[Caml Light]

Hi! My batch file must run on a single line, so i've added the '&' char after every command. Now my batch has not carriage returns. The only problem is that cmd.exe give me the error as from title. Have you suggestions?

Thanks

[bphlpt]

Can you list your batch for us?

Cheers and Regards

[Caml Light]

My batch is based on a old cmd script written by Yzöwl: http://www.msfn.org/...mp/page__st__20

@ECHO OFF
ECHO=_%~1|FINDSTR/X "_-123456 _/123456">NUL 2>&1||GOTO Error
SETLOCAL ENABLEEXTENSIONS
SET "_="
PUSHD %~dp0
FOR /R %%A IN (Windows*-KB*.EXE) DO (
        SET _=T
        ECHO= Installation of %%~nA...
        >NUL PING -n 4 127.0.0.1
        "%%A" /quiet /norestart)
IF NOT DEFINED _ GOTO Error
ECHO=
ECHO= == Press any key to restart. ==
>NUL PAUSE
SHUTDOWN.EXE /r /t 0
GOTO :EOF
:Error
ECHO= Error.
ECHO=
ECHO= Press any key to exit...
>NUL PAUSE

My batch repeats the central part several times to install other software:

FOR /R %%A IN (Windows*-KB*.EXE) DO (
        SET _=T
        ECHO= Installation of %%~nA...
        >NUL PING -n 4 127.0.0.1
        "%%A" /quiet /norestart)

Converting it into a single line batch, results too long to execute for CMD.exe. Is there a solution to this limitation?

Thank you

This post has been edited by Caml Light: 16 September 2012 - 07:16 PM

[bphlpt]

So why "must" your batch run on a single line? Maybe we can offer an alternative solution if we better understood the circumstances. ie instead of fixing the batch to work in a single line, we could come up with a solution so that you could run the batch in its original proven form.

Cheers and Regards

[Caml Light]

Thank you for your support. Mainly the batch must be read (its content) by a authoring software. Once read, it is saved as variable by the authoring program, than executed as parameter of "CMD.exe". This method works if batch are not too long, because the batch become the parameter of CMD. Is there an alternative way to protect the batch, hiding its content? I also can host the batch on my website, in case of a valid "online protection". I've already bought a specific professional compiler, but during the execution of the compiled EXE, the batch is extracted into the %TEMP% folder, so it is useless.

Thank you

This post has been edited by Caml Light: 16 September 2012 - 10:00 PM

[bphlpt]

Sorry, but I've never had to deal with hiding the batch in that way. Hopefully another member can offer some advice. Might it help if we knew the name of the authoring program or why you wanted to hide the batch's content?

Cheers and Regards

[MrJinje]

I'm using powershell started from cmd.exe via a single line (registry shell extension). How many characters in yours, this one is 498 characters and does not throw me any error.

@ECHO OFF & cmd /k start /b powershell -command "clear-host;[void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic');$INDEX = [Microsoft.VisualBasic.Interaction]::InputBox('Enter Image #', 'Which image to mount', '1');$PROMPT = [Microsoft.VisualBasic.Interaction]::MsgBox('Ready to mount image ?', 'OKCancel,Question', 'Last Chance to Cancel');switch ($PROMPT) {'OK'{Dism /mount-wim /wimfile:D:\sources\boot.wim /index:$INDEX /mountdir:C:\zMountDir}'Cancel'{exit}}" & PAUSE

On second thought, your script looks short but that %%A variable expands at runtime, the problem could be the expanded 'path' length being more than 256 characters, why not convert the %%A variable to 8.3 short naming before it loops.

Alternatively try encrypting your batch as an exe. Plenty of free-wares offer that agility.

This post has been edited by MrJinje: 16 September 2012 - 11:34 PM

[allen2]

Most authoring language uses their own scripting language so maybe you should use it instead of using it to launch batch code.
Anyway if you need the loop part, this might work:

FOR /R %A IN (Windows*-KB*.EXE) DO ( SET _=T && ECHO= Installation of %~nA... && PING -n 4 127.0.0.1 >NUL && "%A" /quiet /norestart)

[Caml Light]

MrJinje, on 16 September 2012 - 11:05 PM, said:

I'm using powershell started from cmd.exe via a single line (registry shell extension). How many characters in yours, this one is 498 characters and does not throw me any error.

@ECHO OFF & cmd /k start /b powershell -command "clear-host;[void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic');$INDEX = [Microsoft.VisualBasic.Interaction]::InputBox('Enter Image #', 'Which image to mount', '1');$PROMPT = [Microsoft.VisualBasic.Interaction]::MsgBox('Ready to mount image ?', 'OKCancel,Question', 'Last Chance to Cancel');switch ($PROMPT) {'OK'{Dism /mount-wim /wimfile:D:\sources\boot.wim /index:$INDEX /mountdir:C:\zMountDir}'Cancel'{exit}}" & PAUSE

On second thought, your script looks short but that %%A variable expands at runtime, the problem could be the expanded 'path' length being more than 256 characters, why not convert the %%A variable to 8.3 short naming before it loops.

Alternatively try encrypting your batch as an exe. Plenty of free-wares offer that agility.

I've already bought (paid version) a well-known batch compiler program, but it extracts the batch into the %TEMP% folder, so it's useless.

allen2, on 16 September 2012 - 11:13 PM, said:

Most authoring language uses their own scripting language so maybe you should use it instead of using it to launch batch code.
Anyway if you need the loop part, this might work:

FOR /R %A IN (Windows*-KB*.EXE) DO ( SET _=T && ECHO= Installation of %~nA... && PING -n 4 127.0.0.1 >NUL && "%A" /quiet /norestart)

Do you know Multimedia Builder? I use that program. Anyway, my batch is very long, and with MMB i must create several Run("CMD","parameter$") commands (very bad), so i've choice to do it with a single Run command unifying the whole batch into a single line. But for CMD.exe that line is too long.

[allen2]

Then you need to use the mmb manual to create a mmb script.

[Caml Light]

allen2, on 16 September 2012 - 11:54 PM, said:

Then you need to use the mmb manual to create a mmb script.

i use the program from some years, but i don't know how it could be possible to convert a batch into a MMB script.

EDIT: You've a PM

This post has been edited by Caml Light: 17 September 2012 - 12:05 AM

[jaclaz]

Caml Light, on 16 September 2012 - 09:45 PM, said:

I've already bought a specific professional compiler, but during the execution of the compiled EXE, the batch is extracted into the %TEMP% folder, so it is useless.

You must have missed this before buying that (whatever it is) batch "compiler":
http://www.robvander...ptcompilers.php

jaclaz

[Yzöwl]

I'm confused as to why your non secret updates installation routine being extracted, run and deleted from a default hidden location is considered 'useless'!

[Caml Light]

Yzöwl, on 17 September 2012 - 02:30 PM, said:

I'm confused as to why your non secret updates installation routine being extracted, run and deleted from a default hidden location is considered 'useless'!

Because everyone can access to that folder and get the batch. I wish to hide the batch file. The world is big, not all people are skillful as you or other members of this community.
Anyway, for a UNskillful person, the %TEMP% folder is easy to get.

This post has been edited by Caml Light: 18 September 2012 - 03:23 PM

[bphlpt]

Caml Light, on 18 September 2012 - 03:21 PM, said:

Yzöwl, on 17 September 2012 - 02:30 PM, said:

I'm confused as to why your non secret updates installation routine being extracted, run and deleted from a default hidden location is considered 'useless'!

Because everyone can access to that folder and get the batch. I wish to hide the batch file. The world is big, not all people are skillful as you or other members of this community.
Anyway, for a UNskillful person, the %TEMP% folder is easy to get.

I guess the thing we are not understanding is why is it important to hide this batch that is being used to install updates? So what if an UNskillful person can get to the %TEMP% folder? What are you afraid that they will do with this non secret information? What is the big deal? For that matter, why hide it at all?

Cheers and Regards

[MrJinje]

How much are you charging for this script that it would be beneficial for them to steal it. Does Yzowl make a percentage ? For the right price, I will rewrite the entire thing to be encrypted and only decompile in RAM.

This post has been edited by MrJinje: 19 September 2012 - 02:23 AM

[Caml Light]

MrJinje, on 19 September 2012 - 02:12 AM, said:

How much are you charging for this script that it would be beneficial for them to steal it. Does Yzowl make a percentage ? For the right price, I will rewrite the entire thing to be encrypted and only decompile in RAM.

CMD batch or converted to a different language?

I'm enthusiast about security, and i want to learn, to learn, to learn, this is the way for me! I'm curious if exists a way to don't decompile in the the HD. I know that is possible to do what you wrote with VBScript, not with a CMD batch.

This post has been edited by Caml Light: 19 September 2012 - 02:59 AM

[Yzöwl]

It's not really a security issue though is it? You are installing updates, you are telling them you are installing updates and you are showing them which updates you are running. The only time the file could be read from the hidden location is during the updating process, whilst it's running, and even then it would only be found by someone specifically knowing what to look for and where to look for it. The file contains nothing which would benefit anyone other than someone wanting to know how to formulate a for loop; what's wrong with them wanting to learn something too?

ExeScript

Quote

Executable files produced by ExeScript are securely protected with industry-standard AES encryption, making it virtually impossible to extract the original script files from the executable. ExeScript never saves or extracts the original script files onto the hard disk during the execution. Instead, all information is securely kept in the computer's RAM, which makes it hard or impossible to obtain the source code from EXE files while they are running.

To protect your scripts against unauthorized use, ExeScript can set a password to run, making it impossible to launch a script without knowing the right password. Secure AES encryption and password-protection make converted BAT to exe, VBS to exe files secure for wide distribution.

[jaclaz]

Caml Light, on 18 September 2012 - 03:21 PM, said:

Because everyone can access to that folder and get the batch.

Wouldn't it be protected by Copyright Laws?
In any case you could have people to which you provide the install routine to sign a NDA:
http://en.wikipedia....osure_agreement
You know, just to be on the safe side.

jaclaz

[bphlpt]

The only thing I can think of is that you are using the same basic batch to not only install updates, but also install something else, and that is what you don't want people to see. If that is true, then that secrecy implies something nefarious, and if I was one of your users I would be that much more curious and would trust you less in general.

I also noted that you did not answer my previous questions. I can understand that you "want to learn, to learn, to learn", but what exactly are you wanting to learn and for what purpose?

Cheers and Regards