Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-29-2017, 19:41
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 919
Rept. Given: 60
Rept. Rcvd 419 Times in 94 Posts
Thanks Given: 68
Thanks Rcvd at 328 Times in 100 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
New windbg preview available

Hi,
Don't know if you noticed it already..

https://blogs.msdn.microsoft.com/windbg/2017/08/28/new-windbg-available-in-preview/
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
The Following User Gave Reputation+1 to Shub-Nigurrath For This Useful Post:
Syoma (08-30-2017)
The Following 6 Users Say Thank You to Shub-Nigurrath For This Useful Post:
b30wulf (08-30-2017), bilbo (08-30-2017), papi (08-29-2017), Syoma (08-30-2017), tonyweb (08-29-2017), zeffy (08-30-2017)
  #2  
Old 08-31-2017, 00:15
bilbo bilbo is offline
Friend
 
Join Date: Jul 2004
Posts: 103
Rept. Given: 36
Rept. Rcvd 15 Times in 12 Posts
Thanks Given: 15
Thanks Rcvd at 17 Times in 11 Posts
bilbo Reputation: 15
By the way,

the installer creates a very interesting file (completely undocumented - supported only by Windows10) with path
C:\Users\username\AppData\Local\Microsoft\WindowsApps\WinDbgX.exe
in order to allow to launch "WinDbgX.exe" from a regular command prompt.

I discovered these properties for it:

- 0-byte length
- cannot be copied/renamed/deleted
- it has the Reparse attribute; but it is not a MountPoint neither a SymbolicLink; it has a IO_REPARSE_TAG_APPEXECLINK
- with the IoControl FSCTL_GET_REPARSE_POINT we can retrieve the Exe Path, inside an undocumented structure:
C:\Program Files\WindowsApps\Microsoft.WinDbg_1.0.10.0_x86__8wekyb3d8bbwe\DbgX.Shell.exe
(the original App written in C Sharp)
- no tool can at the moment retrieve this info, neither the DIR command!

Best regards...
Reply With Quote
The Following User Gave Reputation+1 to bilbo For This Useful Post:
nulli (08-31-2017)
The Following User Says Thank You to bilbo For This Useful Post:
tonyweb (08-31-2017)
  #3  
Old 09-01-2017, 23:35
Levis Levis is offline
Family
 
Join Date: Mar 2012
Location: The Earth
Posts: 42
Rept. Given: 74
Rept. Rcvd 42 Times in 13 Posts
Thanks Given: 26
Thanks Rcvd at 44 Times in 21 Posts
Levis Reputation: 42
Maybe here...?
Quote:
https://en.wikipedia.org/wiki/NTFS_symbolic_link
__________________
My Personal Blog:http://ltops9.wordpress.com
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windbg in IDA 6.5 zeuscane General Discussion 8 11-02-2014 14:13
WINDBG question ricnar456 General Discussion 3 08-17-2006 04:07


All times are GMT +8. The time now is 17:04.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )