formatPE icon indicating copy to clipboard operation
formatPE copied to clipboard
verified publisher icon HoShiMin

how do i use this in the kernel

Open PenguuDev opened this issue 9 months ago • 4 comments

so im making a general purpose game hacking driver and as of i right now i can find symbols like KiServiceTable, ZwTerminateProcess but i mostly need a way to get struct member offsets can you please help me?

PenguuDev avatar Mar 29 '25 16:03 PenguuDev

But there is an example in README on the main page that exactly does what you want: it parses _EPROCESS in that example.

HoShiMin avatar Mar 29 '25 21:03 HoShiMin

yeah well the files it uses are not supported in the kernel std::string, std::wstring and more are not supported in the kernel. It seems to also use dbghelp

PenguuDev avatar Apr 07 '25 10:04 PenguuDev

Ah, no-no, that's about a PE parser, not about PDB's!
You can use that PDB parser in usermode only.

The best approach is to parse all necessary data from your loader, place all offsets to registry and read them from your driver.

HoShiMin avatar Apr 07 '25 21:04 HoShiMin

thanks for the help i found another library i can insteant use which does what i was looking for. thanks for the help i might do it tho sometime

PenguuDev avatar Apr 17 '25 14:04 PenguuDev