How to Safely Run "makeboot.bat: File on USB?

[Elliot77]

I'm manually installing clonezilla using the method below. Step 4 I do not understand. Can someone kindly explain how one runs makeboot.bat from the USB, as opposed to the local hard drive?

 

1. http://pendrivelinux.com)

WARNING!   DO NOT RUN makeboot.bat from your local hard drive!
Doing so could cause your MS windows not to boot!!!

[jaclaz]

Translated to "good practice" the instructions mean:
Once you will have copied the whole contents of the .zip file onto the USB partition (which will have in windows a drive letter assigned, let's say G: ), you open a command prompt (if you are running one of the stupid windows OS with UAC you will need to open it as Administrator) then in it type:
CD /D G:\utils\win32
and press [ENTER] the prompt will change to:
G:\utils\win32>
and then you type:
makeboot.bat
and press [ENTER]
 
As a side note I find that it makes little sense and represents a potentially dangerous thing to release a batch that can make damages if not run from the "right" device, the batch does have a check:
 

echo -----------------------------------------------------------------
echo This batch file will prepare drive %~d0 for boot using syslinux!
echo -----------------------------------------------------------------
echo.
echo.
echo --------------------- WARNING!: ---------------------------------
echo.
echo Run this file from your portable USB device ONLY.
echo Running this file from your hard drive may overwrite your current
echo Master Boot Record (MBR) and render your Windows Operating System
echo un-bootable. YOU HAVE BEEN WARNED!
echo.
echo This batch file is offered in hopes that it will be useful and
echo comes with absolutely no warranty. USE AT YOUR OWN RISK!
echo.
echo -----------------------------------------------------------------
echo.
echo %~d0 | "%windir%\system32\findstr.exe" /B /I "%systemdrive%" && echo You can _NOT_ RUN makeboot.bat from your local system hard drive! It should only be run from your USB flash drive or USB hard drive. && goto end
echo.
echo Press any key to make drive %~d0 bootable
echo or close this window to abort...
pause > nul

but it is limited to the %systemdrive%, and the confirm goes through the *any* key press so it is perfectly possible, by mistake, that a non-system drive can pass the check.
I would add a more explicit check *like*

SET Confirm=NOECHO Syslinux will be installed to the disk where the volume %~d0 resides.SET /P Confirm=Type YES to confirm this is the right drive letter:IF "%Confirm%"=="YES" GOTO :OKECHO Batch aborted.ECHO Press any key to exit the batch.PAUSE > NULGOTO :EOF:OK

jaclaz


 

[Elliot77]

Nice post jaclaz

[Elliot77]

So how would somebody do this the WRONG way (so one would know exactly what they oughtn't do)?

Edited May 26, 2015 by Elliot77

[jaclaz]

So how would somebody do this the WRONG way (so one would know exactly what they oughtn't do)?

It is just a matter of "trust".

 

In 99.99% of cases people run programs (compiled .exe's) trusting blindly the Author that running them is "safe".

 

In the case of batches there is one advantage and one disadvantage.

 

The disadvantage is that since batch files are intended (generally speaking) to be run from within a command prompt there is a concrete probability that the batch will not be suitable for drag 'n drop and for running by double clicking it. (it is not the case of this one as correctly the Author has added PAUSE statements needed to keep the Command windows open and the batch is "interactive", but you will find a number of batches around that if double clicked will, just like a number of command line executables, smply briefly flash a black window on your desktop, and this is a very common issue reported "I double clicked on the file and it did nothing but flashing a black window").

 

The advantage is that since batch files are essentially "plain text" they can be easily inspected BEFORE double clicking on them, particularly where their scope is to run a potentially distructive command).

 

This batch "automagically" chooses the drive letter on which the Syslinux.exe command is run getting it from the "self-position", the %~d0 parameter of the batch, which is a good thing that - added to the check for the drive letter NOT being the %systemdrive% will, when the user will follow instructions work fine in say 97.38% of situations, BUT IF it is run from a non-system partition/volume residing on the SAME disk as the %systemdrive% it will likely botch the booting of the system.

 

Generically, the rule of the thumb with batches is to run them in a command window unless you are positive that they support correctly the other alternative possibilities to start them, i.e. double clicking or drag 'n drop.

 

jaclaz

[Tripredacus]

The advantage is that since batch files are essentially "plain text" they can be easily inspected BEFORE double clicking on them, particularly where their scope is to run a potentially distructive command).

This is something I had to deal with regarding one of the programs I use that runs .cmd files. Because all the .cmd files existed on a network share, it would be really easy to accidently run one on the local system and have something bad happen to the server. What I ended up doing was having all the .cmd files change extension to .log. This way, if you click it, it will open in Notepad by default. Easy to inspect that way. And then of course if a file is needed to be run, my program changes the extension to .cmd after the file is copied from the share.

[jaclaz]

What I ended up doing was having all the .cmd files change extension to .log.

Maybe a little bit too aggressive as a solution

Wouldn't a clever use of CMDCMDLINE and COMSPEC do nicely?

Like:

 

 

@ECHO OFFSETLOCAL ENABLEEXTENSIONSSET isdoubleclick=0ECHO CMDCMDLINE=%CMDCMDLINE%ECHO COMSPEC=%COMSPEC%ECHO %CMDCMDLINE% | FINDSTR /L %COMSPEC% >NUL 2>&1SET isdoubleclick=%ERRORLEVEL%SET isdoubleclickIF "%isdoubleclick%"=="1" ECHO SORRY, NO DOUBLE CLICK ALLOWED&PAUSE&GOTO :EOFECHO You won't see this line if you double click on the batch from Explorer.

jaclaz