The new version of Cerbero Suite is out with the following news:
+ added Carbon option to import PDB types into the project header
+ improved x86/x64 decompiler
– fixed bugs
The option in Carbon to import types into the header of a project when loading a PDB comes handy when a crash dump is associated to a structure.
In this case the BugCheck information tells us that at a specific address there’s an EPROCESS structure. By importing the types along with the symbols of ntoskrnl.exe, we import the correct EPROCESS structure to map onto memory.
Of course, Cerbero Suite contains kernel symbols for all version of Windows x86/x64, but by relying on the structures in the PDB we don’t need to load the correct Windows header from the headers folder: just import the types and then open the header of the project!