Solve : customizing a command?

1.	Solve : customizing a command?
Answer» i want to run a program, when i type a command in the cmd prompt. ex: say sum.cpp is my file if i type command like C:\echo sample before echo gets executed my program "sum.cpp" should run is it possible to do so.Do not post the same question more than once. I've deleted your other post.None of this makes much sense. Try writing a batch file after you compile your C++ program. Code: [Select]@echo off sum.exe echo sample Give your script a name and save the script with a cmd extension. Run from the command line as: *scriptname. sorry!! for the posting the question more than once i am a beginner try to help me. my question is i want to attach my program to echo command ..... my program should run when i type echo command ( irrespective of the input to echo) my program takes the input, if the input is in the range of 0 -16000 it should execute the original echo else it should come out, showing error. Quote from: sharath.chandra.v on July 10, 2010, 01:12:14 AM i want to attach my program to echo command ..... my program should run when i type echo command ( irrespective of the input to echo) my program takes the input, if the input is in the range of 0 -16000 it should execute the original echo else it should come out, showing error. MAYBE it's me but I'm not understanding what you're trying to accomplish. Why do you want to attach your program to the echo* command? Echo is an internal NT cmd processor command. When a command is entered at the command line, the processor first checks it's list of internal commands, then the current directory, and finally the directories listed on the path environment variable. The search also includes the extensions from the pathext environment variable if the command is external from the processor. As soon as a match is found, the command is run. If no match is found you get an error message. If you CREATE a file named echo.bat, the only way to get it to run would be to use a fully qualified file name which will override the normal NT search sequence. If you create a file named echo with no extension, even with a fully qualified file name, the processor will not find the file (see above) and throw an error. Duplicating Microsoft command or utility names is not considered BEST practice and will produce unpredictable results. i am actually working on alternate data streams, so i want to attach a program that restricts the size of alternate data streams to the commands that are used to create them. thanks for responding to my post how to get the fully qualified names of the commands that i need Quote from: sharath.chandra.v on July 12, 2010, 04:07:33 AM how to get the fully qualified names of the commands that i need Knowing that you are working with alternate data streams is an important piece of information. Why didn't you mention that in your first post? ADS is a tried and true method to hide malicious code. It's very effective because it does not change the file size. It would help to know exactly what you're trying to accomplish. You mentioned the echo command, but the executable instructions, like all NT internal commands are located within the interpreter code itself and there is no external file to execute. The other day I was told I was "an hour late and a dollar short". Maybe I am slow on the uptake, or perhaps just being cautious. thanking you once again i have a program in cpp which can find out the size of the alternate data stream. i want to check the size of alternate data stream, when a command related to ADS creation is used. only if the size is less than 2k, the command should work, else it should show error "size of ADS cant exceed 2k bits" . thus i want to restrict the size of alternate data stream is this implementable if so, what is the way of implementing my logic. Quote i want to check the size of alternate data stream, when a command related to ADS creation is used Not sure what commands are related to ADS creation. You seem to want something that will monitor the size of the ADS in real time. I couldn't find anything on Google, but perhaps you might. It might be possible to monitor a directory, and when a file is created or modified your program would kick in. This would be after the fact and there would be no way to prevent the ADS from exceeding 2K. It could only alert you to the size of the ADS. It is also possible to monitor when a process starts, however NT internal commands run within the cmd shell. It is very easy to create an ADS with the echo command, but Windows only sees the processor program (cmd.exe). Hooking user code into the NT processor is beyond my capabilities. Good luck. Quote from: Sidewinder on July 14, 2010, 06:39:59 AM Not sure what commands are related to ADS creation. You seem to want something that will monitor the size of the ADS in real time. I couldn't find anything on Google, but perhaps you might. It might be possible to monitor a directory, and when a file is created or modified your program would kick in. This would be after the fact and there would be no way to prevent the ADS from exceeding 2K. It could only alert you to the size of the ADS. It is also possible to monitor when a process starts, however NT internal commands run within the cmd shell. It is very easy to create an ADS with the echo command, but Windows only sees the processor program (cmd.exe). Hooking user code into the NT processor is beyond my capabilities. Good luck. Only way to "properly" restrict the size of Alternate data streams would be with a filesystem driver. Even a user-mode program build in FindFirstChangeNotification() or RegisterChangeNotification() functions won't catch everything. writing a driver is not something you do in a weekend to pass the time. At least, not something like this. Secondly, it is stated: Quote else it should show error "size of ADS cant exceed 2k bits" First, it can. second, 2k bits is 256 bytes, which isn't very much data at all. lastly, why would you want to restrict the ADS size in the first place? the moment you right-click on a text file or batch file or nearly any document Explorer writes a DocumentSummaryInformation Stream to the file, and that usually EXCEEDS even 2K. Quote i have a program in cpp which can find out the size of the alternate data stream. you have been saying alternate data stream, as if one, and only one, can exist. a file can have any number of alternate data streams. the size of them can be retrieved using the backupread function and reading the filesystem structures of the file itself. A more security-friendly (backupread requires BACKUP privileges, which is usually only the administrator) method is the ntQueryInformation file the best method is that with Vista and higher you can look at streams as easily as you look at files- there is now a FindFirstStream and FindNextStream set of functions. Whatever the case, as sidewinder mentioned, you aren't going to be able to "hook" the echo command, and even if you did, that is hardly the only way to restrict the size of an alternate data stream.

Answer»

i want to run a program, when i type a command in the cmd prompt.
ex:
say sum.cpp is my file
if i type command like

C:\echo sample

before echo gets executed my program "sum.cpp" should run
is it possible to do so.Do not post the same question more than once. I've deleted your other post.None of this makes much sense. Try writing a batch file after you compile your C++ program.

Code: [Select]@echo off
sum.exe
echo sample

Give your script a name and save the script with a cmd extension. Run from the command line as: scriptname.

sorry!!
for the posting the question more than once

i am a beginner try to help me.

my question is

i want to attach my program to echo command .....
my program should run when i type echo command ( irrespective of the input to echo)
my program takes the input, if the input is in the range of 0 -16000 it should execute the original echo
else it should come out, showing error.

Quote from: sharath.chandra.v on July 10, 2010, 01:12:14 AM

i want to attach my program to echo command .....
my program should run when i type echo command ( irrespective of the input to echo)
my program takes the input, if the input is in the range of 0 -16000 it should execute the original echo
else it should come out, showing error.

MAYBE it's me but I'm not understanding what you're trying to accomplish. Why do you want to attach your program to the echo command?

Echo is an internal NT cmd processor command. When a command is entered at the command line, the processor first checks it's list of internal commands, then the current directory, and finally the directories listed on the path environment variable. The search also includes the extensions from the pathext environment variable if the command is external from the processor. As soon as a match is found, the command is run. If no match is found you get an error message.

If you CREATE a file named echo.bat, the only way to get it to run would be to use a fully qualified file name which will override the normal NT search sequence. If you create a file named echo with no extension, even with a fully qualified file name, the processor will not find the file (see above) and throw an error.

Duplicating Microsoft command or utility names is not considered BEST practice and will produce unpredictable results.

i am actually working on alternate data streams,
so i want to attach a program that restricts the size of alternate data streams to the commands that are used to create them.
thanks for responding to my post

how to get the fully qualified names of the commands that i need
Quote from: sharath.chandra.v on July 12, 2010, 04:07:33 AM

how to get the fully qualified names of the commands that i need

Knowing that you are working with alternate data streams is an important piece of information. Why didn't you mention that in your first post? ADS is a tried and true method to hide malicious code. It's very effective because it does not change the file size. It would help to know exactly what you're trying to accomplish.

You mentioned the echo command, but the executable instructions, like all NT internal commands are located within the interpreter code itself and there is no external file to execute.

The other day I was told I was "an hour late and a dollar short". Maybe I am slow on the uptake, or perhaps just being cautious.

thanking you once again

i have a program in cpp which can find out the size of the alternate data stream.
i want to check the size of alternate data stream, when a command related to ADS creation is used.
only if the size is less than 2k, the command should work, else it should show error "size of ADS cant exceed 2k bits" .

thus i want to restrict the size of alternate data stream

is this implementable
if so, what is the way of implementing my logic.

Quote

i want to check the size of alternate data stream, when a command related to ADS creation is used

Not sure what commands are related to ADS creation. You seem to want something that will monitor the size of the ADS in real time. I couldn't find anything on Google, but perhaps you might.

It might be possible to monitor a directory, and when a file is created or modified your program would kick in. This would be after the fact and there would be no way to prevent the ADS from exceeding 2K. It could only alert you to the size of the ADS.

It is also possible to monitor when a process starts, however NT internal commands run within the cmd shell. It is very easy to create an ADS with the echo command, but Windows only sees the processor program (cmd.exe). Hooking user code into the NT processor is beyond my capabilities.

Good luck. Quote from: Sidewinder on July 14, 2010, 06:39:59 AM

Not sure what commands are related to ADS creation. You seem to want something that will monitor the size of the ADS in real time. I couldn't find anything on Google, but perhaps you might.

It might be possible to monitor a directory, and when a file is created or modified your program would kick in. This would be after the fact and there would be no way to prevent the ADS from exceeding 2K. It could only alert you to the size of the ADS.

It is also possible to monitor when a process starts, however NT internal commands run within the cmd shell. It is very easy to create an ADS with the echo command, but Windows only sees the processor program (cmd.exe). Hooking user code into the NT processor is beyond my capabilities.

Good luck.

Only way to "properly" restrict the size of Alternate data streams would be with a filesystem driver.

Even a user-mode program build in FindFirstChangeNotification() or RegisterChangeNotification() functions won't catch everything.

writing a driver is not something you do in a weekend to pass the time. At least, not something like this.

Secondly, it is stated:
Quote

else it should show error "size of ADS cant exceed 2k bits"

First, it can. second, 2k bits is 256 bytes, which isn't very much data at all.

lastly, why would you want to restrict the ADS size in the first place? the moment you right-click on a text file or batch file or nearly any document Explorer writes a DocumentSummaryInformation Stream to the file, and that usually EXCEEDS even 2K.

Quote

i have a program in cpp which can find out the size of the alternate data stream.

you have been saying alternate data stream, as if one, and only one, can exist.

a file can have any number of alternate data streams. the size of them can be retrieved using the backupread function and reading the filesystem structures of the file itself. A more security-friendly (backupread requires BACKUP privileges, which is usually only the administrator) method is the ntQueryInformation file the best method is that with Vista and higher you can look at streams as easily as you look at files- there is now a FindFirstStream and FindNextStream set of functions.

Whatever the case, as sidewinder mentioned, you aren't going to be able to "hook" the echo command, and even if you did, that is hardly the only way to restrict the size of an alternate data stream.

Solve : customizing a command?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment