One day in class several months ago, I left my laptop logged in and went to the bathroom. No one had ever touched my stuff before in an objectionable way so I didn't worry about it. Unbeknownst to me, this is a thing Doug takes advantage of at his job at BYU all the time as an administrator. He likes to teach people lessons so they learn to be better. So he wrote a bunch of scripts which he keeps on a jump drive, handy and ready at a moments notice so he can go onto someone's computer and plug in his thumb drive and activate any of like fifty scripts he has written to make life difficult for the person when they get back to their computer,. The one he activated on me was the one that locked my screen every ten seconds when logged in. So ten seconds after I logged in, it logged me back out, and this process would repeat until the problem was solved.
Ultimately the fix was actually pretty simple, you just go into task manager and end a background process using the command prompt and the shenanigans end abruptly.
A note about this, no CMD was open while it was doing this, it did it 'silently'. So to the uninitiated, this just looks like some sudden Windows error that requires a reboot. And I don't know, I never tried this, but a reboot would probably fix it. But it would be funny if Doug somehow found a way to keep it activated through a reboot. I wouldn't put it past him.
After he did this I asked him if I could have a copy of that script and he said no. I asked why not and he said because I want you to learn how to write them yourself. I asked him what he did to write his and he told me he wanted me to figure it out myself. But, he said, even though usually he discourages using ChatGPT when troubleshooting, he said that actually in this case, ChatGPT would be fine.
So I did set out to try and start doing this.
I started by straight up asking ChatGPT to write a script in Bash that does what I want. And it did, but it wasn't perfect. This does happen to be one of ChatGPT's selling points, that you can tell it what program or script you want it to write in and it'll do it. And supposedly, it'll work, it just won't be super clean. Well, I will amend that. It will look like it should. But it will likely add stuff that doesn't need to be added, things that seem like they should work won't because of an update or because the OS has changed and doesn't do things that way anymore, or it'll use a method that isn't used much anymore because there's a better one because it thinks that you meant this when you didn't think that it mattered and so you thought it would assume that instead or whatever. This is why you need to know how to code yourself if using it. But this doesn't mean that you're a lost cause if you don't know how to code. This can help. But Doug has recommended to me that he just wants me to use it and then look at everything ChatGPT is doing, go through the code it created for me, and make sure I understand what it's doing. You can even ask it about each part.
I wrote several iterations. Unfortunately it didn't occur to me several months ago when doing this to write about what I did, so I can't actually say for sure what I did. Okay. I did this in early May apparently. I will append what conversations I had with ChatGPT about two scripts I created.
Now, I did ask Doug what scripts I could create, and he told me he didn't want to tell me anything I would find too challenging, he wanted me to have a fighting chance of figuring out how to do it myself so he suggested I start with an annoying capslock auto-activation and deactivation every ten seconds. So I did. Here's the ChatGPT conversation from that, which includes the code it gave me and things I said to ask it to change.
Downloadnircmdfrom NirSoft and place the executable (nircmd.exe) in the same directory as your batch script.
Create a shortcut for your batch script.
Right-click on the shortcut, choose "Properties", and in the "Target" field, addcmd /c start /minbefore the path to your batch script. For example:
bash
cmd /c start /min "Path\to\your\batch\script.lnk"
And this code did work. There was a problem, it displayed the CMD, which we wanted to be silent and in the background. This is where Doug sggested that I write a second script to go with it' which will tell the computer to run it in the background.
This second scr4ipt was in VBS:
CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False
That was the whole script. And the to activate both scripts, Doug helped me write a third script to go with it which would activate both of those scripts. This was in Batch.
copy capslock_every_5_seconds.bat %temp%\capslock.bat
start invis.vbs "%temp%\capslock.bat"
This worked. But then there was a new problem. We tried it on multiple computers and it worked great, we were about to open bottles of wine and all that crap when I went and grabbed my thumb drive from the computer running the script at that tine and made a terrible discovery. The script deactivates the second you pull the drive hosting it. So since everything is running of the thumb drive and now it's gone, the whole point of the script is null and void. I am supposed to be able to go up to a computer, quickly plug this in and run any of the scripts I wish, and pull the drive and walk away with no evidence I did anything, except that now the computer is misbehaving until you cancel the process. So that's not happening.
I ended up not resolving this issue for the past few months because I got all the parts I needed for my weather display project and we got to work on that. And it took so much work and ideas and so many pieces and planning were involved that this whole prank script fell out of my head. I did remember that was a thing but I just completely forgot about it due to all the other many things I had to worry about, such as passing CompTIA A+ Core II at the time. So all extra time then only went to the weather display and all serious classwork went to passing the certification.
However, getting the Flipper Zero reinvigorated my desire to continue this on a more immediate basis because I want prank scripts to load into it and have it inject.
However I did work on a second script the next day that also technically did work but also suffered from the same problem of deactivating the second the thumb drive containing it was removed. Doug and I worked on trying to write into code to get it to plant itself in a temp file on windows computers even once the drive is pulled so it continues, but this seemed to do nothing.
So here's the ChatGPT conversation for the second script:
cscript.exe(for the VBScript execution) andcmd.exe
Now I did start working on this last Wednesday or Thursday again for the first time in months, but Doug was busy helping other students who had to take their certification exams. And otherwise he didn't wa t to help me because he wanted me to try. However, I was very tired from the gym. I am in Ketosis and I haven't resolved how to get enough electrolytes without sugar or carbs or artificial flavoring which does sometimes spike your insulin which would kick you out of ketosis. I tried pickle juice and was dissatisfied with this because it has to stay refrigerated and otherwise I didn't know if it was actually helping since I wasn't exactly drinking a whole jar of juice. So when I did my usual workout, I started to get sluggish and feel like I was about to slightly lose my balance and was really tired. And when I got to class, I couldn't think hardly at all. I ended up leaving class early which is very unusual for me. I think Doug must have taken from this that I did my best and couldn't figure it out.
However, I want to say that I did ask Doug a few days earlier why his scripts kept running even with the thumb drive pulled. He said, well, you're writing these scripts in batch, batch doesn't keep running by default in temp memory unless you pull a lot of strings to get it to do so. I asked him what he did to solve this problem and he said that he wrote his scripts in VBS. I asked why. I was surprised he told me because until now he was unwilling to divulge any of his secrets. I even asked him if he could furnish me with a list of the kinds of scripts he wrote and he said no because he wanted me to build up to more complicated ones and some he may never tell me. So he told me that he used VBS because it stays in memory even after the source is pulled.
I asked ChatGPT about this and found out that actually there's a number of languages that do this, not just VBS. I found that Python was one of them. Since my weather display is all in Python, I thought I would just go with that. I tried to convert everything in batch to python, this turned out to be quite a mess. I was already aware of the concept that spoken languages have words other languages don't. Likewise, things don't translate the same. In Brazilian Portuguese for example, back in the 1970s when my dad was there, guys would call attractive girls 'airplanes' in that language. This is sort of like the equivalent to calling an attractive girl a fox here in American English. You get why attractive girls would be called airplanes, but it's weird and if you translate it directly, it makes no sense because you're missing all of that context.
We have a similar problem when converting a batch script to python. First of all, python had to import utilities from the OS, it had it import time because of the ten second delay for caps lock and locking the screen, it had it import all sorts of things. Batch didn't have to do this. I asked Doug why. He said because a lot of those packages are pre-loaded into the system for Batch.
Monday 2024-07-15
When I told Doug about my efforts trying to convert batch to python, and how there was a translation problem because direct translation causes problems, there's unnecessary code in the python version that actually doesn't apply in python but ChatGPT doesn't know this. So Doug asked me why I picked Python and I said well, I have been doing a lot of python stuff with the weather display, might as well stick with it and keep learning it. He told me he had bad news. What? Python doesn't come pre-installed in Windows. He asked me, do you remember when we started working on your weather display, we had to install it? Sort of I guess. Yeah.
The problem sank in slowly. Oh dear! Okay, so what can I do instead? Wait, ChatGPT said that there were a number of languages that do this thing where once activated, the scripts just run from memory and don't need the source script anymore. Doug then said, yeah but Windows only comes with batch and VBS pre-installed. Oh, so I have to do VBS. He said no, not necessarily. You can have the script load itself into memory. I said yeah but we already tried that and it didn't work. Why not just do VBS. He said well, the reason why I don't recommend you do VBS is because for all of these other languages such as batch, there's lots of documentation on how to use it. And VBS? There is not that much documentation on VBS. I said, yeah, but you were able to do it...without thinking about who I was talking to. Doug of all people. Guy can figure out anything! Tss. He said yeah, I did, but it was very, very, very hard. And it took a lot of time and tons of experimentation. I realized, yeah, so VBS is not a likely solution for me. But then he said he thought maybe he knew what was wrong with loading it into memory and how to fix it.
Doug and I were looking at the code. This is when Doug suddenly had a thought. He went to Stack Overflow and tried something from there that didn't work and then we ended up on another site https://ss64.com/nt/start.html, 'Start a program, command or batch script, opens in a new/separate command prompt window.'
Syntax START "title" [/D path] [options] "command" [parameters] Key: title Text for the CMD window title bar (required.) path Starting directory. command The command, batch file or executable program to run. parameters The parameters passed to the command. Options: /MIN Start window Minimized. /MAX Start window Maximized. /W or /WAIT Start application and wait for it to terminate. (see below) /LOW Use IDLE priority class. /NORMAL Use NORMAL priority class. /ABOVENORMAL Use ABOVENORMAL priority class. /BELOWNORMAL Use BELOWNORMAL priority class. /HIGH Use HIGH priority class. /REALTIME Use REALTIME priority class.
/B Start application without creating a new window. In this case Ctrl-C will be ignored - leaving Ctrl-Break as the only way to interrupt the application. /I Ignore any changes to the current environment, typically made with SET. Use the original environment passed to cmd.exe /NODE The preferred Non-Uniform Memory Architecture (NUMA) node as a decimal integer. /AFFINITY The processor affinity mask as a hexadecimal number. The process will be restricted to running on these processors. Options for running 16-bit Windows programs, on Windows 10 only: /SEPARATE Start in separate memory space. (more robust) 32 bit only. /SHARED Start in shared memory space. (default) 32 bit only.Always include a TITLE this can be a simple string like "My Script" or just a pair of empty quotes ""
According to the Microsoft documentation, the title is optional, but depending on the other options chosen you can have problems if it is omitted.If command is an internal cmd command or a batch file then the command processor CMD.exe is run with the /K switch. This means that the window will remain after the command has been run.
In a batch script, a START command without /wait will run the program and just continue, so a script containing nothing but a START command will close the CMD console and leave the new program running.
Document files can be invoked through their file association just by typing the name of the file as a command.
e.g. START "" MarchReport.DOC will launch the application associated with the .DOC file extension and load the document.To minimise any chance of the wrong exectuable being run, specify the full path to command or at a minimum include the file extension: START "" notepad.exe
If you START an application without a file extension (for example WinWord instead of WinWord.exe)then the PATHEXT environment variable will be read to determine which file extensions to search for and in what order.
The default value for the PATHEXT variable is: .COM;.EXE;.BAT;.CMDStart - run in parallel
The default behaviour of START is to instantiate a new process that runs in parallel with the main process. For arcane technical reasons, this does not work for some types of executable, in those cases the process will act as a blocker, pausing the main script until it’s complete.
In practice you just need to test it and see how it behaves.
Often you can work around this issue by creating a one line batch script (runme.cmd ) to launch the executable, and then call that script with START runme.cmd
Start /Wait
The /WAIT option should reverse the default 'run in parallel' behaviour of START but again your results will vary depending on the item being started, for example:
Echo Starting START /wait "job1" calc.exe Echo DoneThe above will start the calculator and wait before continuing. However if you replace calc.exe with Winword.exe, to run Word instead, then the /wait will stop working, this is because Winword.exe is a stub which launches the main Word application and then exits.
A similar problem will occur when starting a batch file, by default START will run the equivalent of CMD /K which opens a second command window and leaves it open. In most cases you will want the batch script to complete and then just close its CMD console to resume the initial batch script. This can be done by explicitly running CMD /C ...
Echo Starting START /wait "demojob" CMD /c demoscript.cmd Echo DoneAdd /B to have everything run in a single window.
In a batch file, an alternative is to use TIMEOUT to delay processing of individual commands.
START vs CALL
Starting a new process with CALL, is very similar to running START /wait, in both cases the calling script will (usually) pause until the second script has completed.
Starting a new process with CALL, will run in the same shell environment as the calling script. For a GUI application this makes no difference, but a second 'called' batch file will be able to change variables and pass those changes back to the caller.
In comparison START will instantiate a new CMD.exe shell for the called batch. This will inherit variables from the calling shell, but any variable changes will be discarded when the second script ends.
Run a program
To start a new program (not a batch script), you don’t have to use CALL or START, just enter the path/file to be executed, either on the command line or within a batch script. This will behave as follows:
- On the command line, CMD.EXE does not wait for the application to terminate and control immediately returns to the command prompt.
- Running a program from within a batch script, CMD.EXE will pause the initial script and wait for the application to terminate before continuing.
- If you run one batch script from another without using either CALL or START, then the first script is terminated and the second one takes over.
Search order:
- Running a program from CMD will search first in the current directory and then in the PATH.
- Running a program from PowerShell will search first in the PATH and then in the current directory.
- The Windows Run Line (win+r) will search first in App Paths [defined in HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths] and then the PATH
Multiprocessor systems
Processor affinity is assigned as a hex number but calculated from the binary positions (similar to NODRIVES)
Hex Binary Processors
1 00000001 Proc 1
3 00000011 Proc 1+2
7 00000111 Proc 1+2+3
C 00001100 Proc 3+4 etcSpecifying /NODE allows processes to be created in a way that leverages memory locality on NUMA systems. For example, two processes that communicate with each other heavily through shared memory can be created to share the same preferred NUMA node in order to minimize memory latencies. They allocate memory from the same NUMA node when possible, and they are free to run on processors outside the specified node.
start /NODE 1 app1.exe
start /NODE 1 app2.exeThese two processes can be further constrained to run on specific processors within the same NUMA node.
In the following example, app1 runs on the low-order two processors of the node, while app2 runs on the next two processors of the node. This example assumes the specified node has at least four logical processors. Note that the node number can be changed to any valid node number for that computer without having to change the affinity mask.
start /NODE 1 /AFFINITY 0x3 app1.exe
start /NODE 1 /AFFINITY 0xc app2.exeRunning executable (.EXE) files
When a file that contains a .exe header, is invoked from a CMD prompt or batch file (with or without START), it will be opened as an executable file. The filename extension does not have to be .EXE. The file header of executable files start with the 'magic sequence' of ASCII characters 'MZ' (0x4D, 0x5A) The 'MZ' being the initials of Mark Zibowski, a Microsoft employee at the time the file format was designed.
Command Extensions
If Command Extensions are enabled, external command invocation through the command line or the START command changes as follows:
Non-executable files can be invoked through their file association just by typing the name of the file as a command. (e.g. WORD.DOC would launch the application associated with the .DOC file extension). This is based on the setting in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ext\OpenWithList, or if that is not specified, then the file associations - see ASSOC and FTYPE.
When executing a command line whose first token is the string CMD without an extension or path qualifier, then CMD is replaced with the value of the COMSPEC variable. This prevents picking up CMD.EXE from the current directory.
When executing a command line whose first token does NOT contain an extension, then CMD.EXE uses the value of the COMSPEC environment variable. This prevents picking up CMD.EXE from the current directory.
When executing a command line whose first token does NOT contain an extension, then CMD.EXE uses the value of the PATHEXT environment variable to determine which extensions to look for and in what order. The default value for the PATHEXT variable is: .COM;.EXE;.BAT;.CMD Notice the syntax is the same as the PATH variable, with semicolons separating the different elements.
When searching for an executable, if there is no match on any extension, then looks to see if the name matches a directory name. If it does, the START command launches the Explorer on that path. If done from the command line, it is the equivalent to doing a CD /D to that path.
Errorlevels
If the command is successfully started ERRORLEVEL =unchanged, typically this will be 0 but if a previous command set an errorlevel, that will be preserved (this is a bug).
If the command fails to start then ERRORLEVEL = 9059
START /WAIT batch_file - will return the ERRORLEVEL specified by EXITSTART is an internal command.
Examples
Start a program and wait for it to complete before continuing:
START "" /wait autocad.exe
Open a file with a particular program:
START "job1" "C:\Program Files\Microsoft Office\Winword.exe" "D:\Docs\demo.txt"
Run a minimised Login script:
CMD.exe /C START "Login Script" /Min CMD.exe /C Login.cmd
In this example the first CMD session will terminate almost immediately and the second will run minimised.
Open Windows Explorer and list the files in the current folder (.) :
C:\any\old\directory> START .
Open a webpage in the default browser, note the protocol is required (https://):
START https://ss64.com
Open a webpage in Microsoft Edge:
%windir%\explorer.exe microsoft-edge:https://ss64.com
or with a hard-coded path:"C:\Program Files (x86)\Microsoft Edge\Application\msedge.exe"https://ss64.com"%windir%\explorer.exe shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" https://ss64.comConnect to a new printer: (this will setup the print connection/driver):
START \\print_server\printer_name
Start an application and specify where files will be saved (Working Directory):
START /D C:\Documents\ /MAX "Maximised Notes" notepad.exe
“Do not run; scorn running with thy heels” ~ Shakespeare, The Merchant of Venice
Doug took from this one thing, which was that he needed to change the activation script from this:
start invis.vbs "%temp%\capslock.bat
to
start /D C:\ invis.vbs "%temp%\capslock.bat
It now works like a charm. We activated it, we watched first to make sure it was working properly and that something wasn't broken, and then after caps lock had activated and deactivated once, then we pulled the drive and it kept going!
This has been Truncat3d 00000000111100010100110______________end of line
