I have always looked at my reverse engineering adventures as a way to become a better programmer. What I couldn’t understand from MSDN, or example code snippets I could almost certainly understand at the basic assembly level. <\/p>\n\n\n\n
Sometimes though, when I look at some code, I do scratch my head a bit. The case I am going to describe below is one where I am left with a slightly worried state of mind. Is my programming craft better after seeing all this?<\/p>\n\n\n\n
You decide.<\/p>\n\n\n\n
A few years ago ASUSTeK produced a very interesting executable called Batch Caller Exe<\/em>. As the name suggests it does run batch files. If we put aside the obvious but why<\/em>, we still have to deal with the how<\/em>.<\/p>\n\n\n\n The way it works is that you run it with one of the options described below:<\/p>\n\n\n\n file.exe \/Install test <\/p><\/blockquote>\n\n\n\n OR<\/p>\n\n\n\n file.exe \/Uninstall test<\/p><\/blockquote>\n\n\n\n The interesting bit is that the test<\/em> in that syntax is a prefix for a batch file name. And the expected file name is actuall called <prefix>install_all.bat<\/em>, or <prefix>uninstall_all.bat<\/em>.<\/p>\n\n\n\n Using test as an example, you need to create either testinstall_all.bat<\/em> or testuninstall_all.bat<\/em>. They will be executed as per the command line arguments.<\/p>\n\n\n\n So, it of course gives us an option to disturb the process tree, maybe even bypass some filters, but… it feels odd, doesn’t it?<\/p>\n\n\n\n Sample: 035E9CC2FFC4D60581CA975FF73CD92FC93C0CDFCE57D3F7368781E95B907FBE<\/p>\n","protected":false},"excerpt":{"rendered":" I have always looked at my reverse engineering adventures as a way to become a better programmer. What I couldn’t understand from MSDN, or example code snippets I could almost certainly understand at the basic assembly level. Sometimes though, when … Continue reading