Exetools  

Go Back   Exetools > General > Community Tools
Reload this Page New windbg preview available
Register Forum Rules FAQ Calendar

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-29-2017, 19:41
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
  
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 971
Rept. Given: 70
Rept. Rcvd 431 Times in 101 Posts
Thanks Given: 83
Thanks Rcvd at 405 Times in 127 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
New windbg preview available
Hi,
Don't know if you noticed it already..

https://blogs.msdn.microsoft.com/windbg/2017/08/28/new-windbg-available-in-preview/
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
The Following User Gave Reputation+1 to Shub-Nigurrath For This Useful Post:
Syoma (08-30-2017)
The Following 6 Users Say Thank You to Shub-Nigurrath For This Useful Post:
b30wulf (08-30-2017), bilbo (08-30-2017), papi (08-29-2017), Syoma (08-30-2017), tonyweb (08-29-2017), zeffy (08-30-2017)
  #2  
Old 08-31-2017, 00:15
bilbo bilbo is offline
Friend
  
Join Date: Jul 2004
Posts: 103
Rept. Given: 36
Rept. Rcvd 15 Times in 12 Posts
Thanks Given: 15
Thanks Rcvd at 17 Times in 11 Posts
bilbo Reputation: 15
By the way,

the installer creates a very interesting file (completely undocumented - supported only by Windows10) with path
C:\Users\username\AppData\Local\Microsoft\WindowsApps\WinDbgX.exe
in order to allow to launch "WinDbgX.exe" from a regular command prompt.

I discovered these properties for it:

- 0-byte length
- cannot be copied/renamed/deleted
- it has the Reparse attribute; but it is not a MountPoint neither a SymbolicLink; it has a IO_REPARSE_TAG_APPEXECLINK
- with the IoControl FSCTL_GET_REPARSE_POINT we can retrieve the Exe Path, inside an undocumented structure:
C:\Program Files\WindowsApps\Microsoft.WinDbg_1.0.10.0_x86__8wekyb3d8bbwe\DbgX.Shell.exe
(the original App written in C Sharp)
- no tool can at the moment retrieve this info, neither the DIR command!

Best regards...
Reply With Quote
The Following User Gave Reputation+1 to bilbo For This Useful Post:
nulli (08-31-2017)
The Following User Says Thank You to bilbo For This Useful Post:
tonyweb (08-31-2017)
  #3  
Old 09-01-2017, 23:35
Levis Levis is offline
Family
  
Join Date: Mar 2012
Location: The Earth
Posts: 44
Rept. Given: 76
Rept. Rcvd 42 Times in 13 Posts
Thanks Given: 31
Thanks Rcvd at 51 Times in 23 Posts
Levis Reputation: 42
Maybe here...?
Quote:
https://en.wikipedia.org/wiki/NTFS_symbolic_link
__________________
My Personal Blog:http://ltops9.wordpress.com
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windbg in IDA 6.5 zeuscane General Discussion 8 11-02-2014 14:13
WinDBG Virtual PC Sergey Nameless General Discussion 6 09-06-2004 16:13


All times are GMT +8. The time now is 07:28.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )