How I played in the army in Warcraft III
In this article, I will describe a way to hide applications on a computer, conveniently launch them, and quickly covertly terminate them using the example of the game Warcraft III in Windows XP.
It so happened that, while serving in our valiant army, I periodically had access to a computer. And it so happened that, leaving the army, I forgot to put out my flash drive, which I always carry with me in my wallet. There were a lot of junk on this flash drive, one million folders with the name “study” and an archive with the name ... tada! wc3.rar
My joy knew no bounds, but then the question arose - how to spend evenings at your favorite game and at the same time go unnoticed? For everything about everything, I had 2-3 seconds to close the game.
The first thing that came to mind was, of course, to teach the game to fly into the tray, and not hang on the taskbar. A lot of software was tried, and the choice fell on the modest program "TrayIt!" She did an excellent job with her task. But still, there was one thing but. An executable (of the same name with the program) file generated a process that stood out with its clumsy name in the process tab of the task manager. Judge for yourself:
Disgusting, isn't it? I changed the name of the executable to neutral trayit.exe. The program gave the green light to work, spawned the process of the same name and now everything is beautiful, accurate and with a cursory review does not catch the eye in the process lists.
Note: I also recommend that you specify in the tray notification settings so that the application icon is always hidden behind the arrow.
We turned off the game, now we must somehow close it carefully. "Task Manager -> Processes -> war3.exe -> End the process" - the first thing that comes to mind, but it's long, not nice and not always possible (and time) to complete the process. I began to glance towards the command line, namely, towards the taskkill console utility.
First, create some working folder for our bat nicknames. Let it be% WINDIR% \ Scripts. in it we create a bat nickname that will kill our process. Call it killer.bat and add the following content:
Check - it works. Now assign a hotkey combination to run this script. To do this, throw the shortcut to the script in "C: \ Documents and Settings \ All Users \ Main Menu \" (it is also the "Start" menu). In the properties of the shortcut we hang up a combination of hot keys to launch (I have "Alt Ctrl Num -"). Rename the shortcut to something not catchy, for example, "Help", and change the shortcut icon to the appropriate one under the name.
To prevent a black window with utility messages from crashing when starting the script, in the properties of the shortcut in the tab specify the background color - black, and the text color is also black, and in the “Shortcut” tab indicate the “minimized to icon” launch mode.
Note: shortcuts are launched by hotkeys only from the Start menu.
So that we won’t be found with the help of search, let’s throw the game on the Truecrypt encrypted volume. We create a volume, remove the * .tc extension from the name, place it in some inconspicuous place and make it a hidden and system command:
Turn off the display of the volume in Explorer in case we suddenly forget to dismantle it. Here it is necessary to agree that the volume will be constantly mounted on the same drive, in my case it is the drive M: \ (my, mine). Using "Tweak UI for Windows" (which comes by default in the ZverCD assembly) in the control panel in the "Drives" section, turn off the display of drive M, and now you can access our volume only through the address bar "M: \".
It would be nice to teach our killer.bat script not only to kill the game, but also to disable the volume. Add the command:
Done, what else? It’s inconvenient to start: open truecrypt, enter the password, open explorer, enter M: \, find the game, start. I agree, long and not convenient. I propose this solution: according to a certain combination of hot keys, a window opens (a kind of personal command line), having entered the desired combination into it, one or another program is launched. Let's get started.
First, we’ll create a wc.bat script, which, if necessary, mounts the volume and launches the game:
Now let's do the command line. Create the menu.bat file. By analogy with killer.bat, create a shortcut, change the name, icon, hang up a key combination (e.g. Alt + Ctrl + Num +), leave the startup mode by default and fill in the following lines.
To avert eyes, so that if someone accidentally starts, I do not understand what kind of a miracle window it is:
Turn off the display of messages on the screen:
Enter the line and write it to the file variable:
We check if the file with the name% file% .bat exists and, if it exists, run it.
If you enter a file name that does not exist, the window simply closes. Such a system is quite convenient and flexible in that for the introduction of a new command it is enough to create a new script next to it, assign it a short convenient name and it will be executable via menu.bat. So, for example, in addition to wc.bat, I also added such bat-nicknames:
opr.bat
ut.bat
h.bat (ala, home)
other.
And now everything is debugged, everything is fine, clear, fast working, the necessary scripts are written. What else?
I was confused by one fact, all this is very easy to read. All this is easy to read even by a schoolboy. Moreover, it is enough, without analyzing the code, to go into the scripts folder, run any script, and it will certainly do what is necessary and run what is best not to run at the moment. It confused me and I was looking for a little protection. The idea was simple - from all received it was necessary to weld a spaghetti code.
Rename the wc.bat script to imagelib.01.dll or something similar, in order to remove the self-executing file. Delete the lines in menu.bat:
And instead of them we write:
Description of what is happening in this mess. The imagelib.01.dll, imagelib.02.dll files are kind of containers of code that we need to execute. To do this, an executable duplicate of the container is created (i.e., copying with the extension changed to .bat), after which the duplicate is started and deleted.
Pros:
- until you parse this code, you won’t guess that the libraries lying nearby are not libraries at all, but bat nicknames that contain the path and password for that
- the command name no longer depends on the file name
Minuses:
- +20 seconds to create new teams, as you need to copy one more line of code.
Press “Alt + Ctrl + Num +”, enter wc, play. Feeling the danger, we turn off the game. Put your fingers on the chord “Alt + Ctrl + Num-“ and then act on the situation.
To summarize, we got our own almost opensource command line, to which we can stick even an airplane. So, at one time, when I started menu.bat, the volume connection indicator (whether it was mounted or not) and the Internet connection indicator were displayed inside. You can, for example, add parsing with a comma in the last character of a string, and thus, you can enter several commands in a row. Having created a couple of scripts with netsh, I quickly changed pre-prepared network configuration templates. The number of the current template was displayed in the menu.bat window with the number 1 or 2.
But it was all, let’s say, fun for the sake of, bells and whistles, etc. The fancy script ran for about 2 seconds, as a result of which, armed with the KISS sword, I quickly cut this thing.
Finally, after all of the above, the source code of your bat nicks should look something like this:
menu.bat
killer.bat
imagelib.01.dll
It so happened that, while serving in our valiant army, I periodically had access to a computer. And it so happened that, leaving the army, I forgot to put out my flash drive, which I always carry with me in my wallet. There were a lot of junk on this flash drive, one million folders with the name “study” and an archive with the name ... tada! wc3.rar
My joy knew no bounds, but then the question arose - how to spend evenings at your favorite game and at the same time go unnoticed? For everything about everything, I had 2-3 seconds to close the game.
1. Friendship with tray
The first thing that came to mind was, of course, to teach the game to fly into the tray, and not hang on the taskbar. A lot of software was tried, and the choice fell on the modest program "TrayIt!" She did an excellent job with her task. But still, there was one thing but. An executable (of the same name with the program) file generated a process that stood out with its clumsy name in the process tab of the task manager. Judge for yourself:
- alg.exe
- svchost.exe
- explorer.exe
- ...
- TrayIt! .Exe
- ...
- ctfmon.exe
Disgusting, isn't it? I changed the name of the executable to neutral trayit.exe. The program gave the green light to work, spawned the process of the same name and now everything is beautiful, accurate and with a cursory review does not catch the eye in the process lists.
Note: I also recommend that you specify in the tray notification settings so that the application icon is always hidden behind the arrow.
2. The gardener killed everyone
We turned off the game, now we must somehow close it carefully. "Task Manager -> Processes -> war3.exe -> End the process" - the first thing that comes to mind, but it's long, not nice and not always possible (and time) to complete the process. I began to glance towards the command line, namely, towards the taskkill console utility.
First, create some working folder for our bat nicknames. Let it be% WINDIR% \ Scripts. in it we create a bat nickname that will kill our process. Call it killer.bat and add the following content:
@TASKKILL /F /IM war3.exe
Check - it works. Now assign a hotkey combination to run this script. To do this, throw the shortcut to the script in "C: \ Documents and Settings \ All Users \ Main Menu \" (it is also the "Start" menu). In the properties of the shortcut we hang up a combination of hot keys to launch (I have "Alt Ctrl Num -"). Rename the shortcut to something not catchy, for example, "Help", and change the shortcut icon to the appropriate one under the name.
To prevent a black window with utility messages from crashing when starting the script, in the properties of the shortcut in the tab specify the background color - black, and the text color is also black, and in the “Shortcut” tab indicate the “minimized to icon” launch mode.
Note: shortcuts are launched by hotkeys only from the Start menu.
3. Truecrypt
So that we won’t be found with the help of search, let’s throw the game on the Truecrypt encrypted volume. We create a volume, remove the * .tc extension from the name, place it in some inconspicuous place and make it a hidden and system command:
@ATTRIB +S +H C:\swap
Turn off the display of the volume in Explorer in case we suddenly forget to dismantle it. Here it is necessary to agree that the volume will be constantly mounted on the same drive, in my case it is the drive M: \ (my, mine). Using "Tweak UI for Windows" (which comes by default in the ZverCD assembly) in the control panel in the "Drives" section, turn off the display of drive M, and now you can access our volume only through the address bar "M: \".
It would be nice to teach our killer.bat script not only to kill the game, but also to disable the volume. Add the command:
@"C:\Program Files\TrueCrypt\TrueCrypt.exe" /dismount M /quit /silence /force
4. Startup optimization
Done, what else? It’s inconvenient to start: open truecrypt, enter the password, open explorer, enter M: \, find the game, start. I agree, long and not convenient. I propose this solution: according to a certain combination of hot keys, a window opens (a kind of personal command line), having entered the desired combination into it, one or another program is launched. Let's get started.
First, we’ll create a wc.bat script, which, if necessary, mounts the volume and launches the game:
@IF NOT EXIST M:\ @"C:\Program Files\TrueCrypt\TrueCrypt.exe" /a /volume С:\swap /p qwertypassword /letter M /quit /silence
@START M:\WC3\"Frozen Throne.exe"
Now let's do the command line. Create the menu.bat file. By analogy with killer.bat, create a shortcut, change the name, icon, hang up a key combination (e.g. Alt + Ctrl + Num +), leave the startup mode by default and fill in the following lines.
To avert eyes, so that if someone accidentally starts, I do not understand what kind of a miracle window it is:
@ECHO Cannot connect to Microsoft Download Center
@ECHO Do you want to exit? (y/n)Turn off the display of messages on the screen:
@ECHO OFF
Enter the line and write it to the file variable:
@SET /P file=""
We check if the file with the name% file% .bat exists and, if it exists, run it.
@IF EXIST %file%.bat @CALL %file%.bat
If you enter a file name that does not exist, the window simply closes. Such a system is quite convenient and flexible in that for the introduction of a new command it is enough to create a new script next to it, assign it a short convenient name and it will be executable via menu.bat. So, for example, in addition to wc.bat, I also added such bat-nicknames:
opr.bat
@IF NOT EXIST M:\ @"C:\Program Files\TrueCrypt\TrueCrypt.exe" /a /volume С:\swap /p qwertypassword /letter M /quit /silence
@START M:\Opera\opera.exe
ut.bat
@IF NOT EXIST M:\ @"C:\Program Files\TrueCrypt\TrueCrypt.exe" /a /volume С:\swap /p qwertypassword /letter M /quit /silence
@START M:\uTorrent\utorrent.exe
h.bat (ala, home)
@IF NOT EXIST M:\ @"C:\Program Files\TrueCrypt\TrueCrypt.exe" /a /volume С:\swap /p qwertypassword /letter M /quit /silence
@explorer M:\
other.
5. Obfuscation
And now everything is debugged, everything is fine, clear, fast working, the necessary scripts are written. What else?
I was confused by one fact, all this is very easy to read. All this is easy to read even by a schoolboy. Moreover, it is enough, without analyzing the code, to go into the scripts folder, run any script, and it will certainly do what is necessary and run what is best not to run at the moment. It confused me and I was looking for a little protection. The idea was simple - from all received it was necessary to weld a spaghetti code.
Rename the wc.bat script to imagelib.01.dll or something similar, in order to remove the self-executing file. Delete the lines in menu.bat:
@SET /P file=""
@IF EXIST %file%.bat @CALL %file%.bat
And instead of them we write:
@SET /P dll=""
@IF "%dll%"=="wc" @SET dll="imagelib.01"
@IF "%dll%"=="opr" @SET dll="imagelib.02"
...
@IF EXIST %dll%.dll @COPY %dll%.dll %dll%.bat
@IF EXIST %dll%.bat @CALL %dll%.bat
@IF EXIST %dll%.bat @DEL %dll%.bat
Description of what is happening in this mess. The imagelib.01.dll, imagelib.02.dll files are kind of containers of code that we need to execute. To do this, an executable duplicate of the container is created (i.e., copying with the extension changed to .bat), after which the duplicate is started and deleted.
Pros:
- until you parse this code, you won’t guess that the libraries lying nearby are not libraries at all, but bat nicknames that contain the path and password for that
- the command name no longer depends on the file name
Minuses:
- +20 seconds to create new teams, as you need to copy one more line of code.
6. Use
Press “Alt + Ctrl + Num +”, enter wc, play. Feeling the danger, we turn off the game. Put your fingers on the chord “Alt + Ctrl + Num-“ and then act on the situation.
7. Summary
To summarize, we got our own almost opensource command line, to which we can stick even an airplane. So, at one time, when I started menu.bat, the volume connection indicator (whether it was mounted or not) and the Internet connection indicator were displayed inside. You can, for example, add parsing with a comma in the last character of a string, and thus, you can enter several commands in a row. Having created a couple of scripts with netsh, I quickly changed pre-prepared network configuration templates. The number of the current template was displayed in the menu.bat window with the number 1 or 2.
But it was all, let’s say, fun for the sake of, bells and whistles, etc. The fancy script ran for about 2 seconds, as a result of which, armed with the KISS sword, I quickly cut this thing.
8. Source code
Finally, after all of the above, the source code of your bat nicks should look something like this:
menu.bat
@ECHO Cannot connect to Microsoft Download Center
@ECHO Do you want to exit? (y/n)
@ECHO OFF
@SET /P dll=""
@IF "%dll%"=="wc" @SET dll="imagelib.01"
@IF "%dll%"=="opr" @SET dll="imagelib.02"
@IF "%dll%"=="ut" @SET dll="imagelib.03"
@IF "%dll%"=="h" @SET dll="imagelib.04"
@IF "%dll%"=="gp" @SET dll="imagelib.05"
@IF EXIST %dll%.dll @COPY %dll%.dll %dll%.bat
@IF EXIST %dll%.bat @CALL %dll%.bat
@IF EXIST %dll%.bat @DEL %dll%.bat
killer.bat
@TASKKILL /F /IM opera.exe /IM AIMP3.exe /IM war3.exe /IM PotPlayerMini.exe /IM utorrent.exe
@"C:\Program Files\TrueCrypt\TrueCrypt.exe" /dismount M /quit /silence /force
@"C:\Program Files\CCleaner\ccleaner.exe" /auto
imagelib.01.dll
@IF NOT EXIST M:\ @"C:\Program Files\TrueCrypt\TrueCrypt.exe" /a /volume C:\swap /p qwertypassword /letter M /quit /silence
@START M:\WC3\"Frozen Throne.exe"