11

What does %windir% stands for?

I am receiving a malware analysis report with things like windir%\system32\catroot, %windir%\folder1\folder2 and I want to know what does it mean?

phuclv
  • 26,555
  • 15
  • 113
  • 235
thepumpumwater
  • 137
  • 1
  • 1
  • 3

2 Answers2

9

The Windows directory or SYSROOT. This corresponds to the %WINDIR% or %SYSTEMROOT% environment variables. A typical path is C:\Windows.

This variable points to the Windows directory (on Windows NT-based operating systems it is identical to the %SystemRoot% variable. If the system is on drive C:, then the default values are "C:\WINDOWS" on Windows 95, Windows 98, Windows Me, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7.

For more info see Wikipedia's Environment Variables entry.

Ƭᴇcʜιᴇ007
  • 111,883
  • 19
  • 201
  • 268
malakrsnaslava
  • 2,753
  • 4
  • 23
  • 37
6

Open a command prompt by clicking Start, typing cmd, then Enter. Type echo %windir%, then Enter, and the path should print to the screen. Usually C:\WINDOWS

MattSayar
  • 323
  • 1
  • 4
  • 8
  • 1
    WOW, thank you so much for posting this. There are many questions out there asking about what the various system variables are, and this is the first answer I have seen that tells you how to actually see what path the variable represents. `echo %windir%`. Now that I see it, I understand how simple it is, but I'm not a sys admin so I knew it had to be something easy, but wasn't sure what it was. Thanks again. – Travis Heeter Dec 27 '16 at 02:29