kdbgctrl.exe

  • File Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\kdbgctrl.exe
  • Description: Windows kernel debugger configuration utility

Hashes

Type Hash
MD5 30B54B17E08EC8E07B8AF7E4B73AF74A
SHA1 81084FB644EAFD980EFD04582518E0FD56A32C88
SHA256 F885AF4010A30AC4EC2987938C58AB736621F313D432BD7F8F17B527D2E7A7CB
SHA384 B1636FEFCB3CCD2594B1C5AFBB5BCFF0E5B527763D6C66AC7A91BFDE5305C5BD72F016B914F77AAD182F87EDBB4BB470
SHA512 94C9AA738097CCCEDBBFC96B1283CF666A13A8E9BC1D1E5B070E9FBCCDF789CB045D4C90ACA28DB485710997ED868F6163874895B3BAFAA07777BE6286F15B6C
SSDEEP 768:ZmoWOgP2TuaJXfX5cGfWcX7+aW/88fmz5dBoK3WDkd4:ZmoWWTuaZPfXvW88fQ3W4
IMP A14AC62D28479CECD22E3DEDAE51D9FA
PESHA1 241AFE9167922CDC8C9F204B53C1F2A7F8DADDCE
PE256 14D02E7AD3364E44A531FF6DED2F563FF44F0531A95463172EDFEDE723C202DE

Runtime Data

Usage (stdout):

Usage: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\kdbgctrl.exe <options>
Options:
  -c          - Check kernel debugger
  -ca         - Check kernel debugger auto-enable
  -cb         - Check kernel debugger block-enable
  -cdb        - Check kernel DbgPrint buffer size
  -cu         - Check kernel debugger user exception handling
  -cx         - Check kernel debugger enable and exit with status
  -d          - Disable kernel debugger
  -da         - Disable kernel debugger auto-enable
  -db         - Disable kernel debugger block-enable
  -du         - Disable kernel debugger user exception handling
  -e          - Enable kernel debugger
  -ea         - Enable kernel debugger auto-enable
  -eb         - Enable kernel debugger block-enable
  -eu         - Enable kernel debugger user exception handling
  -sdb <size> - Set kernel DbgPrint buffer size
  -td <pid> <file> - Get a kernel triage dump

Loaded Modules:

Path
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\kdbgctrl.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002CF6D2CC57CAA65A6D80000000002CF
  • Thumbprint: 1A221B3B4FEF088B17BA6704FD088DF192D9E0EF
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: kdbgctrl.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: Unknown

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Windows Kits\10\Debuggers\arm\dbengprx.exe 27
C:\Program Files (x86)\Windows Kits\10\Debuggers\arm\kdbgctrl.exe 47
C:\Program Files (x86)\Windows Kits\10\Debuggers\arm\srcsrv.dll 30
C:\Program Files (x86)\Windows Kits\10\Debuggers\arm\srcsrv\srcsrv.dll 30
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\dbengprx.exe 29

MIT License. Copyright (c) 2020-2021 Strontic.