- Aug
- 2,056
- 83
Code:
_x64: 1
_admin: 1
_elevated: 1
TCC 27.00.18 x64 Windows 10 [Version 10.0.18363.1256]
I have the want to embed an .EXE (or other file) into a .BTM
I remember doing this with .COM files back in the DOS days, and wondered if it could be done with an .EXE or other file.
I discovered that the certutil.exe utility can encode/decode a file. This is part of my Windows 10 Pro 64-bit OS.
After some searching for different techniques, I created a .BTM that will encode an .EXE, which also creates a .BTM to decode the .EXE, then run it;
Code:
@setlocal
@echo off
set exefile=C:\WINDOWS\system32\notepad.exe
:: Does the exefile exist?
iff isfile %exefile then
Gosub EncodeEXE
Gosub MakeBatchHeader
:: Add the Encoded .EXE to the .BTM
type %exeName.tmp >> %exeName.btm
:: Don't need the Encode .EXE anymore
del /q %exeName.tmp
Gosub MakeBatchFooter
*view %exeName.btm
else
echo %exefile does not exist.
endiff
endlocal
quit
:EncodeEXE
set exeName=%@name[%exefile]
:: Could also use @b64encode function
certutil -encode -f "%exefile" %exeName.b64
Return
:MakeBatchHeader
echo Creating %exeName.btm
echo Depending on the size of %exeName.exe, this could take a while...
::
:: It took 51 seconds on my system
::
do kount in @%exeName.b64 (echo echo %kount >> %exeName.tmp)
if exist %exeName.b64 del /q %exeName.b64
type <<- endtext > %exeName.btm
@setlocal
@echo off
Gosub DecodeEXE
%exeName.exe
if exist %exeName.exe del /q %exeName.exe
endlocal
quit
:DecodeEXE
(
endtext
Return
:MakeBatchFooter
type <<- endtext >> %exeName.btm
)>%exeName.b64
:: Could also use @b64decode function
certutil -decode %exeName.b64 "%exeName.exe" > nul
if exist %exeName.b64 del /q %exeName.b64
Return
endtext
Return
I'm using notepad.exe as an example, as this is on everyone's system, but use an .EXE of your own choosing.
I will likely use this process for some .XLS files, but I thought that using an .EXE would be a better test for possible corruption.
The resulting notepad.btm works, but gives me an error;
Code:
TCC: E:\Utils\notepad.btm [3792] Command loop
It also displays the decode text on the screen, which is not what I want.
To create the .EXE from the decode, I do;
Code:
(
echo -----BEGIN CERTIFICATE-----
echo TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
.
.
.
echo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
echo -----END CERTIFICATE-----
)>notepad.b64
I've tried using the TEXT/ENDTEXT commands, and a "Here-Document" TYPE <<-, but this results in the encoded .EXE being corrupt, and not running. I don't think those TCC commands work well with binary data.
The notepad.exe is created, is run, and works as it should. I did
Code:
e:\utils>fc /b c:\windows\system32\notepad.exe notepad.exe
Comparing files C:\WINDOWS\SYSTEM32\notepad.exe and NOTEPAD.EXE
FC: no differences encountered
Any assistance in getting the indicated problems fixed in my code would be appreciated.
Joe