Shulou(Shulou.com)06/03 Report--

Xiaobian to share with you how to achieve the batch processing of suspicious files, I believe most people still do not know how, so share this article for your reference, I hope you have a lot of harvest after reading this article, let's go to understand it together!

It is best to use loop to write the main part of the batch processing of suspicious files in the plan, because it involves more file paths and file names, and it is too laborious to write BAT directly by hand. The for loop can meet the needs to a certain extent, so the focus on the use of the for loop to see, although not quite understand, but try to write a few lines of code, the effect can also be.

There are four files involved in the experiment: list.txt, pre.bat, check.bat, check.log.

First of all, you need list.txt, which records all suspicious files, one per line. This needs to be written manually, but only need to write the file path and file name, carriage return and then write down a can, the workload is not big, say small is not small. Form:

……

%systemroot%\explorer.exe

%systemroot%\system32\rundll32.exe

……

Second, pre.bat, which is a preprocessing used to generate the check.bat batch. Among them, the for loop is used, reading the file name from list.txt by line, replacing the variable and writing it to check.bat. The most common one is echo. In operations that contain output redirects (including for loops), double quotes are used here to mask one of the output redirects because the contents of the check.bat write also contain the check.log write operation. There is a problem here: the command originally written in check.bat has double quotation marks, losing the role of "command" and becoming "string," so after generating check.bat, you have to manually delete all double quotation marks. I don't know if this can be achieved by batch processing. I haven't found any method at present. Pre.bat reads:

@echo off

echo @echo off>> check.bat

echo echo BATCH STARTS...>> check.bat

echo echo PRESS ANY KEY TO START THE BATCH...>> check.bat

echo pause>> check.bat

echo "date /t>> check.log">> check.bat

echo "time /t>> check.log">> check.bat

echo "echo -------START------>> check.log">> check.bat

:: All of the above write prompt text and commands to check.bat.

for /F %%i in (list.txt) do echo "if exist %%i echo %%i & echo %%i>> check.log">> check.bat

::FOR loop, reading file names from list.txt,

::IF determines if a file exists, displays the file name and writes it to check.log.

echo "echo -------END------>> check.log">>check.bat

echo echo BATCH ENDS!>> check.bat

echo echo PRESS ANY KEY TO EXIT...>> check.bat

echo pause>> check.bat

pause

Third, check.bat, which is really used to check suspicious files, is also the longest of the four files, generated by pre.bat, manually deleted all the double quotes (using the replacement function of Notepad, in fact, very convenient, no workload at all). When executing, if there is a suspicious file, it will be displayed and written into the record file check.log. The file content is like:

@echo off

echo BATCH STARTS...

echo PRESS ANY KEY TO START THE BATCH...

pause

date /t>> check.log

time /t>> check.log

echo -------START------>> check.log

……

if exist %systemroot%\explorer.exe echo %systemroot%\explorer.exe & echo %systemroot%\explorer.exe>> check.log

if exist %systemroot%\system32\rundll32.exe echo %systemroot%\system32\rundll32.exe & echo %systemroot%\system32\rundll32.exe>> check.log

……

echo -------END------>> check.log

echo BATCH ENDS!

echo PRESS ANY KEY TO EXIT...

pause

Fourth, record the file check.log, which is generated by check.bat and records the inspection results. Form:

2007-01-15

20:18

-------START------

……

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\rundll32.exe

……

-------END------

The above is "how to achieve the batch processing of suspicious files" all the contents of this article, thank you for reading! I believe that everyone has a certain understanding, hope to share the content to help everyone, if you still want to learn more knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.