Shofel2_T124_python/venv/lib/python3.10/site-packages/qiling/profiles/windows.ql

75 lines
1.2 KiB
Plaintext
Raw Normal View History

2024-05-25 16:45:07 +00:00
[OS64]
heap_address = 0x500000000
heap_size = 0x5000000
stack_address = 0x7ffffffde000
stack_size = 0x40000
image_address = 0x400000
dll_address = 0x7ffff0000000
entry_point = 0x140000000
# KI_USER_SHARED_DATA = 0xfffff78000000000
KI_USER_SHARED_DATA = 0x7ffe0000
[OS32]
heap_address = 0x5000000
heap_size = 0x5000000
stack_address = 0xfffdd000
stack_size = 0x21000
image_address = 0x400000
dll_address = 0x10000000
entry_point = 0x40000
# KI_USER_SHARED_DATA = 0xffdf0000
KI_USER_SHARED_DATA = 0x7ffe0000
[CODE]
# ram_size 0xa00000 is 10MB
ram_size = 0xa00000
entry_point = 0x1000000
[KERNEL]
pid = 1996
parent_pid = 0
shell_pid = 10
[MISC]
current_path = C:\
[SYSTEM]
# Major Minor ProductType
majorVersion = 10
minorVersion = 0
productType = 1
language = 1093
VER_SERVICEPACKMAJOR = 0
computername = qilingpc
permission = root
[PROCESSES]
# process active in our env -> pid
csrss.exe = 1239
[USER]
username = Qiling
language = 1093
[PATH]
systemdrive = C:\
windir = Windows
[REGISTRY]
registry_diff = registry_diff.json
[HARDWARE]
number_processors = 5
[VOLUME]
name = Volume1
serial_number = 3224010732
type = NTFS
sectors_per_cluster = 10
bytes_per_sector = 512
number_of_free_clusters = 12345
number_of_clusters = 65536
[NETWORK]
dns_response_ip = 10.20.30.40