Dear,
We have trace the exact location which returns "16". It is your line 7.
A bitwise operation with an unknown function name returns an unexpected
result.
Our debugging version:
code:
CLS
COLOR C+/N
AT (1,1) " "
IF RedirectOutput("d:\zszs")
ENDIF
? "-"+LCASE(@day)+" "+@date+" "+@time+"- kixtart "+@kix+"/3.01e script starting."
? "-"
? "-curdir: "+LCASE(@curdir)
? "-scriptdir: "+LCASE(@scriptdir)
? "-startdir: "+LCASE(@startdir)
? "-"
? "-userid: "+LCASE(@userid)+"/"+LCASE(@wuserid)
? "-user priv: "+LCASE(@priv)
? "-version: inwin="+@inwin+"/dos="+@dos
? "-"
?"- 1-"+@time+"- @error @serror "? $filefound = 0
?"- 2-"+@time+"- @error @serror "? $dirfound = 0
?"- 3-"+@time+"- @error @serror "? $infected = 0
?"- 4-"+@time+"- @error @serror "?
?"- 5-"+@time+"- @error @serror "? :mylifeb
?"- 6-"+@time+"- @error @serror "? IF Exist (%windir%\system\cari.scr)
?"- 7-"+@time+"- @error @serror "? IF GetFileAttr(%windir%\system\cari.scr) & 16
?"- 8-"+@time+"- @error @serror "? $dirfound = 1
?"- 9-"+@time+"- @error @serror "? $result = SetFileAttr(%windir%\system\cari.scr, 5)
?"- 10-"+@time+"- @error @serror "? $infected = "not infected"
?"- 11-"+@time+"- @error @serror "? ELSE
?"- 12-"+@time+"- @error @serror "? $filefound = 1
?"- 13-"+@time+"- @error @serror "? $infected = "!INFECTED!"
?"- 14-"+@time+"- @error @serror "? ENDIF
?"- 15-"+@time+"- @error @serror "? ELSE
?"- 16-"+@time+"- @error @serror "? MD (%windir%\system\cari.scr)
?"- 17-"+@time+"- @error @serror "? $result = SetFileAttr(%windir%\system\cari.scr, 5)
?"- 18-"+@time+"- @error @serror "? GOTO "Mylifeb"
?"- 19-"+@time+"- @error @serror "? ENDIF
?"- 20-"+@time+"- @error @serror "?
?"- 21-"+@time+"- @error @serror "? :log
?"- 22-"+@time+"- @error @serror "? $logfile = "\\clariiweb\logs\logon script logs\Mylifeb.csv"
?"- 23-"+@time+"- @error @serror "? IF RedirectOutput($logfile, 0) = 0
?"- 24-"+@time+"- @error @serror "? ? "@DATE,@TIME,@WKSTA,$OperatingSystem,@DOMAIN,@IPADDRESS0,$Infected"
?"- 25-"+@time+"- @error @serror "? ENDIF
?"- 26-"+@time+"- @error @serror "?
?"- 27-"+@time+"- @error @serror "? :end
?"- 28-"+@time+"- @error @serror "? $result = RedirectOutput("")
?"- end-"+@time+"- @error @serror "?
? "-"
? "-"+LCASE(@day)+" "+@date+" "+@time+"- kixtart "+@kix+"/3.01e script ending."
? "-"
;($begin)
;
; mon 25-mar-2002 03:46:36 (kix 4.00 vs 3.01e)
;
;Informative KIXSTRIP: no errors found (input=28 output=28 skip=0).
;
;Informative KIXSTRIP: 3 block_structures found.
;Informative KIXSTRIP: no UDF's found.
;Informative KIXSTRIP: 3 labels found.
;Summary KIXSTRIP: BREAK CALL DEBUG DISPLAY ENDFUNCTION EXECUTE EXIT FUNCTION GET GETS GOSUB GOTO OLExxx PLAY QUIT RETURN RUN SHELL SLEEP THEN USE
;Informative KIXSTRIP: 1 GOTO
;
;($end)
The output of file c:\kixdebug.log is
code:
-monday 2002/03/25 03:47:46- kixtart 4.02/3.01e script starting.
-
-curdir: d:\
-scriptdir:
-startdir: c:\windows
-
-userid: mca/mca
-user priv: guest
-version: inwin=2/dos=4.0
-
- 1-03:47:46- 0 The operation completed successfully.
- 2-03:47:46- 0 The operation completed successfully.
- 3-03:47:46- 0 The operation completed successfully.
- 4-03:47:46- 0 The operation completed successfully.
- 5-03:47:46- 0 The operation completed successfully.
- 6-03:47:46- 0 The operation completed successfully.
- 7-03:47:46- 0 The operation completed successfully.
16
- 8-03:47:46- 0 The operation completed successfully.
- 9-03:47:46- 0 The operation completed successfully.
- 10-03:47:47- 0 The operation completed successfully.
- 11-03:47:47- 0 The operation completed successfully.
- 15-03:47:47- 0 The operation completed successfully.
- 20-03:47:47- 0 The operation completed successfully.
- 21-03:47:47- 0 The operation completed successfully.
- 22-03:47:47- 0 The operation completed successfully.
- 23-03:47:47- 0 The operation completed successfully.
After modifying this line the output becomes:
code:
-monday 2002/03/25 03:51:44- kixtart 4.02/3.01e script starting.
-
-curdir: d:\
-scriptdir:
-startdir: c:\windows
-
-userid: mca/mca
-user priv: guest
-version: inwin=2/dos=4.0
-
- 1-03:51:45- 0 The operation completed successfully.
- 2-03:51:45- 0 The operation completed successfully.
- 3-03:51:45- 0 The operation completed successfully.
- 4-03:51:45- 0 The operation completed successfully.
- 5-03:51:45- 0 The operation completed successfully.
- 6-03:51:45- 0 The operation completed successfully.
- 7-03:51:45- 0 The operation completed successfully.
- 8-03:51:45- 0 The operation completed successfully.
- 9-03:51:45- 0 The operation completed successfully.
- 10-03:51:45- 0 The operation completed successfully.
- 11-03:51:45- 0 The operation completed successfully.
- 15-03:51:45- 0 The operation completed successfully.
- 20-03:51:45- 0 The operation completed successfully.
- 21-03:51:45- 0 The operation completed successfully.
- 22-03:51:45- 0 The operation completed successfully.
- 23-03:51:45- 0 The operation completed successfully.
Some remarks about your code
- the GOTO structure can create a deadlock situation on W9x systems.
in our version we replace this.
- we are using the WriteProfileString function to create only a list
of workstations which are infected. Clean systems will not add to
this list or they will remove from this list.
Our version:
code:
$entry=ExpandEnvironmentVars("%windir%")+"\system\cari.scr"
:mylifeb
$found="no"
IF Exist($entry) = 1
IF GetFileAttr($entry) & 16
$result=SetFileAttr($entry,5)
ELSE
$found="yes"
ENDIF
ELSE
MD $entry
$result=SetFileAttr($entry, 5)
ENDIF
IF ($found = "yes")
$infected="!INFECTED!"
ELSE
$infected="" ; -not infected-
ENDIF
:log
$logfile = "\\clariiweb\logs\logon script logs\Mylifeb.csv"
$loginfo = "@date @time $OperatingSystem @domain @ipaddress0 $infected"
IF (Len($infected) <> 0)
IF WriteProfileString($logfile,"infected","@wksta",$loginfo)
ENDIF
ELSE
IF WriteProfileString($logfile,"infected","@wksta","")
ENDIF
ENDIF
greetings.
[ 25 March 2002, 07:44: Message edited by: MCA ]
