Windows IFEO, GWX, Nirvana, and more

Discussion in 'other software & services' started by Mrkvonic, Jun 16, 2016.

  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    You may like what's on today's menu: a neat tutorial explaining how to use a less-known but highly powerful Windows feature called Image File Execution Options (IFEO) to pass programs as debuggers to other executables through registry tweaks, a trivial example, and how the use case applies to the Windows 10 GWX upgrade tool, other considerations, and more. Enjoy.

    http://www.dedoimedo.com/computers/windows-ifeo-debugger-gwx-more.html


    Cheers,
    Mrk
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Some malware also make use of the "Image File Execution" feature and most HIPS are monitoring this key.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    True, so. It's still an extremely useful feature.
    Mrk
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
Loading...