Created
May 7, 2015 08:28
-
-
Save hacksysteam/51e1836037f31a092512 to your computer and use it in GitHub Desktop.
Token Stealing Using WinDBG
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kd> dt nt!_EPROCESS 0x8570b5e8 | |
+0x000 Pcb : _KPROCESS | |
+0x098 ProcessLock : _EX_PUSH_LOCK | |
. . . | |
+0x0f4 ObjectTable : 0x953b8570 _HANDLE_TABLE | |
+0x0f8 Token : _EX_FAST_REF | |
+0x0fc WorkingSetPage : 0xb2b3 | |
+0x100 AddressCreationLock : _EX_PUSH_LOCK | |
. . . |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment