b2ev - Bat2Exe eVolved

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Post Reply
Message
Author
TSnake41
Posts: 12
Joined: 17 Dec 2016 12:49

b2ev - Bat2Exe eVolved

#1 Post by TSnake41 » 10 Oct 2018 13:55

Hello !

I come there to present you yet another Batch to Executable packer !

The most interesting features of this Batch to Exe is :
- out of box exact-directory support (use file system as workspace instead of projects like F2KO Batch to Exe), thus, you can put entire directories in built executables
- flavor a minimal overhead approaching 25 Kio with a minimal hello world (with F2KO Batch to Exe, we get 89 Kio)
- flavor lz4 compression (disableable) that considerably reduce executable size (especially for big projects)
- very fast (unpack time is approximativelly 2 times faster than F2KO Batch to Exe)
- non-Windows platform support, well, this looks dubious, but you can use Dos9 to provide a batch implementation for e.g Linux

Everything is Open, your executable is built from known and provided source code, the archive does not contain any executables (except Tiny C Compiler).

(this is a partial copy of README of the gitlab page : https://gitlab.com/TSnake41/b2ev)
Lightweight toolkit to pack batch files (and even directories) to a single autonomous executable.

Features

- very lightweight and fast executable
- lz4 compression (with in-memory uncompression)
- directory packing
- modular approach
- custom non-Windows platform support

How to use

Put all your files in files directory then run build.bat, your ready executable is output.exe.
Your files must contains main.bat which is the entry point of your program.


Download : https://cdn.discordapp.com/attachments/ ... 60/b2ev.7z
GitLab page (with source code and more explanations) : https://gitlab.com/TSnake41/b2ev

Virus total of a simple hello world : https://www.virustotal.com/#/file/57db8 ... /detection
In comparison with the same code but with F2KO Batch to Exe compiler : https://www.virustotal.com/#/file/f07c4 ... /detection

The reason of that is the technical difference between F2KO Batch to Exe and b2ev.
F2KO Batch to Exe uses a lot a different functions with some of these "risky functions" such as SetFocus, BringWindowToTop, GetSystemMetrics, GetVersionEx (can be used in RAT tools) ..., and some special PE features : AcceleratorTable, Ressources, ... .
The list of functions used by F2KO Batch to Exe is quite big : https://hastebin.com/xeviqevake.css
b2ev uses less functions : https://hastebin.com/iziqereviw.cpp

So, it's sure that anti-virusses are unlikely triggering since the program is potentially less dangerous (as it is not doing anything dangerous).
Last edited by TSnake41 on 14 Oct 2018 04:54, edited 1 time in total.

carlos
Expert
Posts: 488
Joined: 20 Aug 2010 13:57
Location: Chile
Contact:

Re: b2ev - Bat2Exe eVolved

#2 Post by carlos » 13 Oct 2018 20:18

Many thanks for this tool.
Converters of bat to exe that have the word "Compiler" seems not very reliable, because it not convert the batch script to machine language, it only extract the script to temporal folder and run.
It always depends and needs cmd.exe
Batch script always are interpreted. Cmd read a plain text source script.
Thus, the possible reason for convert to exe of protect the code is not achieved.

But i like your project because is open source and a excellent work.

In the past I tried develop a method using environment variables: Ofuscate the script code in a environment variable, set a environment variable with a name, for example: _code_ and extract a batch script with this code:

Code: Select all

%_code_%
and run (create the process providing that environment variable).
That limits some parts of the language, but allowed to execute certain code. The problem was a user show me that the code in the environment variable was available if you do a memory dump of cmd.exe.

I think that your tool because is open source code and allow good possibilities.

TSnake41
Posts: 12
Joined: 17 Dec 2016 12:49

Re: b2ev - Bat2Exe eVolved

#3 Post by TSnake41 » 14 Oct 2018 04:54

carlos wrote:
13 Oct 2018 20:18
Many thanks for this tool.
But i like your project because is open source and a excellent work.
Thanks for your reply carlos !
Converters of bat to exe that have the word "Compiler" seems not very reliable, because it not convert the batch script to machine language, it only extract the script to temporal folder and run.
It always depends and needs cmd.exe
Batch script always are interpreted. Cmd read a plain text source script.
Thus, the possible reason for convert to exe of protect the code is not achieved.
You are right, I shouldn't name it as a compiler and should more name it as a converter or packer.
In the past I tried develop a method using environment variables: Ofuscate the script code in a environment variable, set a environment variable with a name, for example: _code_ and extract a batch script with this code:

Code: Select all

%_code_%
and run (create the process providing that environment variable).
That limits some parts of the language, but allowed to execute certain code. The problem was a user show me that the code in the environment variable was available if you do a memory dump of cmd.exe.
This way to embed code could be interesting for small codes maybe.
Obfuscating (in particular in Batch) is hard, and is often easier to circumvent than to make.

There are way to make it very hard to circumvent (and maybe compile ?) but, it needs more research especially with dos9.org which will be useful there.

icc
Posts: 2
Joined: 08 Jul 2019 18:53

Re: b2ev - Bat2Exe eVolved

#4 Post by icc » 08 Jul 2019 18:55

i get this error
please help
=
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1047: warning: implicit declaration of function 'GetACP'
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1050: warning: implicit declaration of function 'GetOEMCP'
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1085: error: 'MB_ERR_INVALID_CHARS' undeclared
=
Attachments
error.JPG
error.JPG (27.04 KiB) Viewed 1008 times

bakemonogatari
Posts: 7
Joined: 08 Jul 2019 05:22

Re: b2ev - Bat2Exe eVolved

#5 Post by bakemonogatari » 09 Jul 2019 13:29

I tried the program from the link above (https: //cdn.discordapp.com ...) and I did not encounter any error. On the other hand, the detection rate of the output.exe generated by virustotal is 13 out of 71, not so good ...

TSnake41
Posts: 12
Joined: 17 Dec 2016 12:49

Re: b2ev - Bat2Exe eVolved

#6 Post by TSnake41 » 10 Jul 2019 10:07

icc wrote:
08 Jul 2019 18:55
i get this error
please help
=
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1047: warning: implicit declaration of function 'GetACP'
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1050: warning: implicit declaration of function 'GetOEMCP'
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1085: error: 'MB_ERR_INVALID_CHARS' undeclared
=
I have no idea on why you get this error.
Check your tiny c compiler installation (you can download the latest version there : http://download.savannah.gnu.org/releas ... 32-bin.zip)
You can try to install the full winapi headers for tinycc : http://download.savannah.gnu.org/releas ... 0.9.27.zip
You just need to replace the tcc/include directory with the new one from this zip.
bakemonogatari wrote:
09 Jul 2019 13:29
I tried the program from the link above (https: //cdn.discordapp.com ...) and I did not encounter any error. On the other hand, the detection rate of the output.exe generated by virustotal is 13 out of 71, not so good ...
If you enable NO_CONSOLE (which is currently only in gitlab repository), you may have a more suspicious file as it is not visible to the user thus anti-viruses are a lot more attentive to that kind of program.
In most case, you want your program to be running as it is a batch file, which doesn't use this feature. Disabling NO_CONSOLE very significantly reduces the detection rate of the program (check virustotal of the first post, they are still relevant with latest gitlab version).
I shouldn't (and won't) try to workarround anti-viruses as it is non-goal and possibly even more suspicious.

Anyway, this feature is disabled by default and should be only enabled when required.
NOTE: Keep in mind that detection rate also depends of the content of the payload (files inside your executable).

EDIT: The latest version of b2ev uses another method to disable the console, instead of completly disabling it, it closes it at the very beginning which makes the console almost (most-likely) invisible.
Now, the detection rate is functionnaly the same as with console enabled.

bakemonogatari
Posts: 7
Joined: 08 Jul 2019 05:22

Re: b2ev - Bat2Exe eVolved

#7 Post by bakemonogatari » 10 Jul 2019 12:40

@TSnake41

hi,

When I run output.exe, I would like him to ask me for a password. Is there a way to do it with b2ev? I do not want the batch content to be readable in %tmp% without the password being entered first...

icc
Posts: 2
Joined: 08 Jul 2019 18:53

Re: b2ev - Bat2Exe eVolved

#8 Post by icc » 16 Jul 2019 11:23

other batch wrappers do have this option ( but shows more viruses)
i would suggest you to 7zip the content with password then use 7zip from batch to extract it when password match to encrypted file (you will need to add 7zip in your exe)

Post Reply