Windows batch parsing vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201455319
Type myhack58
Reporter 佚名
Modified 2014-10-31T00:00:00


In this article before you begin, Please note that this is a very jumbled information security notices. Related to Windows control command identifier, I may have found a simple batch file to attack the BUG. This BUG is present in Windows 2 0 0 0 version more 6 4-bit and 3 2-bit machine, it is a batch parsing error. It does not require installing any additional software cmd. exe is the Windows default installation, it can be made of any of the privileges of the user initiating(假设 他们 可以 运行 cmd.exe so parsing the batch file comprises a parsing error occurs the location of the fault codes to explain the reason. This is not a distal end of the control hierarchy the BUG is just a DoS type, you need to give a user a request to run or put it as a startup item. However, due to his simplicity, as well as Windows System Popularity Rate, I personally think it's worth you see then at a glance.

Please note that if you enable the batch file causes the system to crash I'm not responsible! Task Manager will end this runaway script PID in order to prevent you running.

Tldr: one just bear with me^ nul<^ of the batch file will cause a huge memory leak, in one only ^|^ of the batch files will be command line infinite recursion causes a crash. These behaviors may lead to some interesting batch programming, of course I mean that in windows2K version of the aboveoperating system, the reason is that the cmd. exe in the processing of a batch file occurs when the logical errors.


When I then reply to a user question, I came across a very interesting batch file parsing exception, if^this character is the file of the last character, it may be a memory leak occurs, insert the file of the last character cannot be \n Line breaks with \r carriage return at the caret before it has been performed, so no such case occurs, the parser to work properly, nothing can be tracked when inserted^\r\t parsing has become a^\r “\t”is ignored. Finally, note that a carriage return character is able to perform normal, of course this is also a small point of interest, we can In most text editors to enter character fraud, in Notepad the last you can be stupid to think that there's a carriage return

After a series of tossing, I found that the^character in the file may eventually lead to a memory leak, or will cause the command prompt to crash specific point that is or cmd. exe program, and I also found a special batch file and the sequence will cause some interesting phenomena. Further investigation led me to pay attention to whether other people also have encountered a similar situation, a Stack Overflow question where a user noted a memory leak in the Stack Overflow question, a user indicates a memory leak in SS64. com theme other interesting behaviors with the caret at the EOF at the end of the file add a carriage return caused the interesting phenomenon is. Stack Oveflow the above questions help me confirm that this is not an infinite loop type situation, but did not clearly explain in the end is how one thing, in SS64. com theme in most of the content is in the discussion from various aspects make the command prompt crash, but did not on principle be explained.

Natural in my mind to produce a doubt, in the end is how it happened? How did it happen? This case can be use? The answer is complex, but the solution is very simple, at least it looks simple, I find some of the cheat batch file combination that can produce a memory leak. Is fast is slow depends on what you put into the batch file is not inserted into how much the character, but the pipeline sequence, and the number of rows length of either the command prompt crash or a memory leak, the parser code is always in a single thread resides, so the CPU occupancy has been on the rise single-core CPU, the average occupancy rate of 9 8 per cent

[1] [2] [3] next