75 lines
1.2 KiB
Plaintext
75 lines
1.2 KiB
Plaintext
[OS64]
|
|
heap_address = 0x500000000
|
|
heap_size = 0x5000000
|
|
stack_address = 0x7ffffffde000
|
|
stack_size = 0x40000
|
|
image_address = 0x400000
|
|
dll_address = 0x7ffff0000000
|
|
entry_point = 0x140000000
|
|
# KI_USER_SHARED_DATA = 0xfffff78000000000
|
|
KI_USER_SHARED_DATA = 0x7ffe0000
|
|
|
|
[OS32]
|
|
heap_address = 0x5000000
|
|
heap_size = 0x5000000
|
|
stack_address = 0xfffdd000
|
|
stack_size = 0x21000
|
|
image_address = 0x400000
|
|
dll_address = 0x10000000
|
|
entry_point = 0x40000
|
|
# KI_USER_SHARED_DATA = 0xffdf0000
|
|
KI_USER_SHARED_DATA = 0x7ffe0000
|
|
|
|
[CODE]
|
|
# ram_size 0xa00000 is 10MB
|
|
ram_size = 0xa00000
|
|
entry_point = 0x1000000
|
|
|
|
[KERNEL]
|
|
pid = 1996
|
|
parent_pid = 0
|
|
shell_pid = 10
|
|
|
|
[MISC]
|
|
current_path = C:\
|
|
|
|
[SYSTEM]
|
|
# Major Minor ProductType
|
|
majorVersion = 10
|
|
minorVersion = 0
|
|
productType = 1
|
|
language = 1093
|
|
VER_SERVICEPACKMAJOR = 0
|
|
computername = qilingpc
|
|
permission = root
|
|
|
|
[PROCESSES]
|
|
# process active in our env -> pid
|
|
csrss.exe = 1239
|
|
|
|
[USER]
|
|
username = Qiling
|
|
language = 1093
|
|
|
|
[PATH]
|
|
systemdrive = C:\
|
|
windir = Windows
|
|
|
|
[REGISTRY]
|
|
registry_diff = registry_diff.json
|
|
|
|
[HARDWARE]
|
|
number_processors = 5
|
|
|
|
[VOLUME]
|
|
name = Volume1
|
|
serial_number = 3224010732
|
|
type = NTFS
|
|
sectors_per_cluster = 10
|
|
bytes_per_sector = 512
|
|
number_of_free_clusters = 12345
|
|
number_of_clusters = 65536
|
|
|
|
[NETWORK]
|
|
dns_response_ip = 10.20.30.40
|