Re: Explorer crashes when it sees this .lnk file

[anorexia () TELKOM NET (AnorEXia)]

Hi

I've ran BSD and analyzed this file

It's quite interesting since that content makes any sense

We have 3 or 4 urls and lots of 6(demon? afraid not,,,) and some 7's.
I didn't see any thing that could make crash, except for that for the
win api the chars are always separated by a 00. So the url should be
W.W.W..A.N.Y..C.O.M. where the points between the letters are 00's.
Foremost, if you desn't have access to Another system than Windows and
wish to analyze this little piece of ms+shit you don't really need to
reboot windows to DOS. Simply open a dos prompt and type that old
commands, rename filename newname, i.e. rename check.lnk check.lnk.txt

Quite simple

If than, you doesn't have a HEX editor, use debug

Syntax is: debug filename, i.e. debug check.lnk.txt

To see the core dump of the file you should type <d> and hit <enter>

Oh, don't run debug from windows, do it from DOS since debug will mix
all and dump win ram too (sux)

No more,
AnorEXia @ Tupi
Tupi
-------------------------------------------
BR(Brazil)
+55(0)42-2247623
-------------------------------------------

Pyssatiro in Tupi Language means...Network
----- Original Message -----
From: Parity Error <bootup () MAIL RU>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Tuesday, March 28, 2000 10:47 AM
Subject: Explorer crashes when it sees this .lnk file

: Hi all,
:
: Explorer crashes when it "sees" this .lnk file in a directory. Looks
like some
: decoding code for .lnk files crashes when it sees this. The code
: seems to be in a shared dll. U cannot edit this file using any
windows based
: hex editor. All apps crash when they see this. This may be
exploitable, ....
:
: