中国DOS联盟

Batch File Encryption and Decryption
Many people like to encrypt batch files after writing them to prevent others from modifying the copyright, and the most commonly used method is to compile them into EXE files. There is a relatively special encryption method, which is to add a FFEF file header to the batch file, so that text editors like Notepad will open the batch file in UNICODE mode, of course, it will display garbled characters, but Windows does not consider this file as a UNICODE format file, and still executes each command in the file in sequence, and the batch file can still be used normally.

Next, analyze that when opening the encrypted batch file with UltralEdit32, switch to the hexadecimal mode to display the following code:
00000000h: FF FE 0D 0A 63 6C 73 0D 0A FF FE 0D 0A 63 6C 73 ; ??.cls..??.cls
00000010h: 0D 0A ; ..

Obviously, if the UNICODE file header FFFE is forcibly added to the batch file header, it will definitely cause an error in the execution of the first command of the batch file. The author adds a 0D0A after FFFE, which is a carriage return and line feed, so it will not affect the execution of the first command of the encrypted file, but an error message of "is not an internal or external command, nor a runnable program or batch file" will appear on the screen. The author adds a cls after this command to immediately clear the error message on the screen, which is quite clever.

By this point, everyone should be able to see the decryption method. The method is very simple: just use a hex editor to delete the file header FF FE 0D 0A 63 6C 73 0D 0A of the encrypted file. If you are afraid of trouble, just delete the preceding FFFE and then modify it with Notepad again.

If you want to encrypt your batch file well, try Quick Batch File Compiler. It can not only compile batch files into EXE files, but also package the external commands used by the batch file into the executable file.



============
Alternative Decryption Method: copy name.bat con

copy is the copy command, no need to explain more.
con is the abbreviation of DOS device file. In DOS, many external devices are regarded as files, called device files. DOS has such a regulation: con console (keyboard/display) aux (or com1) first serial port lpt1 first parallel printer interface, nul non-existent device
Example: copy con abc.txt
Function: Copy the text entered from the keyboard to the file abc.txt, so after entering this command, enter characters, and press ctrl+z to end. The text you entered will be saved to the abc.txt file.
Example: copy abc.txt con
Function: Copy the text in abc.txt to the screen, that is, display it.

Put forward a question: copy con abc.txt copies the text entered from the keyboard to the file abc.txt,
It can only record the text entered in DOS. If it can monitor all keyboard inputs and record them to abc.txt! ----- To put it simply, it is a BAT version keylogger
Veterans, come and discuss together to realize this function. . .

Last edited by luowei14 on 2007-7-28 at 08:17 PM ]

Hehe, this is already known. Thanks for your enthusiasm

... Everyone, don't just look and leave... My problem hasn't been solved yet. With my current BAT knowledge, I can't complete this work, so I posted it on the forum. Let's discuss together how to implement a BAT version keyboard logger. copy con abc.txt copies the text input from the keyboard to the file abc.txt. Monitor all keyboard inputs and record them to a certain file!

Monitoring keyboard input is not BAT's strong suit; you can't do it without third-party tools

Use the right tool for the right job

copy con cannot be used for keylogging
Because enabling it will cause all commands to fail to execute
This is similar to editing a text file with Notepad

There are corresponding keylogging tools under dos/cmd
You can search online
Even if it is used in a batch file, it is achieved with a batch file

Compiling with Quick Batch File Compiler, in fact, you can get the batch file without cracking. It's just in the temp directory, which is simpler. Whereas the encryption method still requires you to handle the file manually.