposes.

  5. This project does not bear any legal responsibility and I am reserves the right of final interpretation.

About

A simple but useful project maybe help you reverse Windows.

Topics

windows reverse-engineering windbg idapro binaryninja

Resources

Readme

License

GPL-3.0 license
Activity

Stars

30 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages