[SANS ISC] Changing BAT Files On The Fly, (Mon, Aug 2nd)

I often use Windows BAT files, simple ones, to execute a series of commands. And over the years, I learned not to change these BAT files while they were executing, because cmd.exe would “notice” those changes when it has to execute the next command in the BAT file, and read the changed file, leading to undesired results.

But recently, I started to use this to my advantage: change commands in a BAT file while it is executing, without undesired results.

The trick is to only change the commands that still have to be executed. Don’t touch the commands that have already executed, and certainly, don’t make them shorter or longer.

Although I have not reversed cmd.exe be sure of what I experience, it seems like cmd.exe does not read a BAT all at once, but that it has a filepointer into the BAT file it is processing, and reads the next line to execute after the current line finishes executing.

If you remove bytes before the filepointer (e.g., by changing commands before the current command to make them shorter, or removing commands), the filepointer will no longer point to the beginning of the next line to execute.

Same if you add bytes before the filepointer.

The trick is to change commands after the filepointer, e.g., change commands that have yet to be executed, while leaving the rest of the BAT file intact.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[BleepingComputer] Microsoft’s Windows 365 Cloud PC service is live – Costs from $24 to $162

Microsoft’s Windows 365 Cloud PC service is now generally available, allowing businesses to deploy Windows 10 desktops in the cloud for prices ranging between $24 and $162 per device. […] Source: Read More (BleepingComputer)

Read More

[ZDNet] Verizon-owned Visible acknowledges hack, confirms account manipulations

All posts, ZDNet

The company has faced overwhelming criticism from users, who took to social media to say their accounts had been hacked and used to buy phones or make other charges. Source: Read More (Latest topics for ZDNet in Security)

Read More

[BleepingComputer] New Windows 11 Dev build released with bug fixes and new features

Microsoft has added new features and fixed multiple issues in the latest Windows 11 Dev build based on feedback received from Windows Insiders in the Dev Channel. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.