Why does Process Explorer require debug symbols to show kernel memory limits?
Process Explorer (aka procexp) require debug symbols to show kernel memory limits and a library that provide API for reading them. As I found, the symbols for currently running kernel (ntoskrln*) only are required, and the variables MmSizeOfPagedPoolInBytes and MmSizeOfNonPagedPoolInBytes are read from it. It is possible to acquire them from the kernel directly.
So why the debug symbols are required? Do they contain some information that impossible to get from the OS itself?
Because Process Explorer needs to know where in kernel memory those variables are located and it can different between each version of windows so symbols are the correct way to get this location. Microsoft publish public symbols.
not all kernel information is easily access from User space.
- Determine the OS version, Linux and Windows from Powershell
- Privilege elevation in Windows with ansible
- How to check if a process is running or not in Batch Script
- Windows Semicolons in Path
- What is the default location for certificates created using "dotnet dev-certs https"
- create .bat file to clear apache logs
- How do I install pip on Windows?
- Gradle: Couldn't connect to Kotlin daemon on Windows
- Having trouble installing GDAL for Python on Windows
- How to find and delete a file with CMD command?
- Start menu folder created by Inno Setup is not showing
- Cursor disappearing inside text field
- How to use PGPASS file in Powershell to avoid password prompt?
- Why Bazel does not find Visual C++ Build Tools?
- How to change font (size/family) in PyScripter?
- Running the Microsoft Winsock Client and Server Code Sample
- django OSError: no library called "cairo" was found on windows
- while trying to create django-admin startproject :No module name django-admin
- Microsoft Detours - DetourUpdateThread?
- Difference between char * and LPSTR in windows
- How to detect if CMD is running as Administrator/has elevated privileges?
- Why does my batch script fail to execute Java program in a loop?
- Which API returns the message for NTSTATUS?
- How do I pass an absolute path to the adb command via git bash for windows?
- How to dynamically print exclamation mark from a variable while using Delayed Expansion and Loops in CMD?
- Can't call a Powershell script through the registry properly. A positional parameter cannot be found that accepts argument '$null'
- Enabling auto-completion in git bash on windows?
- How can I make a file trully immutable (non-deletable and read-only)?
- Console application closes immediately after opening in visual studio
- JAVA 1.6 in Eclipse IDE