Wednesday 2 July 2014

Using !kuser to find _KUSER_SHARED_DATA

The _KUSER_SHARED_DATA structure contains some interesting information related to the currently logged on user, we can obtain the address of this data structure by using the !kuser extension in WinDbg. Most of the fields aren't officially documented from what I can find, but you should be easily be able to work out what they mean from their names.



Using the address with the _KUSER_SHARED_DATA will provide the following (omitted structure):


There is some debugging bit fields within this structure, so you can check what debugging features have been enabled for that user. It also contains some basic system information.

Additional Reading:

The System Call Dispatcher on x86

struct KUSER_SHARED_DATA




2 comments:

  1. Great post as always Harry :)

    ReplyDelete
  2. We offer most reliable and high-quality myassignmenthelp in Australia with customized solutions helping you and provide best assignment every time. you'll get top quality assignment help in any subject like marketing, business management, programming, nursing, law, accounting, finance, engineering, etc. Our in-house team of subject-specific specialists are available for your last minute assignment writing needs also. you'll come back to us with urgent delivery necessities and that we can guarantee a custom service delivered well in time at a very reasonable price.

    ReplyDelete