****************************************** ****************************************** *** HOW TO DEBUG MS-DOS BATCH LANGUAGE *** ****************************************** ****************************************** by cOrRuPt G3n3t!x I once again wanted to learn something new in batch, how to debug my normal code to binary code and then assemble it at a later stage and execute it. The good thing about that is the code is in binary form and i don't think anyone is gonna sit and learn binary when you can just debug from your console and get the figures! So the language can basically be considered encrypted. As far as i've tested my 2 AV's NOD32 and Avast don't pick up the binary code. So i went around the internet looking for a tutorial of some sort to start me out, or even the binary code and its corresponding characters, BUT FOUND FUCK ALL!!! So back at square one and determined to learn how i set off on my new task it took me about 15 minutes to get the hang of things and another 5 minutes to work out where my errors in the code where. But i have accomplished my task and now want to teach others also struggling to find a debug tutorial how! So with out further adoo i present to you... 1)The basics and Purpose (as far as I understand): ------------------------------------------------ Well as i told you i have no backround information on debugging because i couldn't find any tutorial. but from what i've seen the what debugging basically does is take the characters you enter into your batch program and replace them with specific numbers and letters which correspond back to a certain letter in the alphabet. Binary was first used in batch to debug pictures, sounds etc which then made it possible for a batch program to display an actual picture or play an actual sound. But as other VXers soon found out, it could be used to encrypt their batch in a completely different way (it kinda brought a 3rd dimension to batch scripting). 2)Pro's and Con's: --------------- Their are a few advantages using binary code as opposed to normal encryption and batch techniques. First off we can hide our virus payload in binary until the AV is disabled or 'taken care of' ;) and then execute the actual binary into the original script and there you have it! Another advantage is the fact that not many users are familiar with this coding or method and therefore it won't really alarm them into thinking it's a virus. However a major disadvantage (which maybe the results of my utter lack of proper research) is that when converting to binary all the code that MS-Dos gives us has to be taken down manually!!!! So creating a huge multipart, polymorphic batch virus is not impossible; but rather impractical! 3)Creating Batch To Debug: ------------------------ Well i am only going to show you one example of how to debug code as the rest are exactly the same, only the size of the script needs to be changed and new binary values need to be put in! We will start with the legendary "Hello VXer" Which as far as i know was coined by non other then the great SPTH vxer. So we will make a simple batch that will display the text 'Hello Vxer' in a CMD window to do this see below: --------------------------------------[Cut Here]--------------------------------------- @echo off echo hello VXer pause exit --------------------------------------[Cut Here]--------------------------------------- Now copy and paste code to a .txt and rename it to 'hello.bat' Then run the code and a text displaying 'Hello VXer' should be displayed. 3a)Actual Debugging Method: ------------------------- Now that we have our normal batch script in hand we shall now begin to learn how to debug it. Firts we move our batch file to the directory C:\, next we open Command Prompt, now in the CMD window type DEBUG C:\hello.bat next you should see something like this in your CMD windows C:\Users\CorruptGenetix)DEBUG C:\hello.bat - Next we type RCX and press enter C:\Users\CorruptGenetix)DEBUG C:\hello.bat -RCX Next the screen will look like this C:\Users\CorruptGenetix)DEBUG C:\hello.bat -RCX CX 0027 : CX 0027 is the size of our script which is integral in debugging! Next press enter again and the screen should then look like this C:\Users\CorruptGenetix)DEBUG C:\hello.bat -RCX CX 0027 : - Now type D and press enter the screen should then look like this C:\Users\CorruptGenetix)DEBUG C:\hello.bat -RCX CX 0027 : -D 1761:0100 40 65 63 68 6F 20 6F 66-66 0D 0A 65 63 68 6F 20 @echo off..echo 1761:0110 68 65 6C 6C 6F 20 56 58-65 72 0D 0A 70 61 75 73 hello vxer..paus 1761:0120 65 0D 0A 65 78 69 74 00-00 00 00 00 00 00 00 00 e..exit......... 1761:0130 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 1761:0140 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 1761:0150 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 1761:0160 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ - Before we continue a few tips unless you see alot of zero's like the above one it may not be the end of the debugged script and you may need to type D and press enter again until alot of zero's begin to appear then you shall know you've reached the end of your script. Another thing is you don't need to understand all these figures just copy them down to a txt file but do not use copy the hyphens or the zero's only up to the last digit which is line 8 and ends with '74' and ignore the '1761:' and the '@echo...' comments to the right so you should have copied down this 0100 40 65 63 68 6F 20 6F 66 66 0D 0A 65 63 68 6F 20 0110 68 65 6C 6C 6F 20 56 58 65 72 0D 0A 70 61 75 73 0120 65 0D 0A 65 78 69 74 Now we have successfully converted our batch to binary, but this binary is useless so in order to use it we have to re-assmble it to it's original script (if you are confused as to why we want to re-assmble this after we have jus de-assembled it i dont think you have grasped the concept and should end reading this tutorial now :)) now i will show you step by step how to re-assmble this binary into a woking script. Now when coding back to a script we write the binary to abtch file that will then write to a seperate file which will then be dubugged and renamed to a operable batch file, see below the script and comments: ::echo is used to write the lines of data to a seperate file for debugging purposes echo e 0100 40 65 63 68 6F 20 6F 66 66 0D 0A 65 63 68 6F 20>>vxer echo e 0110 68 65 6C 6C 6F 20 56 58 65 72 0D 0A 70 61 75 73>>vxer echo e 0120 65 0D 0A 65 78 69 74>>vxer :: In the above lines we echo the boinary code to a file called vxer (it can be called whatever you like) :: we have to remember to put the 'e' infront of the binary codes lines to make sure the debug.exe knows what :: it is doin (debugging) echo rcx>>vxer :: Next we get the size of our code, which when we were first debugging the original batch script was CX 0027 echo 27>>vxer :: we now write the file size into the file vxer. we leave out the CX and the zero's and only write the digits which is 27 echo n bat>>vxer :: in the above line we name our file which i just simply called bat it can be whatever you like but the 'n' has to be there :: as it's the parameter used for naming the file echo w>>vxer :: The 'w' tells the debugger to now write the code to the file BAT in tha above lines echo q>>vxer :: the 'q' quits the debugging process debug