Batch processing of suspicious files It is best to use loops to write the main part _dos/bat
Source: Internet
Author: User
Today I found two original saved but not serious read the batch processing of the post, although the speech is relatively coarse, the example is very simple, but still small harvest. The batch processing of suspicious files in the plan is best done by looping to write the main part, because it involves more file paths and file names, and it is hard to write the bat directly by hand. And for the loop just can meet the requirements to a certain extent, so the use of the For Loop focus on looking at, although not quite understand, but try to write a few lines of code, the effect is also OK.
The experiment involved 4 files: List.txt,pre.bat,check.bat,check.log.
First, there is List.txt, which records all the suspicious files and writes one for each line. This requires manual writing, but only need to write file path and file name, enter the line to write the next one can be, the amount of work is not big, say small also not small. Shaped like:
......
%SystemRoot%\Explorer.exe
%systemroot%\system32\rundll32.exe
......
Second, Pre.bat, this is a preprocessing that is used to generate check.bat this batch. It uses a For loop, reads the filename from the list.txt, replaces the variable, and writes it to the Check.bat. The most common use of this is echo. In operations that contain output redirection, including for loops, because the content written to the Check.bat contains an operation to write to the Check.log, a double quotation mark is used to mask one of the output redirection operations. Here is a problem: the command written in Check.bat with double quotes, lost the "command" to become a "string", so after the generation of Check.bat also manually delete all of the double quotes. This does not know can use batch processing to realize, I have not found any method at present. The contents of Pre.bat are as follows:
@echo off
echo @echo off>> Check.bat
echo Echo BATCH starts...>> Check.bat
echo Echo Press any KEY to START the batch...>> Check.bat
Echo pause>> Check.bat
echo "Date/t>> check.log" >> check.bat
echo "Time/t>> check.log" >> check.bat
echo "echo-------START------>> check.log" >> check.bat
:: All of the above are written to the Check.bat text and commands.
for/f%%i in (list.txt) do echo "if exist%%i echo%%i & Echo%%i>> check.log" >> check.bat
:: For loop, read file name from List.txt,
:: If the existence of a file is judged, the filename is displayed and written to the Check.log.
echo "echo-------end------>> check.log" >>check.bat
echo Echo BATCH ends!>> Check.bat
echo Echo Press any KEY to exit...>> Check.bat
Echo pause>> Check.bat
Pause
Third, Check.bat, which is really used to check suspicious files, is also the longest of 4 files, after the generation by Pre.bat, manually removed all of the double quotes (using Notepad replacement function, in fact, is also very convenient, completely without any workload). When executed, the suspect file is displayed and written to the record file Check.log. The contents of the file are as follows:
@echo off
Echo BATCH starts ...
Echo Press any KEY to START the BATCH ...
Pause
Date/t>> Check.log
Time/t>> Check.log
echo-------START------>> Check.log
......
If exist%SystemRoot%\Explorer.exe echo%SystemRoot%\Explorer.exe & Echo%systemroot%\explorer.exe>> Check.log
If exist%systemroot%\system32\rundll32.exe echo%systemroot%\system32\rundll32.exe & Echo%systemroot%\system32\ Rundll32.exe>> Check.log
......
echo-------End------>> check.log
Echo BATCH ends!
Echo Press any KEY to EXIT ...
Pause
Four, record file Check.log, generate by Check.bat, record check result. Shaped like:
2007-01-15
20:18
-------START------
......
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
......
-------End------
Now the remaining problem is to write list.txt, specific how many I do not have statistics, but a day should be able to write, tomorrow may be the manager of the bill to come to the company to find me, if no other special circumstances, tomorrow can be finished, almost 1.0 version can be sent to colleagues and Xiao Guo.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.