Thread: New windbg preview available
View Single Post
  #2  
Old 08-31-2017, 00:15
bilbo bilbo is offline
Friend
  
Join Date: Jul 2004
Posts: 103
Rept. Given: 36
Rept. Rcvd 15 Times in 12 Posts
Thanks Given: 15
Thanks Rcvd at 17 Times in 11 Posts
bilbo Reputation: 15
By the way,

the installer creates a very interesting file (completely undocumented - supported only by Windows10) with path
C:\Users\username\AppData\Local\Microsoft\WindowsApps\WinDbgX.exe
in order to allow to launch "WinDbgX.exe" from a regular command prompt.

I discovered these properties for it:

- 0-byte length
- cannot be copied/renamed/deleted
- it has the Reparse attribute; but it is not a MountPoint neither a SymbolicLink; it has a IO_REPARSE_TAG_APPEXECLINK
- with the IoControl FSCTL_GET_REPARSE_POINT we can retrieve the Exe Path, inside an undocumented structure:
C:\Program Files\WindowsApps\Microsoft.WinDbg_1.0.10.0_x86__8wekyb3d8bbwe\DbgX.Shell.exe
(the original App written in C Sharp)
- no tool can at the moment retrieve this info, neither the DIR command!

Best regards...
Reply With Quote
The Following User Gave Reputation+1 to bilbo For This Useful Post:
nulli (08-31-2017)
The Following User Says Thank You to bilbo For This Useful Post:
tonyweb (08-31-2017)