![\"\"](\"https:\/\/www.hexacorn.com\/blog\/wp-content\/uploads\/2020\/03\/ue_1.png\")
<\/a><\/figure><\/div>\n\n\n\nThe macro on the screenshot is called ‘foo’ and runs a tool called ‘notepad’. What is the ‘notepad’ tool you may ask? It is actually not the Windows Notepad, but a reference to a task one can set up in UE Tool Configuration panel:<\/p>\n\n\n\n
<\/a><\/figure><\/div>\n\n\n\nNot surprisingly, I set it up to actually execute c:\\windows\\system32\\notepad.exe.<\/p>\n\n\n\n
Okay, now we have a macro that runs our task called ‘notepad’ and that task in turn runs the actual Windows Notepad.<\/p>\n\n\n\n
We can save our macro to a .mac file which is using a proprietary format:<\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\nAnd now we are ready for a final piece of a puzzle…<\/p>\n\n\n\n
UE allows us to automatically set macros to run during startup (via command line):<\/p>\n\n\n\n
<\/a><\/figure><\/div>\n\n\n\nas well as during load and save file events (works in GUI): <\/p>\n\n\n\n
<\/a><\/figure><\/div>\n\n\n\nWith all that in place… Notepad will be running a lot… perhaps as a celebration of these events. <\/p>\n\n\n\n
Feels like Office macros – tick. Proprietary file format – tock. <\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Most of persistence tricks rely on a modification of Registry, adding files, dropping phantom DLLs, lolbins, etc. Today (for a change), I will describe a trick that is a) a close relative of Office macros & b) introduces yet another … Continue reading