Thread: Press a key

This is because 'pause' is not an executable that the system searches for, but rather a feature of the win32 console. If you were to instead, for example while looking for network statistics, run something like:

Code:

system("netstat");

Then I would exploit the fact that the system searches the current directory for the netstat module before searching the system directory ::GetSystemDirectory(..), and I would put my own netstat.exe in the current directory and run evil code.

if you're using MS VC++6, system is defined in header <stdlib.h> and you're using some form of windows too (dumb point but better safe than sorry - imagine MS VC++ for Unix!!?)

what it does? lots!!!

go in to start menu -> run: cmd.exe (or command.exe - i'm not sure if its version specific). this will load the windows command line interface or shell, which is most commonlly thought of as MS-DOS. it should look just like your console program

try typing pause.

now go into your code (include the header) and have this in your code:

system ("pause");

run it - see any similarity?

the system () is a cheap and easy way to do lots of things that are not so often as easy in C/C++. it allows you to use shell commands in your own program, and there are a lot of them! the syntax is as above, just remember the quotation marks! a personal favorite of mine is system ("cls"); clears the console of all text - no need for a custom function. another good one is system ("color (hex_number)"); changes the *colour formatting of the console. type in color -ls into the shell to see how it works.

sounds cool!!? thought so. why haven't you been told!!? cos its not as cool as it looks...

system () is generally frowned upon by serious programmers because as a previous post said,

"system() hands control over to the program it calls "

an example of this is to use it to open a text file or some program. save your executable in a specific directory and create a text file with something in it, in the same directory.

in the middle of your code, call

system ("something.txt");

you should see notepad open up, but your program is stalled in its place - it waits for the shell to return control to the program. close the text file, and your program resumes! it is also important that the item your are opening is in the same directory as your executable, i don't know how to change the path that it looks for it in just yet, but i'm not particularly concerned.

here's a link to a microsoft site that has a load of shell commands for windows xp, most are common to earlier editions as well:

http://www.microsoft.com/resources/d...us/ntcmds.mspx

Have fun tinkering with the system from the inside!


* i am aware that i spelled colour here, that is how it is spelt in european (i.e. original) english. windows was written with american english or just "american," as they like to think of their dialect as a unique language! no offence meant to anyone from america, great place and all but you're all a bunch of jackasses if y'all think y'all can come up with a new language by changing a few spellings from an older one! i've had my rant, now i'll leave before i get a lynch mob after me!

it took me way too long to type that!

Originally Posted by siavoshkc

For example when I write cls in console mode foo.exe executes instead of clearing the screen.

Code:

ren foo.exe cls.exe

Simple isn't it ?
Kurt

Ok. It's not that easy replacing cls. cls seems to be an internal command of cmd.exe. so cmd.exe would have to be repalced as well.
Kurt

Exactly!

Originally Posted by siavoshkc

Exactly!

Ok. You won. Using system() must be safe.

> How can the cls command be replaced by another program?
http://msdn.microsoft.com/library/de..._._wsystem.asp
Wherein, it says

The system function passes command to the command interpreter, which executes the string as an operating-system command. system refers to the COMSPEC and PATH environment variables that locate the command-interpreter file (the file named CMD.EXE in Windows NT). If command is NULL, the function simply checks to see whether the command interpreter exists.

It really doesn't matter what you put between the quotes, because if someone has done
COMSPEC=myhack.exe
or
PATH=C:\path\to\my\cmdexe;C:\windows\system
Then the program you end up running is not the cmd.exe you thought you were running.

Or even more legitimately, say people who prefer to use bash.exe in cygwin as their shell because its a far more capable shell than cmd.exe.

Sure, you can argue if you want that "cls" doesn't cause cmd.exe to invoke an external process, but that's hardly the point if you can't be sure that you're running cmd.exe in the first place. Also, as Tonto points out, it's all too easy to develop bad programming habits and slip easily into doing something really stupid later on by using system() when you really shouldn't, simply because of the habit of choosing the easy option in your code.