Hi all,
As part of working on file system filter driver, I’m analysing a manually
initiated dump file. I have troubles determining the version of operating
system that was running. Has anybody already seen such module?
-
Windows debugger initially displays “Windows NT 4 Kernel Version 1381 MP
(2 procs) Free x86 compatible Product: Server” -
The command “lm vtmnt*” displays for module nt “Checksum: 000EFA1A
Timestamp: Thu Jun 14 02:09:36 2001 (3B2800C0) File version: 4.0.1381.7097
Product version: 4.0.1381.7097” -
The search for string “service pack” in file memory.dmp is followed by “6”
many times. -
The last service pack (6 or 6a, both give the same results) was released
in 1999.
Any idea would be greatly appreciated
Joze