This is a very powerful command! It launches a shell process and redirects its output either to a WinDbg window or to a file.
.shell [Options] [ShellCmd] .shell -i InFile [-o OutFile [-e ErrFile]] [Options] ShellCmd
According to the WinDbg help, options can be:
-ci "Cmdl; Cmd2; ..."
Processes any number of debugger commands and then passes their output as an input to the process being launched.
Causes any process being launched to be completely detached from WinDbg and thus to continue running after WinDbg session ends.
The way we can use it is:
.shell -i - -ci "command" FIND "string" /i
Why do we use FIND? The FIND command is not a part of .shell. It's a DOS command. .shell gives us access to the OS command shell. We ...