Create WFMFormat.yml #413
Merged
Create WFMFormat.yml #413
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wietze
approved these changes
Feb 15, 2025
Member
wietze
left a comment
wietze
left a comment
There was a problem hiding this comment.
Nice find! I have made a few small changes:
- Also works on Windows 11
- ... but requires .NET Framework 3.5. Especially on modern Windows, this is quite a limitation.
tracerpt.exehas to be in the same folder asWFMFormat.exe, whereasdumpfile.txtshould be in the current working directory.
Thanks for your contribution.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding the standalone tool WFMFormat.exe which is extracted from the Messaging Farm Analyzer download https://www.microsoft.com/en-us/download/details.aspx?id=103244.
This is a signed .NET executable for parsing dumpfiles produced by one of the other tools in this download and the decompiled picture paints a thousand words:
The easiest way to exploit this is to copy your target executable to a file called 'tracerpt.exe' in the same directory as WFMFormat.exe, and then create a file 'dumpfile.txt' in the same directory. Executing WFMFormat.exe with no args will then spawn 'tracerpt.exe dumpfile.txt -y'