Originally written for and copyright by Information Security Magazine, February 2002 " Windows Security Scripting."

Note: Under DOS & Win9x/ME some of the simple STDOUT redirection and pipes work, but none of the advanced STDERR or multiple command methods are supported.

IO Redirection in Windows NT, 2000, XP, UNIX (sh, bash and variants)

File Descriptors

Redirection

Notes:

1. Numbered file descriptions above may be used arbitrarily.
2. noclobber is a UNIX setting that prevents overwriting (clobbering) existing files by redirection.
3. UNIX /dev/null is equivalent to Windows NUL. Windows NUL is not case sensitive.
4. ^ is the meta-character escape in DOS/Windows, so it may sometimes be necessary to use ^| (e.g. when using egrep in a batch file). You may use ^^ for a literal ^.

Examples:

Running Multiple Commands in Windows NT, 2000, UNIX (sh, bash and variants)

Use parentheses to nest as needed.

Introduction

Does your computer ever do any of the following, “just for the heck of it,” with no rhyme or reason? Does it do it a lot? More than once or twice a day?

• Lock up, freeze or otherwise crash unpredictably
• Lock up, freeze or otherwise crash predictably
• Often have Application Errors, Segmentation Faults (used to be GPFs – General Protection Faults).
• “Thrash” the hard drive – that is, have a lot of hard drive activity (and sometimes even noise) with little result, or when you are not actually doing anything? (This can also mean you need more physical memory or RAM.)

If so, this page may be able to help. It is intended for novice users, so hopefully everything will be clear. Let me know at JPATjpsdomainDOTorg if it’s not.

Disclaimer

Some of the methods and techniques I talk about can be dangerous to your data! Use this page at your own risk.

Make backups of your important data. I strongly recommend purchasing and using a modern tape drive. They cost between $100 to $500 for typical retail/consumer oriented units. Some of them even plug right into your printer port, so you don’t even have to open up the computer to install it, and they may be used on more than one computer. Another solution is a CD Burner. They will not be able to back up the entire system, but your data files will easily fit onto a CD-Rewritable or CD-R disk.

Consumer Tape Units

To be added.

CD Burners

To be added.

Hardware Upgrade/Restore Voodoo

Thanks to Leo for this great info.

Ever try to upgrade hardware on a Windows 2000 or XP system, especially the motherboard or hard drive controller? Bet you regretted it, didn’t you? Well, here are some MS TechNet articles that might help. Read the disclaimer!

• “STOP 0x0000007B” Error After Moving Windows 2000/XP System Disk to Another System [ Windows 2000] [ Windows XP]
• How to Move a Windows 2000/XP Installation to Different Hardware [ Windows 2000] [ Windows XP]

Winsock Issues

The Windows TCP/IP networking stack is not the most stable thing in the world. In particular, there is a ability for third-party applications to tie themselves into the stack for various reasons. The advisability of allowing this is questionable at best, but there it is. One of the possible results of this “feature” is that Windows networking can sometimes simply die. Often there is no remedy but reinstalling the entire system from scratch.

However, since this is a known issue and such a giant pain there are a couple of tools available to try and help. In particular, LSP-Fix “is a free utility to repair [problems in] Layered Service Provider or LSP, a piece of software that can be inserted into the Windows TCP/IP handler like a link in a chain. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, rendering the user unable to access the Internet.”

Crapware & system slowdown or instability

There are programs out there that spy on you (spyware), monitor keystrokes, bother you with advertisements (adware) and all kinds of other things. They are often collectively known as “crapware” and they are BAD. Many add-on tool or search bars for IE are crapware! Many of the symptoms above can be cause by crapware, so it’s definitely worth it to look into. I recommend reading the following links, then installing and using the free Ad-aware and Spybot programs.

• The PC Decrapifier will uninstall many of the common trialware and annoyances found on many of the PCs from big name OEMs (XP or newer only).
• Spyware/AdWare/Malware FAQ and Removal Guide is a great discussion of all crapware issues.
• Safer Computing talks about backups, anti-virus, avoiding crapware, spam and more.
• Adaware Vs. Spybot review.

The Voodoo

I call these techniques “voodoo” because it is often not clear that they a) should work or b) why they work. They just do. This page is mostly oriented towards the Win9x code-base, which includes Windows 95, 98 and ME. Some of the material is applicable to Windows NT/2000/XP (such as clearing the temp directory) and some is not. This is indicated in square brackets after each step.

I’ve created a bootdisk that will automate some of these steps for you, if you are using Win9x/ME. See the Boot Disk section below.

1. Shutdown your computer. Turn it off, and unplug the AC cord. Try to turn it on and off again a few time (this clears gremlins out of components that normally get power even when the PC is “off”). [All]
2. Boot into “DOS” mode. [Win9x/ME]
3. Clean out the “Temp” directory. [All]
4. Run ScanDisk and/or Chkdsk (technically, ScanDisk is preferable, but I’ve had some luck with ChkDsk where ScanDisk failed). [All]
5. Reboot into GUI (Graphical User Interface) mode. [All]
6. Defrag your hard drive. [All but NT]
7. Get rid of unnecessary “services” and background programs. [All]
8. Reboot and test to make sure everything works. [All]

Finally, the worst case is that you have to back up your data, reformat your hard drive, and start over.

Boot into DOS Mode

Skip this step if you are using my boot disk.

This applies to Win9x/ME only. In NT, you can’t really do this at all, especially if you are using NTFS (which you should be). (Technically, that’s not true – there are ways. But they are far too complicated for this page.) Win2K has something similar, but you probably don’t need or want to mess with it.

1. Shutdown your computer. Turn it off, and unplug the AC cord. Try to turn it on and off again a few time (this clears gremlins out of components that normally get power even when the PC is “off”).
2. Wait about 5 minutes for it to really drain. Better yet, go to lunch, or bed or go watch TV for awhile, or whatever.
3. Plug the AC cord back in and power up.
4. Watch for the screen to say “Starting Windows 9x.”
5. Hit the F8 button – quick – you have about 2 seconds. You should get a menu.
6. Choose “Safe Mode - Command Prompt only”.
7. Continue on below and clean out your TEMP directory.

If you don’t get the “Starting Windows 9x.” or the menu, there are a couple of reasons why that could be. Lots of computers have annoying manufacturer logos that cover this stuff. Try hitting the ESC key when the logo comes up. Other “F” keys sometimes work too.

You can also going to Start, Shutdown, “Restart in MS-DOS Mode,” which will do pretty much the same thing. You type “exit” to end MS-DOS mode and return to windows.

If you get the “Starting Windows 9x.” but pressing “F” keys does not work, your c:\MS-DOS.sys file probably has BootKeys=0, BootMulti=0 or something else screwy. Try rebooting and holding down one of the CTRL keys. If that doesn’t work you have to edit c:\MS-DOS.sys, which is a bit of a pain to correct that. See MS Technet “ Contents of the Windows Msdos.sys File [Q118579]” for details and instructions on how to fix it.

Clean out the “Temp” directory

Read the disclaimer!

Skip this step if you are using my boot disk. Also, see my Sweepup.bat script in Favorite Utilities, Tools, Software for Windows .

The “temp” directory is used to temporary files. Just about every program uses temp files for something. The operating system uses then, your applications like Word or Excel use them, and utilities use them. What is supposed to happen is that when the program either shuts down, or no longer needs the temp file – it is deleted. In practice this does not always work. So over time you can build up amazing numbers of junk temp files. I’ve seen computers with temp files dating back two and three years, wasting hundreds of megs of disk space.

Of course, you can’t just randomly delete everything in the temp directory. No. That would be too easy! The problem is that some of the stuff in there might actually be in use and if you delete it, something will break. Usually the system will not let you delete something that is in use, but you can’t depend on that. There are two ways around this. The first and best is to boot to DOS, which guarantees that nothing is currently in use, then clear it. The second way is to reboot, and clean out the temp directory before anything has a chance to get started. The problem with that is that many people have all kinds of stuff running in the background on startup, and those programs may open temp files right away (see unnecessary services).

1. Boot to “DOS”
2. Find the TEMP directory. Usually c:\windows\temp (Win9x) or c:\temp (NT).
3. Try to delete the TEMP directory with “deltree c:\windows\temp” for Win9x or “deltree c:\temp” for NT. If it says “bad command or filename” you do not have deltree in your path. Try c:\windows\command\deltree. If that still does not work, cd into the TEMP directory and type “del *.*”. In any case, when asked if you really want to delete everything, make sure you are in the correct place, and that it says to delete the correct things, and say “yes.”
4. If deltree worked, you must re-create the temp directory. Type “md c:\windows\temp” or “md c:temp” as needed.
5. While you’re at it, run ScanDisk (see below).

Run ScanDisk and/or Chkdsk

Do this after using the boot disk.

ScanDisk and Chkdsk (Check Disk) perform more or less the same function. The difference is that Chkdsk is the old, DOS, command line tool, which does not really know about long file names. ScanDisk is the more modern graphical tool that can deal with a few more problems than Chkdsk. There is also command line (non GUI) version of ScanDisk.

Non-GUI

1. Boot to “DOS”.
2. Type “scandisk” and let it run.
3. Reboot when finished.

GUI

1. Double-Click on “My Computer”.
2. Right-Click on the C: drive.
3. Choose “Properties”.
4. Find the “Tools” tab and choose it.
5. Click on the “Check Now” button.

Run Defrag (Win9x or Win2k only)

Read the disclaimer! If the power goes out while defrag is running, you can lose your data!

Do this after using the boot disk.

NT does not come with a defragger, so you are out of luck. Win9x and Win2k do have them. You want to run it from the GUI (Graphical User Interface) not the command line or DOS prompt.

1. Double-Click on “My Computer”.
2. Right-Click on the C: drive.
3. Choose “Properties”.
4. Find the “Tools” tab and choose it.
5. Click on the “Defragment Now” button.

Remove Unnecessary Services

Do this after using the boot disk.

This is easy to say, but hard to do. There are so many different tools and configurations out there that it’s impossible to say what is really needed or not. However, if your system tray (the little area next to the clock) has more than 3-8 items in it, you probably have too many and could get rid of some. Also, some incredibly annoying applications, such as Netscape (which I otherwise like) install crap you probably don’t want or need in the system tray – without asking! For example, Real Player and AIM (AOL Instant Messenger) are often installed. Quicken is another one that runs a bunch of crap most people don’t use.

I can’t even really tell you how to get rid of them, as they are all different. However, I can tell you where to look.

Win98 (and I assume ME)

If you have Win98 (or I assume ME, but I don’t know for sure), go to Start, Programs, Accessories, System Tools, System Information, then get the Tools, System Configuration Utility. Better yet, go to Start, Run and type “msconfig” (without the quotes) and hit enter. This gets you to the same place, a lot faster.

Anyway, the System Configuration Utility has a very cool “Startup” tab. This shows you all the stuff that starts up with your PC. You can go in there and un-check things, then reboot and make sure everything still works. You should check all the other tabs, but unless you see something really obvious (like drivers for an old hardware device you no longer have) you should probably not touch them too much.

NT

Go to Start, Settings, Control Panel, Services. See what is started, and what is automatic. Try stopping things that you know you don’t need. For example, you might be running a web server, FTP server, etc. without even knowing it. This is a large security risk as well. If you can stop services with no ill effects, you must change the startup type to manual (which will still allow the service to be started under some circumstances) or disabled (the service is now toast) or they will be restarted the next time you reboot.

Win2K

Go to Start, Settings, Control Panel, Administrative Tools, Services. See above NT section for the rest of the details.

Other Possibilities

Consider these after trying the above and/or using the boot disk.

• Do you turn your PC off every ay or two? This is less of an issue for NT/2000, but with Win9x, if I leave it on for more than 5-8 days, it gets really wacky and crashes. Get an “uptime” utility to find out how long your machine has been up. See my Favorite Utilities, Tools, Software for Windows to get one.
• Another possibility is a bad driver for some device. Video card drivers are notorious for this. This one can look like either of the next two.
• A version conflict between some files can cause these kinds of symptoms. It could be system DLLs or just about anything, and is very hard to diagnose. Sometimes, if all the problem started when you installed something (like the AOL client or IE, both of which can really screw up your system) or if it always/only happens when you run a particular program, you can figure out what did it and maybe uninstall or fix it. But sometimes it’s more subtle than that, as in the case where it’s a particular combination of thing, that doesn’t happen often or is hard to reproduce. Then you’re kind of stuck. Nuking the system and re-installing everything from scratch might fix it, but that’s a lot easier said than done.
• Finally, flaky hardware, new (and not quite compatible) hardware, or hardware in the process of going bad. Systematically swapping out hardware one bit at a time will usually find this kind of thing. Of course, that takes a lot of time, and most people do not have spares of everything. Your local computer shop might be able to help, but don’t be surprised if they can’t, won’t or charge a lot for it.

The Boot Disk

This boot disk will work for Win9x/ME. It might work for NT/2000/XP, if you are using the FAT file-system (which you shouldn’t be). This disk uses only FREE programs – from the FREEDOS Project! Download the Boot Disk.

This boot disk will clean out the TEMP directory and some other junk files, then try to run a command line ScanDisk. Since you are booting from the disk, you do not have to mess with DOS mode – you’re already where you need to be.

It will also clean up some other files that I didn’t mention above. If any of the following exist, they will be deleted:

c:\\file\*.chk
c:\\\*.$$$
c:\\\*.tmp
c:\\\~\*.\*
c:\\dos\\\*.$$$
c:\\dos\\\*.tmp
c:\\dos\\\~\*.\*

As far as I know, all of these tools are free unless otherwise noted.

Use any ZIP program, such as WinZip or InfoZip’s FREE Unzip to extract the ZIP files.

(Old) Disk & File Utilities

BootPart

Lets you create DOS and Win95 boot sectors for the NT Loader (NTLdr.exe). IT also lets you fix broken NT boot sectors. Very nice little freeware tool. For more information about NT Boot Sectors, you can check this direct boot page.

delpart.exe

Old Microsoft utility to delete partitions – ANY partitions. Great for removing NTFS partitions from a bootable DOS floppy, or for those times when FDisk confuses itself and will not let you remove an extended partition because it says there are logical drives, but when you try to delete the logical drives it says there aren’t any…

dirmatch.com

From PC Magazine, allows you to compare two different directories (see FreeCommander, below). Since this is so old (DIRMATCH 3.1 (c) 1989 Ziff Communications Co.) it doesn’t really work with long filenames. (If you have problems downloading try dirmatch.com.txt and rename it to remove the trailing .txt.)

freeCommander

A dual-pane file manager for all 32-bit windows platforms (i.e. 95/98/NT/2000). It is a free program, similar to an updated Norton Commander. Nicer and more current than 2xExplorer.

2xExplorer

An obsolete dual-pane file manager for all 32-bit windows platforms (i.e. 95/98/NT/2000). It is a free program, similar to an updated Norton Commander. Use the previous one instead.

mcopy.exe

Copies only newer files.

obslt10.zip

Deletes files older than the date/time specified. Excellent for purging log and temp files, etc.

UNIX Utilities for Windows

FREE tools from 3Com

Including 3CDaemon an Integrated TFTP/FTP/Syslog Daemon for Windows 95/98/NT.

Win32-ports of tools with a GNU or similar open source license

These are the “official” GNU Win32 ports.

GNU utilities for Win32

Really awesome “native” Win32 ports of some UNIX tools. Native in this context means that no emulation layer (e.g. CygWin) is needed. This avoids a lot a installation complexity. With these native tools, you unzip ’em and run ’em! bc-1.05, bison-1.28, bzip2-1.0.2, diffutils-2.7, fileutils-3.16, findutils-4.1, flex-2.5.4, gawk-3.1.0, grep-2.4.2, gsar110, gzip-1.2.4, indent-2.2.9, jwhois-2.4.1, less-340, m4-1.4, make-3.78.1, patch-2.5, recode-3.6, rman-3.0.7, sed-3.02, shellutils-1.9.4, tar-1.12, textutils-2.1, unrar-3.00, wget-1.8.2, which-2.4.

David’s Programs and Source Code

UNIX or UNIX-like tools, including cat.exe, bin2bmp.exe, bmpdump.exe, detab.exe, diskuse.exe, ebcdic.exe, entab.exe, fsplit.exe, fstat.exe, gifdump.exe, hdump.exe, head.exe, reboot.com, scram.exe, scram.doc, snow.exe, tcopy.exe, tee.exe, tod.com, unicode.exe, uniq.exe, vdate.exe, vecho.com, vfind.exe, whence.exe, wordc.exe

Mountain Math Software’s port of GNU Bash to Windows NT.

It it listed as a beta, and for Windows 3.51, but it runs under NT 4. I have not tested it much though. See the Readme.txt or download the archive (~ 1.7 meg). Licensed under GNU (free), and stand alone (i.e. does not need DJGPP or CygWin).

tcsh

Free GNU, stand alone (i.e. does not need DJGPP or CygWin). Read the Readme.NT.

pgrep.com

DOS port of a version of the grep command. Can handle “|” under DOS/Windows.

DOS2UNIX.COM & UNIX2DOS.COM (from The free Win32 software page at BASTET.COM)

Convert CRLF to LF and LF to CRLF respectively.

While the programs above are ports of various UNIX tools, the next four items are complete UNIX environments for the PC. DJGPP is older, and has not been updated too much (not that it needs it). DJ Delorie went to work on the Cygwin project after he wrote DJGPP. Both environments are very cool! I don’t know too much about the other two, and have never used them.

DJGPP

A complete 32-bit C/C++ development system for Intel 80386 (and higher) PCs running DOS. It includes ports of many GNU development utilities. The development tools require a 80386 or newer computer to run, as do the programs they produce. In most cases, the programs it produces can be sold commercially without license or royalties. Use the DJGPP Zip File Picker to figure out what you need to download.

Cygwin

A port of the popular GNU development tools/environment for Windows NT, 95, and 98. It implements the Cygwin library which provides the UNIX system calls and environment the programs expect. With these tools installed, it is possible to write Win32 console or GUI applications that make use of the standard Microsoft Win32 API and/or the Cygwin API. As a result, it is possible to easily port many significant Unix programs without the need for extensive changes to the source code. This includes configuring and building most of the available GNU software (including the packages included with the Cygwin development tools themselves). Even if the development tools are of little to no use to you, you may have interest in the many standard Unix utilities provided with the package. They can be used both from the bash shell (provided) or from the standard Windows command shell.

UWIN

By David Korn, free for educational or research uses. Note David Korn, as in the Korn Shell.

MKS Toolkit

(AKA NuTCracker), a commercial package

Finally, some stuff from Microsoft.

Windows UNIX Interoperability

Pointers to Windows Services for UNIX (a POSIX and UNIX system-call sub-system) and Interix (UNIX Tools) information.

Windows Services for UNIX version 2

A UNIX Sub-System; $149.

*[Windows Services for

UNIX]( http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/windows2000serv/deploy/sfu/sfu.asp)* A White Paper

Interix

MS UNIX environment for NT/2K; $99. Was Software Systems (dead line: http://www.interix.com/); Microsoft Corporation acquired them on September 16, 1999.

DOS & Windows Command Line Tools

NirCmd

“NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface. By running NirCmd with simple command-line option, you can write and delete values and keys in the Registry, write values into INI file, dial to your internet account or connect to a VPN network, restart windows or shut down the computer, create shortcut to a file, change the created/modified date of a file, change your display settings, turn off your monitor, open the door of your CD-ROM drive, and more…”

The FreeDOS Project

FreeDOS aims to be a complete, free, 100% MS-DOS compatible operating system. FreeDOS is ideal for anyone who wants to bundle a version of DOS without having to pay a royalty for use of DOS. FreeDOS will also work on old hardware, in DOS emulators, and in embedded systems. FreeDOS is also an invaluable resource for people who would like to develop their own operating system. While there are many free operating systems out there, no other free DOS-compatible operating system exists. There are also a great number of free DOS tools in the FreeDOS Software List, such as deltree, exe2bin, fdisk, tree, nasm, finger, tail, tee, which, and more.

MS-DOS Applications for Internet Use

I think the name says it all.

4Dos & 4NT from JP Software

AWESOME if you are a CLI (command line interface) junkie like me. It is a replacement for command.com or cmd.exe (there are also a variety of other products). I can’t even begin to list all the features (which are pretty much common across all platforms/products)! Since I am not the best typist, the file name completion is one of my favorites. The ability to copy to the clipboard from the DOS prompt is another great thing (i.e. type autoexec.bat > clip:). If you have a DOS Prompt in your Startup group (or equivalent) you NEED this stuff! It is shareware, but reasonably priced for all that you get out of it.

List is Vernon D. Buerg’s famous text viewer

I used to be unable to exist without this thing, but I use less these days! I used v7.7a because it works with network drives, but there are others, including shareware versions such as v9.3a. If you want something similar to list, but for UNIX, try “less” or “pilot” which is the browser built into Pine. “Pico,” the Pine editor, is also good for people who don’t like the typical UNIX editors. Pine is free (but not GPL).

PkWare is the famous PKZip, PKUnzip, etc.

Check out the new Windows versions. 2.04g is still the latest DOS version. Do not download anything other than that – it may be a virus. Better yet, use InfoZip, the free GNU replacement for the PKWare command line tools. All PkWare is shareware.

NMAKE.EXE

From the Readme: “NMAKE.EXE 1.50 is a the version of NMAKE that ships with Visual C++ 2.X. It is used to build external projects. It is a 32 bit version of NMAKE that was designed to run on Windows NT version 3.5. It has been extensively used on Windows 95 and requires a 32 bit operating system. It will not work on Windows 3.1.”

Sweepup.bat

Sweepup helps you keep crap from building up in your temp and cache directories. WARNING: It may delete things you don’t want to delete! Read and understand the code before you run it. It is well documented and simple. Also note that some programs will copy files to the temp directory, then require you to re-boot. Files from the temp directory are then used to replace other files that are in use when the system is up. If you run Sweepup from your “Startup” group like I do, you can nuke these programs before they work. You have been warned!

Windows & Graphical Tools

VNC

Real VNC, TightVNC, UltraVNC, WinVNC (with NTLM authentication), OSXvnc, Xvnc (X server on one side, VNC server on the other, very cool), or even PerlVNC A remote display system which allows you to view a computing ‘desktop’ environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Essentially a FREE PC Anywhere on TCP/IP only, supporting many different operating systems. (See also Wikipedia VNS details and history.)

TeraTerm

A freeware telnet/dial-up application that supports Japanese fonts, inline XModem, ZModem, Kermit, etc. and much more. It has its own macro language too. It is not the easiest thing to set up (especially the modem strings), but it works great. I wanted a freeware application that could do ZModem and have the same interface for both telnet and dial-in and had 16 and 32 bit versions. This is a best one I’ve found. It also has a free Secure Shell (ssh) client plug-in called TTSSH.

LView

A great shareware image viewer, with limited editing capabilities. (Both 16 and 32 bit versions)

*[ACDSee

Classic]( http://www.acdsystems.com/English/Products/ACDSeeClassic/index.htm)* by ACD Systems, Ltd A very fast shareware image viewer (especially with JPGs) that gives you a “menu” of images to view. (Both 16 and 32 bit versions)

WinZip by Nico Mak Computing, Inc.

An excellent shareware GUI-based full-featured compression extraction program, that handles many formats (Zip, ARJ, LZH, ARC, TAR, Z, GZ, TAZ, TGZ, UUencoded, XXencoded, BinHex, MIME , LZEXPAND (MS *.??_)). WinZipSE creates Windows and/or DOS executable self-extracting archives that can optionally install things (ala Win95). There are 16 and 32 bit versions. Also see the InfoZip graphical front end WiZ. Last time I checked, WinZip was still a lot better and easier than WiZ though…

Uptime: See how long your Windows computer has been up.

The Uptime.exe that I like (looks cool, dynamic updates).

Vince Fatica’s Uptimes (command line and GUI versions).

MS Uptime.exe (Microsoft’s feature bloated version – NT SP4 and better only).

And another Uptime.exe.

This article is translated to Serbo-Croatian by WHGeeks. Thanks!

I plan to move much of this to https://github.com/vossenjp/ at some point…

Introduction

The term “shell script” comes from UNIX, the DOS term is “batch files.” UNIX shell scripts are very powerful and flexible, they are essentially programming languages unto themselves. Windows or more rightfully DOS batch files are a pale imitation. However, sometimes you need to write something that will just work on any plain old out-of-the-box Windows install someone has–without adding all kinds of other tools.

Before getting too deep into this topic, consider if there is another tool you might use. Here is a list of tools, all of which are far more powerful, flexible and are probably easier to use than batch files:

• Perl ( Perl for Windows)
• JP Software’s 4Dos (now free) & TCC/LE (was 4NT, now free) (almost as powerful as UNIX shell scripts, but with a DOS/Windows “flavor”)
• NirCmd Freeware command-line tool
• UNIX tools ported to DOS/Windows, e.g. the UnxUtils and GNU Win32 ports.
• Bash or other UNIX shells ported to DOS/Windows, e.g. the CygWin project. It may not be totally obvious how to get things at the Cygwin site. Either download the “ setup.exe” program, which will guide you through everything, or use the mirrors page to find a mirror site and get everything yourself.
• AutoIt Free scripting and installation language for 95, 98, ME, NT4, 2000, XP, 2003. No run-times and may be compiled into an EXE.
• KixTart (and a KixTart script library)
• REXX
• And there are tons of other free scripting tools for Windows out on the ‘Net.

Powershell

If you follow Windows at all you will be aware that Powershell is Microsoft’s new command line tool, and that you will be required to use it more and more with newer Windows versions. That is a Good Thing, in my opinion, and it only took them about 20 years to realize, but that is not covered here! I don’t really do Windows anymore and I have not bothered to learn Powershell, which reminds me unpleasantly of Java’s verbose ugliness. So this page is somewhat historical, though most everything should work to at least Win7.

If you are interested in current Windows command line scripting and Powershell (and if you like Windows you should be), there are any number of other resources and books that will help. These are probably good but I haven’t read them:

• Windows PowerShell for Developers
• Windows PowerShell Cookbook: The Complete Guide to Scripting Microsoft’s New Command Shell

A Tweak

Did you know that Window’s cmd.exe has file and directory name completion, like UNIX shells? It does, and that can be amazingly useful. But in most versions of Windows it’s not turned on by default. (I believe it may be on in Windows 2003, but can’t swear to it.)

To enable file and directory name completion under Windows, download this registry file and remove the .txt, then double-click on it and answer yes to the question about importing into the Registry. If you can’t download for some reason you can copy the text below into a new file and import it, or just open regedit, navigate to the key, and change the values for CompletionChar and PathCompletionChar to 9. One you’ve done that, open a new command prompt and type dir c:\win then hit the TAB key and watch what happens. Of course the up arrow and other command line editing functions will still work as always.

REGEDIT4

; NT-TAB.reg -- Sets the NT Command Completion Character to TAB
; Use "RegEdit /s NT-TAB.reg" for silent installations
; v1.0 1998-10-22 JP Vossen  http://www.jpsdomain.org/
; v1.1 2001-09-06 JPV Added PathCompletionChar
; v1.2 2003-03-30 JPV Added .DEFAULT and SOFTWARE sections

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"CompletionChar"=dword:00000009
"PathCompletionChar"=dword:00000009

; Can also do this if you have the permissions
;[HKEY_USERS\.DEFAULT\Software\Microsoft\Command Processor]
;"CompletionChar"=dword:00000009
;"PathCompletionChar"=dword:00000009

The Dirt

OK, if you are still going to go through with this, the first thing you need is Tim Hill’s Windows NT Shell Scripting, otherwise you don’t have a chance. For Windows 9x/ME, you are still toast, but for NT/2000 this book is really great. It’s the only way you can navigate the bazaar, inconsistent, contradictory and often asinine “scripting” language built into cmd.exe.

Using material from that book, plus my own almost 20 years experience with DOS batch files, I still had a hell of a time writing the following script. All it does is give you some basic file information (similar to UNIX stat) and tell you if a file will fit on a floppy disk.

The Scripts

Clicking on the name of a script will open that script in a new window.

Stat v1.0 2000-12-03

NT Batch file to provide similar info to the UNIX (file) stat command.

nt-cmd.cmd v1.2 2001-08-29

Sample/demo code I wrote after reading Windows NT Shell Scripting.

drives v1.1 2000-01-11

A tiny script to display active drives.

Simple Sleep

Another of the many lacking tools is a simple “sleep” command, but you can easily fake that using the “ping” command of all things. The following will “sleep” for about 5 seconds, give or take:

C:\> ping -n 5 localhost \> NUL

Obviously you adjust the 5 as needed for the number of seconds. You can even write a trivial “sleep” function in your scripts:

@echo off
REM sleep_demo.cmd--Simple "sleep" command demo
REM 2012-07-26

echo Before sleep
call :sleep 7
echo After sleep

REM End of Main program
REM ###################################################################
goto :EOF

REM +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
REM sleep for a specified number of seconds, more-or-less...
REM Called like:  call :sleep 7
:sleep
    set sleep_secs=%1
    ping -n %sleep_secs% localhost > NUL
goto EoF

The Date

How to get and use dates and time in Windows scripts.

This is trivially easy in UNIX. You want to copy a log file to a dated name? “cp mylog `date ‘+%Y-%m-%d’`-mylog” will copy mylog to 2002-11-27 (as of this writing). What could be easier? But in Windows, it sucks.

There are two basic ways to approach this, both with advantages and disadvantages. The native way is the “for” and “date /t” commands under NT/2000/XP. These do NOT work under Windows 9x and they do not consistently use 2 digit time fields, which totally screws you up if you need the time. The second way is to use the UNIX date command, then do whatever you please. This is very flexible, but requires you to download and have the executable ( date) handy. You will also want to rename it (I use udate.exe) so you don’t conflict with the built-in date command.

UPDATE (2012-07-26): All versions of Unix “date” commands that I have tested under both WinXP and Win7 have a bug that causes them to skip skip Mar-11 and/or Apr-04! That’s pretty annoying but has never been fixed as far as I know. Since it affects both tools I’ve tested (UnxUtils and GNU Win32), I suspect the Windows strftime lib is the problem. But I can’t prove it. And someone else replied to the bug he could not reproduce the problem. So I’d say it’s something I’m doing, but I find it off that both the WinXP I’ve been using forever and a much newer Win7 do the same thing.

UPDATE (2003-06-07): Here is a third way that’s trivial! It seems there are built-in but undocumented environment variables %time% and %date% in Windows 2000. I have not tested other platforms (let me know if you do). Due to the format, you can’t easily use the date in file copy operations (for example), but the time should be OK. And it’s by far the easiest option if you are just going to display (writing to a log file or something).

C:\> echo %date% %time%
Sat 06/07/2003 18:32:30.52

Windows Trivial

@echo off
REM Play with W2K date/time env. vars.

echo The date: %date%
echo The time: %time%

UPDATE (2006-05-11): Here is a another trivial way! Thanks to Richard Blake (RBlake {at} nea {DOT} org) for this great hack. In addition to the above %time% and %date% variables, there is a %VAR:offset,len% construct documented for the SET command, which works elsewhere. As above, the use of a two digit time code can mess you up, but for just the date it will work very well. Code to deal with non zero padded hours is left as an exercise for the reader.

C:\tmp> set MyNewFileName=%DATE:~10,4%%DATE:~4,2%%DATE:~7,2%%TIME:~0,2%%TIME:~3,2%%TIME:~6,2%

C:\tmp> echo %MyNewFileName%
20060511 21921

This RedmondMag.com Backup Basics in Windows Server 2008 R2 article expands on the same method, but they are not portable because they depend on how your system time is displayed, and that will vary from machine to machine based on locale and user preference. For example, I loath any date/time format except for ISO8601 so I have my Windows formats set as close to that as possible, which then breaks the assumptions in the first block:

@echo off
REM date_demo.cmd--Simple date parsing demo
REM 2012-03-10

echo Current dates (Windows default date format for US)
set year=%date:~10,4%
set month=%date:~4,2%
set day=%date:~7,2%
set hour=%time:~0,2%
set min=%time:~3,2%
set sec=%time:~6,2%
echo Date: %date% Time: %time%
echo ISO-8601: %year%-%month%-%day%_%hour%:%min%:%sec%

echo.
echo Current dates (ISO-8601 date format)
REM 2012-03-10
set year=%date:~0,4%
set month=%date:~5,2%
set day=%date:~8,2%
set hour=%time:~0,2%
set min=%time:~3,2%
set sec=%time:~6,2%
echo Date: %date% Time: %time%
echo ISO-8601: %year%-%month%-%day%_%hour%:%min%:%sec%

Other Ways

• windate v1.0 sometime in 2001 or 2002 Native Windows Date commands
• unixdate v1.0 sometime in 2001 or 2002 Using a UNIX date command in Windows

Getting Input

There are various tools like ask.exe and choice.exe that allow you to get input. There there’s an even easier, although undocumented, way: set /P. As in:

set /P MyAnswer=Your Prompt Here!

That prompts the user with “Your Prompt Here!” and puts whatever they type into %MyAnswer%. Very cool.

Simple Utilities

Except for FindZero.bat, all of these batch files will work under DOS, or any Windows.

• DOS Commands are not case sensitive, unlike UNIX commands.
• An “@” as the first character of a line prevents the command from echoing whether echo is on or off.
• echo. will echo a blank line (CRLF).
• Command line parameters are specified with %1, %2, etc. not $1, $2 as in UNIX.
• %0 is the name of the program, as invoked. In other words, if you type “mybatch” %0 will be “mybatch”. If you type “c:\utils\mybatch.bat” %0 will be “c:\utils\mybatch.bat”.
• ^G is a ‘control G’ which makes the console beep. This tiny batch file has a ^G in in, which you can cut & paste into scripts. There are lots of other ways to get control characters into files, but they depend on your OS and text editor. In most DOS windows, holding down the <ALT> key while typing the ASCII code on the numeric keypad will produce that character. ^G is 007, you you hold down <ALT>, type 007 on the numeric keypad, then release <ALT> to get a beep.
• Tim Hill’s Windows NT Shell Scripting for much more information and detail. Much of the book applies to DOS and Windows (other than NT) as well.

AddPath.bat

@path=%1;%path%

MCD.bat

@md %1
@cd %1

auto-ftp v1.2 1999-09-16

Automatically Download a file using FTP (not secure!).

CLR.bat

@echo off
cd c:\
cd d:\
c:
cls
ver

aformat v2.4 2002-11-09

Format Floppy with no user prompts.

SPrompt.bat

Requires ANSI.sys, included with DOS & Windows, or PC Magazine’s free AnsiCom.

@echo off
REM SPrompt.bat -- Dynamically Set Prompt
REM Created sometime in 1992
REM 03-Mar-1998 JPV
REM 19-Feb-1999 JPV Added "neat" prompt from JPS mail list

REM Neat PROMPT `$+[%user@$P]%@EXECSTR[if %@LEN[%_CWD] GT 20 ECHOS $_:$s]`

prompt $e[0;33;1;44m$P$e[36;44m$G $e[0;37;44m
if not "%1" == "" prompt $e[32;1m%1 %2 %3 %4 %5 %6 %7 %8 %9$_$e[33m%prompt%
rem prompt $e[s$e[1;7f$e[0;45;37;1m$e[K($z)   $d   $t$e[u$e[1m$P$e[0m$G $e[0m
rem set WINPMT=$e[0;33;1;44mEXIT to Windows$_$P$e[36;44m$G $e[0;37;44m
if {%OS%}=={Windows_NT} prompt $P$G

WhoAmI.bat

Requires Microsoft Networking to be installed and active, and the DOS find command. If you have a UNIX find command in the path, you’ll probably get a “No such file or directory” error.

@echo off
echo.
net config /yes | find "name"
echo.
pause

Sending e-mail

Something else that is taken for granted on UNIX is the ability to send e-mail from the command line or a script. As usual, windows makes this a challenge. There are a few free and commercial solutions for this, including but not limited to the following list (I’ve only ever used Blat):

1. Blat “is a Win32 command line utility that sends eMail using the SMTP or NNTP protocols.”
2. NTsendmail “is Highly Acclaimed UNIX Sendmail replacement for NT. NTsendmail is realeased under the GNU Public License. NTsendmail was designed to enable script writers to use their UNIX CGIs on Windows 95/98/NT/2000.”
3. And I’m sure there’s at least one or two Perl modules that can do this.

Upload from Frontpage to your ISP

I used to use MS FrontPage to maintain this site (don’t ask me why). My old ISP did not support FrontPage or its extensions, for excellent security reasons. Using FrontPage to create pages, then uploading them to a hosted site is a gigantic pain in the ass because of the way FrontPage keeps all of its proprietary information in various “_VTI_CNF” and other subdirectories. So simply zipping up the directories and dumping them onto a host is not ideal. So I came up with the following solution.

The old code I posted to a Netaxs news group was WRONG in places! THIS stuff works.

I don’t use this any more, I use Hugo and Relearn.

Open issues are:

1. If you do a ZIP, and upload it, but do not delete it from the PC, the next run will append, not overwrite. Your “diff” zip will just keep growing. You need to manually delete the zip file after each run is successful.
2. Since find is working off of the modification time, if you move a file into the structure that has not been modified (i.e. a tool or utility program) it will not be picked up by a diff. You have to add that to the zip manually.

upload.cmd v1.0 2000-12-14

Upload.bat runs on my Windows workstation, and creates a ZIP file I can upload, but it does not grab the stupid “_VTI_CNF” directories!

upload.sh v1.1 2001-01-24

Unzip upload.zip and set permissions on www directory.

Windows Scripting Resources

• Master and Command Line: “Using the Windows GUI is fine–if you want to go slow. Learn to use the command line and move into the administration fast lane.”
• Scripting for MCSEs (details about the Scriptomatic)
• The TechNet Script Center
• MS Windows Scripting FAQ

This article is translated to Serbo-Croatian by WHGeeks. Thanks!

Introduction

Welcome to the Windows port of Logcheck (now called LogSentry), the famous UNIX log processing tool. Psionic was bought by Cisco who has moved the cool Abacus tools, including LogSentry, to http://sourceforge.net/projects/sentrytools/

As you probably know if you are bothering to read this, LogSentry helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail. However, it can only work with what it’s given. I personally find the Windows Event Logs to be verbose, yet un-informative. So when you get e-mailed messages with three or 4 lines on arcane gibberish, remember that it’s the same information as you would see in the Event Log, except it’s in a slightly different format, and you are actually SEEING it! (Of course, you would have reviewed the Event Logs anyway, right?) :-)

The beginning of each log entry contains the name of the Event Log, the date, and the time, like: “DIR,7/20/2001 11:52:12”. this is followed by the event details. The three letter codes for the Event Logs are:

• APP Application
• SEC Security
• SYS System
• DNS DNS (Win2000 Server(?) only)
• DIR Directory Service (Win2000 Server(?) only)
• RPL File Replication (Win2000 Server(?) only)

It will help to look for those codes to isolate one event from the next, since your mailer will probably wrap the lines.

Also, the MS API for the Event Logs will return the application log if the Event Log being asked for does not exist. Once it returns the handle, there isn’t any way that DumpEvt can tell which log is being read. For example, if you dump RPL on an NT box, or DNS on W2k Pro it dumps the APP log instead. This causes duplicate entries in the capture file. The only work-around right now is to edit wrapper.cmd and REM out the Event Logs that do not exist on that machine.

While the actual logcheck.sh script could have been ported to the CMD.EXE shell, I thought it was much more efficient and effective to make as few changes to that as possible, and instead create a “wrapper” program to translate “Windows” into “UNIX.”

I gave the wrapper the highly imaginative and interesting name of “wrapper.cmd.” Note that it only runs under Windows NT and 2000 (and probably XP though I have not tested that). In short, logcheck is pointless without logs, which means the Event Logs. Since the Win9x series doesn’t have those…

See the “Tools-Readme.txt” for details about what tools are needed.

Paths/Dirs

I struggled with the default directory location for a while. I *hate* programs that put themselves in the %SYSTEMROOT% (e.g. c:\winnt) directory. However, I wanted to be a little obscure, so I thought c:\etc was a little too obvious. And I wanted to be reliable, so “c:\Program Files” or “c:\Documents and Settings” were both too long, and had annoying spaces. C:\Progra~1 and c:\Docume~1 are not 100% reliable. So %SYSTEMROOT%\etc it is… Of course, you can change that if you want.

• %SYSTEMROOT%\etc
• %SYSTEMROOT%\etc\lcwin Keyword files
• %SYSTEMROOT%\etc\bin Binaries
• %SYSTEMROOT%\etc\tmp Secured Temp directory
• %SYSTEMROOT%\etc\bin Documentation and help files

Note the word “secured” above. YOU need to set proper permissions on those directories so that the account under which logcheck runs as the proper access, but “Everyone” else does not. See the INSTALL-Windows.txt file for more details.

At the heart of logcheck are two basic things, grep and mail. If they fail, so will logcheck. While in the UNIX world you can assume the ability to send mail from the command line, in the Windows world you can’t. So make sure Blat is working. Again, see the INSTALL-Windows.txt file for more details.

License

This software is released under the GPLv2. See the included LICENSE file.

Credits

First, to Marcus J. Ranum and Fred Avolio for writing the deceptively simple yet brilliant original frequentcheck.sh for TIS Gauntlet.

Second, to Craig Rowland for applying the idea to system logs.

Third, to all the people who wrote or ported the tools I needed to get logcheck to run under Windows, notably K. M. Syring, the guys at Somarsoft, and Tim Charron.

Fourth, to G.P. and I.P. who sent me logs to test to help me tune the keyword files, and answered various other questions.

I should also mention the guys at Bastille Linux, whos style I’ve copied here a bit in the Setup program “interview.”

Resources

Finally, a few notes about other tools or resources that may be of interest, if you’ve managed to read this far.

I’ve found the following book to be essential in other Windows scripting projects, and it proved helpful in this project as well. For anyone who thinks you couldn’t possibly find enough material in the old DOS batch file language to write a book about it – that’s what I thought when I saw it. Check it out! While not nearly as powerful, flexible or easy to use (though some would argue that last) as UNIX shells, Windows’s CMD.EXE is actually a lot more powerful than you think. Forget about Command.com though…

Windows NT Shell Scripting, by Tim Hill New Riders Publishing, Paperback, Published April 1998, 377 pages, ISBN 1578700477

Other Methods of accessing the NT Event logs (not free):

• Win2K Server ResKit Perl scripts: EventLog.pl & EventQuery.pl
• NT (etc.) ResKit Elogdmp.exe event log dumper

Other Tools of interest (free):

• Snare is a Windows service to send NT Event Logs to a SysLog server. (This used to be called Backlog, the latest version of which is Backlog 1.9b and which is archived here and here. Backlog is much more simple than Snare and may still be quite useful.)
• NTSysLog is another Windows service to send NT/2000 Event Logs to a SysLog server, but the latest release seems to be 1.13 from October 21, 2002.
• NTLast is a UNIX-like “last” command for NT Event Log (ntobjectives.com)

Log Analysis:

• The Log Analysis site, maintained by Tina Bird and Marcus Ranum. The whole site is great, but of special interest in the context of Winlogcheck are the following:
  • Windows or other non-UNIX OS to syslog integration
  • Windows 2000 Event & Error Messages
  • Search for Microsoft systems and applications Event IDs

Download

• WinLogcheck-1.0.5-1.zip
• The PowerPoint presentation I gave to the Philadelphia Area Network Technologies User Group ( PANTUG) on September 12th 2001.