NTOSKrnlWalker - Interactive Kernel ROP walker
Check out our Technical Training Courses on Windows Kernel Exploitation
---
An interactive C++ console tool that uses dbghelp and pulls the PDB symbols from Microsoft for ntoskrnl.exe.
Resolve kernel offsets, dump struct layouts, and scan the mapped nt image for gadgets (address ? text and text ? address). Voila!
Why this tool: It saves you time and helps you build gadgets, get offsets, and navigate kernel structures for your target build much easier/faster.
Typically, you would use a workflow like this: Vergilius Project + WinDBG (target/debugger) + rp-win (or an alternative) + MS symbols.
So I decided to save myself some time in the future.
Sharing is caring, so here you go: https://github.com/jsacco/ntoskrnlwalker/tree/main
![Windows Kernel Exploitation [Training]](http://www.exploitpack.com/cdn/shop/files/ChatGPTImage2okt2025_12_00_58.png?v=1759399273&width=533)
![Vulnerability Hunting [Training]](http://www.exploitpack.com/cdn/shop/files/37f310f4-4842-40b7-8343-67ca71955d13.png?v=1764242314&width=533)