Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NTBugtraq> 1998-1999

Re: NT command extension parsing...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NT command extension parsing...

To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
Subject: Re: NT command extension parsing...
From: "John D. Hardin" <jhardinWOLFENET.COM>
Date: Mon, 22 Feb 1999 17:09:05 -0800
Approved-By: Russ.CooperRC.ON.CA
Comments: To: "Sundaram, Aurobindo" <sundaramAUSTIN.APC.SLB.COM>
In-Reply-To: <8AF646AA0CCCD111AD140060089047DF0128CFE5apc-trader.austin.apc.slb.com>
Reply-To: "John D. Hardin" <jhardinWOLFENET.COM>
Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>

On Mon, 22 Feb 1999, Sundaram, Aurobindo wrote:

> I experienced some strange behavior with Windows NT executable
> command parsing. The other day, I renamed netscape.exe to
> netscape.exe.orig to prevent it being executed.
>
> C:\Program Files\Plus!\Microsoft Internet\Program>move netscape.exe netscape.exe
> .orig
>         1 file(s) moved.
>
> C:\Program Files\Plus!\Microsoft Internet\Program>netscape.exe.orig
>
> Yikes, it still runs! Wasn't NT supposed to only look at com, exe,
> and bat extensions?  Perhaps, it only looks at the text after the
> first period? Let's try another test.

When running from CMD.EXE,

1) An .EXE-format file with a filename containing a period followed by
characters executes, no matter what those characters are...

   x                    won't run
   x.                   won't run
   x.exe                runs (duh!)
   x.gif                runs
   x.junk-exe-junk      runs
   x.junk-junk-junk     runs
   x-junk-junk-junk     won't run
   x.x.x.x.x.x          runs

2) An .EXE-format file with a .bat extension, which apparently CMD.EXE
shortcircuits (which is reasonable), won't run, as you've observed.

When running Explorer, altered extensions pop up the "Open With..."
dialog, as you'd expect.

It looks like CMD.EXE is figuring out how to open the file in a
different manner than the graphical shell is.

Bummer.

--
 John Hardin KA7OHZ                               jhardinwolfenet.com
 pgpk -a finger://gonzo.wolfenet.com/jhardin    PGP key ID: 0x41EA94F5
 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
  If you spend any time administering Windows NT, you're far too
  familiar with the Blue Screen of Death (BSOD) ...
                            - "MSDN Flash" email newsletter, 2/8/1999
-----------------------------------------------------------------------
   87 days until Star Wars episode I

References:
- NT command extension parsing...
  - From: "Sundaram, Aurobindo" <sundaramAUSTIN.APC.SLB.COM>

Prev by Date: New IE4 vulnerability : the clipboard again.
Next by Date: Re: NT command extension parsing...
Prev by thread: NT command extension parsing...
Next by thread: Re: NT command extension parsing...
Index(es):
- Date
- Thread