mshta and javascript

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Message
Author
npocmaka_
Posts: 512
Joined: 24 Jun 2013 17:10
Location: Bulgaria
Contact:

Re: mshta and javascript

#31 Post by npocmaka_ » 18 Apr 2020 10:19

The code you've posted will work.

But calling it without 'dedicated' file will not. Try this snipped by dbenham:

Code: Select all

@echo off
setlocal

:: Define simple macros to support JavaScript within batch
set "beginJS=mshta "javascript:close(new ActiveXObject('Scripting.FileSystemObject').GetStandardStream(1).Write("
set "endJS=));""

:: Direct instantiation requires that output is piped
%beginJS% GetObject('winmgmts:').ExecQuery('Select * from Win32_PerfFormattedData_PerfOS_Memory').ItemIndex(0).AvailableBytes %endJS% | findstr "^"

:: FOR /F does not need pipe
for /f %%N in (
  '%beginJS% GetObject('winmgmts:').ExecQuery('Select * from Win32_PerfFormattedData_PerfOS_Memory').ItemIndex(0).AvailableBytes %endJS%'
) do set free_mem=%%N
echo free_mem=%free_mem% 

penpen
Expert
Posts: 1991
Joined: 23 Jun 2013 06:15
Location: Germany

Re: mshta and javascript

#32 Post by penpen » 19 Apr 2020 06:48

Ah, now i got why you wrote that it is "detected as a thread" (and agree on your statement about "some naughty boy"):
The Windows Defender (and probably any other virus-scanner) detects "Trojan:Win32/Kovter.L" and shuts down the "mshta.exe" process.

Of course there is always a workaround, (especially here where i see dozens of different ones, the easiest is using eval)

Code: Select all

@echo off
setlocal

:: Define simple macros to support JavaScript within batch
set "beginJS=mshta "javascript:close(new ActiveXObject('Scripting.FileSystemObject').GetStandardStream(1).Write("
set "endJS=));""

:: Direct instantiation requires that output is piped
%beginJS% eval(\u0047etObject('winmgmts:')).ExecQuery('Select * from Win32_PerfFormattedData_PerfOS_Memory').ItemIndex(0).AvailableBytes %endJS% | findstr "^"

:: FOR /F does not need pipe
for /f %%N in (
  '%beginJS% \u0047etObject('winmgmts:').ExecQuery('Select * from Win32_PerfFormattedData_PerfOS_Memory').ItemIndex(0).AvailableBytes %endJS%'
) do set free_mem=%%N
echo free_mem=%free_mem% 

goto :eof
(But executing eval function is probably the next, which is 'shut down', so i'm not sure if that workaround is of any use.)


penpen

Post Reply