No Problem,
Im no programmer but I think alot can be achieved using a
batch script, The first post I did here I used examples
from batches I'd written but there is area's Id deleted
as they were just for an example. I will explain things
in more detail here starting with the basics if you are
interested in writing some yourself:
Batch files are text files with commands that a DOS type
interpreter (like COMMAND.COM, or CMD.EXE) can understand
and use.To anyone who uses DOS, the draw-backs of these
files are obvious as the scope is meant for basic level
tasks. However, the variety of applications you can
create is quite suprising.
example.bat
The suffix 'bat' denotes that this file is a batch file
and any file ending in this will be dealt with as a batch
file. So me.BAT & YOU.bat are acceptable names for Batch
files. Names are not case-sensitive.
Now lets make our first file, open up a basic text
editor. My favourite is Notepad, just click on 'Run' and
type in notepad.
You should have by now a blank page that is opened in a
text editor that does what you actually tell it to do.
Enter the following into the first line of your blank
page.
PAUSE
And click on file > save as and then save the file to an
appropriate space such as desktop under the name wait.bat
Find the file and double click it to execute it (like any
program)
You will recieve the notice "Press any key to
continue . . .", so press any key and the program will
end. This file was opened as a program and followed the
first command there was, which was the command PAUSE,
giving the response you just saw. Since there were no
further commands the file was closed and the program
finished.
Echoing and redirection.
An echo is a computer message, However you can tell it to
say whatever you like. Open your file wait.bat (remember
not to double click on it, just right click and open it
in notepad and move the PAUSE command down a line. On the
newly available first line enter the following.
ECHO
Which will then be followed by the PAUSE command the file
should look like this.
ECHO This is your batch files message.
PAUSE
then save it and run it again, you should see something
like.
C:\Documents and Settings\Andy\Desktop>ECHO This is your
batch files message.
This is your batch files message.
C:\Documents and Settings\Andy\Desktop>PAUSE
Press any key to continue . . .
And the program finishes but instead of just telling you
the responses it also tells you about the working
environment and the commands that are being followed. As
you can see this is exactly what just happened.
On the first line.
ECHO ON
Ensures the environment is (like normal) fully responsive
and echoes to the user all valid information like prompts
and commands that are followed.
ECHO OFF
Switches off all echoing except for responses to commands.
The @ sign.
At the beginning of a statement disables the echo of that
line only.
I mention this because
ECHO OFF
Alone produces an echo confirming the command before the
actual command is followed.
@ECHO OFF
At the beginning of a file will change the file so that
no needless information is shown. This is pretty much
standard procedure amongst those who regularly use Batch
Files.
Now your file should be looking like this:
@echo off
echo This is your batch files message
pause
which should return:
This is your batch files message
Press any key to continue . . .
pause > nul
This is an example of redirection; The echo is taken off-
course by the > symbol and put into something called nul.
nul is a general computer term for nothing, the echo
effectively disappears.
pause > CON
However, effectively 'hardwires' the echo to the display,
or CONsole.
The other main purpose of this is to redirect a commands
output to a file, maybe to make a log file recording the
initiation of a computer through autoexec.bat or maybe
just to check maintenance performed by a batch file.
Open up wait.bat in the editor again and alter the file
to read:
@echo off
echo This is your batch files message > message.txt
pause
Run the file again and check your desktop or where you
saved Wait.bat and you will now see a text file called
message.txt
the change means the ECHO command is redirected into a
file called message.txt, open the text file and you will
see This is your batch files message written into it.
(remember the pause command?). So why didn't the ECHO
message appear?
If a command output is redirected to a file or the device
name 'nul', the output never goes to the console (the bit
you see). Remember it is one command with one output that
can only go to one location, take a look at message.txt
to see where this one went.
If a specified file does not exist, one is created to
store the output under the specified name(message.txt)
It is a repetetive task, but if you want an output to go
to both the console and a file then (barring more
advanced methods) you will have to 'double up' the
commands With echoes heading to your file and to the
console. A primitive response to the problem but other
ways can be found with experience, I'll keep to the
basics to make things easier to follow.
Another way is to use >> it appends to the end of the
file. Simply, it adds a new line and puts the new info
there.
Here the first message is sent to the console the second
message is sent to the file,
So it would then look like this :
@echo off
echo This is your batch files message
echo This is your batch files 2nd message >> message.txt
pause
Save and run this, You will see it in the console and
also the second line created on the text file
Another usefull command while learning is HELP which will
display a list of commands you can use,type help into the
command prompt this part is very usefull because then you
can type help ****** . ****** being one of the commands
in the list to then get detailed info on the entries.
GOTO, IF and Ctrl-C
Ctrl-C
Is something you will have to know about, it's a break
character which allows you to quit processes in the DOS
environment. So if your batch file starts running out of
control or won't end, holding down the keys Ctrl and C
will ask for confirmation to quit.
Terminate batch job? (Y/N)?
and enter 'y' to quit.
GOTO
If the batch files you have run were straight roads with
the occasional 'jam' (the pause command), recursive batch
files are more like systems of roundabouts, with IF
statements as intersections with alternative roads to
follow.
The nature of a DOS type interpreter is to follow
commands, if it isn't told otherwise it will run to the
end of the script and terminate the program. There is a
way, however, to make the file be read in a more dynamic
pattern.
Clear the text of your batch file and enter the following.
@echo off
:1
goto 1
and run it, you will need to manually shutdown the
program with Ctrl-C
This is because the program is stuck in a loop; The
programs cursor reads normally until it finds the command
goto 1
It then is redirected to the label 1
:1
and it reads down again and is looped back.
edit the program again to read as the following
@echo off
:1
time /t
pause > nul
goto 1
Now study this program, it is designed to echo the time
and then pause (which echoes to nul, giving no prompt)
every time you press a key the pause is broken and the
program loops back to the label 1 and repeats itself.
You can just open the DOS Command Prompt and just type in
help time
And you will be given an explanation of its use and
syntax.
IF
Is a conditional statement; An understanding of this can
lead to elegant and powerful script designs.
IF exist readme.txt; echo readme.txt exists
Study this command; the two situations that could arise
from this statement are if the local file readme.txt
(local because no folder is stated, so the interpretter
remains working within the batch files folder) exists or
not. If it does exist the the message is echoed
readme.txt exists
If the files doesn't exist no action is taken. Read the
following command
IF NOT exist readme.txt; echo readme.txt does not exist
This performs a similar job, in the case that the file
does not exist the message is echoed
readme.txt does not exist
In the case that it does exist, no action is taken.
ARGUMENTS
set /p
is of great use in batchfiles, creating a chance for real
user interactivity.
An example is
set /p Vname=username:
This will make the batch prompt the user for input with
username:
and the entered data is assigned to the prompts variable,
Vname.
A example of interactivity is in this batch:
@echo off
set /p answer="knock knock! "
echo.
set /p who=Luke.
echo.
echo Luke through the keyhole and you'll find out!
pause
Commands
The cls command will clear the screen. It doesn't take
any arguments and is mainly used to clear the screen
before displaying any longer output to the user
Echo again can be used to print messages on the screen.
By default MS-DOS will echo all command output in the
batch script on the screen, which can be handy in
debugging situations. If you want to get rid of command-
echoing, though, it's done with the following: @echo off
The at sign is needed to supress the message "echo is
off". Command-echoing can also be turned on at any time
by typing echo on.
The pause command prints a generic prompt and waits for
some user keyboard input (a bit like getting a one
character in C and other languages). It can be useful if
you want to be interactive, but in most batch scripts
that are ment to run unattended, it's rarely used.
The goto command will jump to a specified label in the
batch file and continue execution from there. goto foo
would jump to a lable titled :foo. Label names always
start with a colon and the first eight characters of a
label name must be unique inside a batch file. Goto is
mainly useful in breaking up batches into clear,
managable parts and is of special interest when used with
the if command. It also provides the basis for proper,
finite looping when we get to NT-specific batch commands.
The if command does simple conditional processing. If the
condition is true the following command is executed. Only
one command may be specified after if and there's no easy
way of specifying an else-clause but if does support not
(if not conditions). Normally one would use the goto
command after an if to workaround the single-command
limitation.
The shift command shifts command-line variables %0 to %9
around replacing %n with %n+1. %9 is replaced by the 10th
command-line argument (it can be a real argument or the
variable is empty if there's no argument).
Call will call another batch file inside the one you are
currently in and return execution when the called batch
file terminates. If you use a batch file name without
call, execution will not return to the caller afterwords!
Calling a batch file is simple:: call dostuff.bat and it
is also a great way to modularize and reuse batch code
More command details before writing batch
http://www.microsoft.com/resources/documentation/windows/x
p/all/proddocs/en-us/ntcmds.mspx
http://www.microsoft.com/resources/documentation/windows/x
p/all/proddocs/en-us/redirection.mspx
http://www.computerhope.com/batch.htm#02
Example Batches:
This will ask the users name and print it on the screen.
@echo off
set /p _name=Enter your name:
echo Hello %_name%!.
set _name=
Pause
This will count from 0 to 99:
@echo off
set _number=0
set _max=100
:Start
if %_number%==%_max% goto end
echo %_number%
set /a _number=_number + 1
goto start
:end
set _number=
set _max=
pause
Note the pause is just so you can view this before the
screen dissapears its not required in most batches.
This is a calculater batch use * for multiply
@echo off
echo Type exit when done.
:start
set /p _string="> "
if /i "%_string%"=="exit" goto end
set /a _result=%_string%
echo %_result%
goto start
:end
echo Bye.
echo.
set _string=
set _result=
The Else clause
Although the changes are not as revolutionary as in set,
the if command has also acquired some new features in
Windows 2000 and XP. One of the handiest is the else-
clause. Here's a simple example:
IF EXIST filename. (
del filename.
echo deleted
) ELSE (
echo filename. missing.
echo try again.
)
Because of DOS legacy the parser is really picky about
the syntax, the format:
if condition (
do stuff
) else (
do something else
)
helps to minimize errors and avoids most of the common
pitfalls.
The following example program keeps asking for passwords
until both are the same:
@echo off
set _original=a
set _retry=b
:start
set /p _original="Type in your new password: "
set /p _retry="Retype the password, please: "
if %_original% equ %_retry% (
echo password changed succesfully.
goto end
) else (
echo The passwords don't match, please try again.
echo.
goto start
)
:end
set _original=
set _retry=
And Finally This will search the registry Run keys and
display the results in text form :
regedit /e
HKCURun.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run"
regedit /e
HKLMRun.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
\CurrentVersion\Run"
copy HKLMRun.txt + HKCURun.txt = Output.txt
del /q HKLMRun.txt
del /q HKCURun.txt
notepad Output.txt
del /q Output.txt
This code opens Notepad with the Registry contents of
both the HKLM and HKCU branches of the Run key.
Here's a more complicated one designed to remove Elitebar
variants:
@echo off
VER|find "Windows 2000">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows XP">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 95">NUL
IF NOT ERRORLEVEL 1 GOTO win
VER|find "Windows 98">NUL
IF NOT ERRORLEVEL 1 GOTO win
VER|find "Windows Millennium">NUL
IF NOT ERRORLEVEL 1 GOTO win
VER|find "Windows 2003">NUL
IF NOT ERRORLEVEL 1 GOTO NT
echo Unsupported Version
goto last
:NT
%systemdrive%
cd %WinDir%\system32
attrib -r -s -h kalv*32.exe
if exist kalv*32.exe del kalv*32.exe
attrib -r -s -h elite*32.exe
if exist elite*32.exe del elite*32.exe
attrib -r -s -h elite*.dat
if exist elite*.dat del elite*.dat
attrib -r -s -h kalv*.dat
if exist kalv*.dat del kalv*.dat
attrib -r -s -h temperror32.dat
if exist temperror32.dat del temperror32.dat
cd %WinDir%
attrib -r -s -h EliteToolbar
if exist EliteToolbar rd /q /s EliteToolbar
attrib -r -s -h EliteSidebar
if exist EliteSidebar rd /q /s EliteSidebar
echo Merging registry....
echo REGEDIT4>clear.reg
echo.>>clear.reg
echo [-HKEY_CURRENT_USER\Software\LQ]>>clear.reg
echo.>>clear.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\ohbbackup]>>clear.reg
echo.>>clear.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Elitum]>>clear.reg
echo.>>clear.reg
echo [-HKEY_USERS\.DEFAULT\Software\LQ]>>clear.reg
echo.>>clear.reg
echo [-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Explorer\Browser Helper Objects\{28CAEFF3-0F18-4036-
B504-51D73BD81ABC}]>>clear.reg
echo.>>clear.reg
echo [-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Explorer\Browser Helper Objects\{ED103D9F-3070-4580-
AB1E-E5C179C1AE41}]>>clear.reg
echo.>>clear.reg
echo [-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Explorer\Browser Helper Objects\{BE8D0059-D24D-4919-
B76F-99F4A2203647}]>>clear.reg
echo.>>clear.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar]>>clear.reg
echo "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}"=->>clear.reg
echo.>>clear.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-
0C15C5CA8DEF}]>>clear.reg
echo.>>clear.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{ED103D9F-3070-4580-AB1E-
E5C179C1AE41}]>>clear.reg
echo.>>clear.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{28CAEFF3-0F18-4036-B504-
51D73BD81ABC}]>>clear.reg
echo.>>clear.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-
99F4A2203647}]>>clear.reg
echo.>>clear.reg
echo
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
ion\Run]>>clear.reg
echo "kalvsys"=->>clear.reg
echo "antiware"=->>clear.reg
echo "etbrun"=->>clear.reg
echo "checkrun"=->>clear.reg
echo "farkle-checkrun"=->>clear.reg
regedit /s clear.reg
del clear.reg
goto end
:win
%systemdrive%
cd %WinDir%\system
attrib -r -s -h kalv*32.exe
if exist kalv*32.exe del kalv*32.exe
attrib -r -s -h elite*32.exe
if exist elite*32.exe del elite*32.exe
attrib -r -s -h elite*.dat
if exist elite*.dat del elite*.dat
attrib -r -s -h kalv*.dat
if exist kalv*.dat del kalv*.dat
attrib -r -s -h temperror32.dat
if exist temperror32.dat del temperror32.dat
cd %WinDir%
attrib -r -s -h EliteToolbar
deltree /y EliteToolbar
attrib -r -s -h EliteSidebar
deltree /y EliteSidebar
echo Merging registry....
echo REGEDIT4>clear.reg
echo.>>clear.reg
echo [-HKEY_CURRENT_USER\Software\LQ]>>clear.reg
echo.>>clear.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\ohbbackup]>>clear.reg
echo.>>clear.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Elitum]>>clear.reg
echo.>>clear.reg
echo [-HKEY_USERS\.DEFAULT\Software\LQ]>>clear.reg
echo.>>clear.reg
echo [-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Explorer\Browser Helper Objects\{28CAEFF3-0F18-4036-
B504-51D73BD81ABC}]>>clear.reg
echo.>>clear.reg
echo [-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Explorer\Browser Helper Objects\{ED103D9F-3070-4580-
AB1E-E5C179C1AE41}]>>clear.reg
echo.>>clear.reg
echo [-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Explorer\Browser Helper Objects\{BE8D0059-D24D-4919-
B76F-99F4A2203647}]>>clear.reg
echo.>>clear.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar]>>clear.reg
echo "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}"=->>clear.reg
echo.>>clear.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-
0C15C5CA8DEF}]>>clear.reg
echo.>>clear.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{ED103D9F-3070-4580-AB1E-
E5C179C1AE41}]>>clear.reg
echo.>>clear.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{28CAEFF3-0F18-4036-B504-
51D73BD81ABC}]>>clear.reg
echo.>>clear.reg
echo [-HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-
99F4A2203647}]>>clear.reg
echo.>>clear.reg
echo
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
ion\Run]>>clear.reg
echo "kalvsys"=->>clear.reg
echo "antiware"=->>clear.reg
echo "etbrun"=->>clear.reg
echo "checkrun"=->>clear.reg
echo "farkle-checkrun"=->>clear.reg
regedit /s clear.reg
del clear.reg
goto end
:end
echo Done!!
:last
Of course these batches can also be used for malicious
reasons but I will not give any examples of them but its
possible to write batches that are encrypted to avoid AV
detection and then when run they Kill the AV, login to
ftp server's and download and then run the trojan's but
all the user will see is the uncrypted message so this is
why running unknown batches can be very dangerous
Ive ran out of examples
even though these are pretty
basic and not exclusive to Virus writing I hope it gives
a good basic understanding of Batch file writing
Regards Andy
