文件分析2.0.bat
@echo off :: trionse produce it in 2005-2-27 with win2000pro. :: 在网上看到好几次有介绍在system32下分析可疑文件的这种方法,但是就是没有人写出可以auto的文件来,于是我就写了。 :: 现在我做了改进了的,some rights reserved. (c) 2005-2006 title EXE ^& DLL文件检测分析(ver2.0) set sourceload=%cd% set filename=checkfile set load=%SystemRoot% echo. echo. echo. echo EXE ^& DLL文件检测分析(ver2.0) echo. echo triones 2006-6-6 echo. :top echo. echo. echo. echo 请选择你想要加入的参数.. echo +-------------------------------+ echo + 1. windows 2. 指定路径 + echo + 3. 删除命令 4. 帮助信息 + echo + 5. 备份命令 0. 退出程序 + echo +-------------------------------+ echo. echo. set pno=1 set /p pno= cls if %pno% gtr 5 goto onerrorspno cls goto step%pno% :step1 pushd %systemroot% set load=%systemroot% call %sourceload%/%filename% checkexist call %sourceload%/%filename% dodir echo 对%load%分析结果如下: echo. call %sourceload%/%filename% fcfile exe FOR /F "eol=; tokens=1 delims==" %%i in (exedll.txt) do call %sourceload%/%filename% filename "%%i" exe.txt :exenext call %sourceload%/%filename% fcfile dll FOR /F "eol=; tokens=1 delims==" %%i in (exedll.txt) do call %sourceload%/%filename% filename "%%i" dll.txt :dllnext call %sourceload%/%filename% clean echo. echo 按任意键结束。 popd pause >nul cls goto top :step2 set /p load=请指定路径(当前路径为%load%): cls pushd %load% call %sourceload%/%filename% checkexist call %sourceload%/%filename% dodir echo 对%load%分析结果如下: echo. call %sourceload%/%filename% fcfile exe FOR /F "eol=; tokens=1 delims==" %%i in (exedll.txt) do call %sourceload%/%filename% filename "%%i" exe.txt call %sourceload%/%filename% fcfile dll FOR /F "eol=; tokens=1 delims==" %%i in (exedll.txt) do call %sourceload%/%filename% filename "%%i" dll.txt call %sourceload%/%filename% clean echo. echo 按任意键结束。 popd pause >nul cls goto top :step3 set /p load=请指定路径(当前路径为%load%): echo. pushd %load% if exist exe.txt (del exe.txt /F /Q&echo %load%/exe.txt已删除。) if exist dll.txt (del dll.txt /F /Q&echo %load%/dll.txt已删除。) echo 命令完成。 popd goto top ::-----------以下是帮助信息 :step4 echo. echo EXE ^& DLL文件检测分析(帮助) echo. echo. echo 1.在指定文件夹下生成exe.txt与dll.txt文件以保存该文件夹下的EXE及DLL信息。 echo 2.对比时生成临时文件exe0.txt与dll0.txt与原文件信息对比并显示对比报告。 echo. echo 功能介绍 echo. echo 功能1:windows ,对windows下的文件信息进行保存对比。(默认选项) echo 功能2:指定路径,根据指定路径,对其下文件信息进行保存对比。 echo 功能3:删除文件,删除指定路径下由本程序保存的文件信息。 echo 功能4:帮助信息,显示本帮助信息 echo 功能0:退出程序。 echo. echo 任意键退出... pause >nul cls goto top :step5 echo 备份指定EXE^&DLL信息文件... set load0=%load% set /p load0=请指定源路径(当前路径为%load0%): set load1=D:/backup set /p load1=请指定备份路径(默认路径为%load1%): set pno2=0 set /p pno2=是否删除源路径文件(1:删除/0:缺省不删除): echo. echo 将%load0%下文件信息以前缀%filename%备份在%load1%... if exist %load0%/exe.txt (copy %load0%/exe.txt %load1%) else (echo 不存在exe.txt) if exist %load0%/dll.txt (copy %load0%/dll.txt %load1%) else (echo 不存在dll.txt) if %pno2% equ 1 (del %load0%/exe.txt /F /Q&del %load0%/dll.txt /F /Q) pause >nul goto top :onerrorspno echo 输入有误.. goto top :step0 exitcheckfile.bat
@echo off goto %1 :filename findstr /C:%2 %3>nul if %errorlevel% equ 1 echo %2 goto theend :checkexist if not exist exe.txt (echo 您的%load%下无原保存分析exe文件,正在创建...&dir /A h s /S *.exe>exe.txt) if not exist dll.txt (echo 您的%load%下无原保存分析dll文件,正在创建...&dir /A h s /S *.dll>dll.txt) goto theend :dodir dir /A h s /S *.exe>exe0.txt dir /A h s /S *.dll>dll0.txt goto theend :fcfile fc %2.txt %20.txt|findstr /I /C:".%2" >exedll.txt if %errorlevel% equ 1 (echo --%2无异常&goto theend) echo. echo %2出现异常-- goto theend :clean del exe0.txt del dll0.txt del exedll.txt goto theend :theend