M1suzu/gist:6e4a65c235da7e3982b2000b46f806cc

Created December 20, 2018 15:23

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/M1suzu/6e4a65c235da7e3982b2000b46f806cc.js"></script>
Save M1suzu/6e4a65c235da7e3982b2000b46f806cc to your computer and use it in GitHub Desktop.

Download ZIP

Useful windbg commands | break into debugger when the process opens or creates a file with a .txt file extension. | https://shellbombs.github.io/windbg/

Raw

gistfile1.txt

bp kernel32!CreateFileW "r $t0 = poi(@esp + 4); as /mu ${/v:filename} @$t0; .block {.if ($spat(\"${filename} \", \"*.txt \")) {kb;} .else {gc;}}"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment