Exetools

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   New windbg preview available (https://forum.exetools.com/showthread.php?t=18391)

Shub-Nigurrath 08-29-2017 19:41
New windbg preview available
 
Hi,
Don't know if you noticed it already..

https://blogs.msdn.microsoft.com/windbg/2017/08/28/new-windbg-available-in-preview/

bilbo 08-31-2017 00:15
By the way,

the installer creates a very interesting file (completely undocumented - supported only by Windows10) with path
C:\Users\username\AppData\Local\Microsoft\WindowsApps\WinDbgX.exe
in order to allow to launch "WinDbgX.exe" from a regular command prompt.

I discovered these properties for it:

- 0-byte length
- cannot be copied/renamed/deleted
- it has the Reparse attribute; but it is not a MountPoint neither a SymbolicLink; it has a IO_REPARSE_TAG_APPEXECLINK
- with the IoControl FSCTL_GET_REPARSE_POINT we can retrieve the Exe Path, inside an undocumented structure:
C:\Program Files\WindowsApps\Microsoft.WinDbg_1.0.10.0_x86__8wekyb3d8bbwe\DbgX.Shell.exe
(the original App written in C Sharp)
- no tool can at the moment retrieve this info, neither the DIR command!

Best regards...

Levis 09-01-2017 23:35
Maybe here...?
Quote:
https://en.wikipedia.org/wiki/NTFS_symbolic_link


All times are GMT +8. The time now is 17:59.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX