Vergex is a recursive header generator for Windows kernel structures, using publicly available data from the Vergilius Project. It fetches the specified struct and all nested dependencies, generating a clean, ready-to-import C header — especially useful for reverse engineering in Ghidra.
- Recursive struct resolution (follows nested definitions)
- Outputs typedef-ready C headers for reverse engineering
- Optimized for Ghidra
- Multi-threaded scraping for fast performance
- Supports various Windows versions and releases
Vergex is not affiliated with or endorsed by the Vergilius Project.
It simply automates the retrieval and formatting of publicly available kernel struct data from their site.
- Python 3.7+
requestsbeautifulsoup4
Install dependencies:
pip install -r requirements.txtOr:
pip install requests beautifulsoup4python generate_structs.py -s <STRUCT_NAME> -v <VERSION> -r <RELEASE> [-o <OUTPUT>] [-t <THREADS>]python generate_structs.py -s _EPROCESS -v 10 -r 22H2 -o eprocess_win10_22h2.h| Argument | Description |
|---|---|
-s, --struct |
(Required) Root struct name (e.g. _EPROCESS) |
-v, --version |
Windows version alias (10, 11, 7, xp, etc.) |
-r, --release |
Windows release string (e.g. 1809, 22H2) |
-o, --output |
Output filename (optional; auto-named if omitted) |
-t, --threads |
Max number of threads (default: 10) |
--list-versions |
Print supported version aliases |
The output is a single .h file containing:
- All resolved kernel structs
- Base typedefs for primitives
- Pointer typedefs (
typedef struct _FOO* PFOO;)
This header can be directly imported into Ghidra using the "Parse C Header File" option to enhance kernel RE analysis.
typedef struct _EPROCESS {
// ...
} EPROCESS;
typedef struct _EPROCESS* PEPROCESS;Built for reverse engineers, by a reverse engineer. Struct data sourced from the excellent Vergilius Project.