
                               ******************************************
                               ******************************************
                               *** HOW TO DEBUG MS-DOS BATCH LANGUAGE ***
                               ******************************************
                               ****************************************** by cOrRuPt G3n3t!x


   I once again wanted to learn something new in batch, how to debug my normal code to binary code and then assemble
   it at a later stage and execute it. The good thing about that is the code is in binary form and i don't
   think anyone is gonna sit and learn binary when you can just debug from your console and get the figures! So the
   language can basically be considered encrypted. As far as i've tested my 2 AV's NOD32 and Avast don't pick up the
   binary code. So i went around the internet looking for a tutorial of some sort to start me out, or even the binary code
   and its corresponding characters, BUT FOUND FUCK ALL!!! So back at square one and determined to learn how i set off
   on my new task it took me about 15 minutes to get the hang of things and another 5 minutes to work out where my errors
   in the code where. But i have accomplished my task and now want to teach others also struggling to find a debug tutorial how!
   So with out further adoo i present to you...



  1)The basics and Purpose (as far as I understand):
    ------------------------------------------------

   Well as i told you i have no backround information on debugging because i couldn't find any tutorial. but from
   what i've seen the what debugging basically does is take the characters you enter into your batch program and replace them
   with specific numbers and letters which correspond back to a certain letter in the alphabet. Binary was first used
   in batch to debug pictures, sounds etc which then made it possible for a batch program to display an actual picture
   or play an actual sound. But as other VXers soon found out, it could be used to encrypt their batch in a completely
   different way (it kinda brought a 3rd dimension to batch scripting).


  2)Pro's and Con's:
    ---------------

  Their are a few advantages using binary code as opposed to normal encryption and batch techniques. First off we can hide our virus
  payload in binary until the AV is disabled or 'taken care of' ;) and then execute the actual binary into the original script
  and there you have it! Another advantage is the fact that not many users are familiar with this coding or method and therefore
  it won't really alarm them into thinking it's a virus. However a major disadvantage (which maybe the results of my utter lack
  of proper research) is that when converting to binary all the code that MS-Dos gives us has to be taken down manually!!!!
  So creating a huge multipart, polymorphic batch virus is not impossible; but rather impractical!


  3)Creating Batch To Debug:
    ------------------------

   Well i am only going to show you one example of how to debug code as the rest are exactly the same, only the size
   of the script needs to be changed and new binary values need to be put in! We will start with the legendary "Hello VXer"
   Which as far as i know was coined by non other then the great SPTH vxer. So we will make a simple batch that will display
   the text 'Hello Vxer' in a CMD window to do this see below:
  --------------------------------------[Cut Here]---------------------------------------
  @echo off
  echo hello VXer
  pause
  exit
  --------------------------------------[Cut Here]---------------------------------------
   Now copy and paste code to a .txt and rename it to 'hello.bat'
   Then run the code and a text displaying 'Hello VXer' should be displayed.


  3a)Actual Debugging Method:
    -------------------------

   Now that we have our normal batch script in hand we shall now begin to learn how to debug it. Firts we move
   our batch file to the directory C:\, next we open Command Prompt, now in the CMD window type DEBUG C:\hello.bat
   next you should see something like this in your CMD windows

   C:\Users\CorruptGenetix)DEBUG C:\hello.bat
   -

   Next we type RCX and press enter

   C:\Users\CorruptGenetix)DEBUG C:\hello.bat
   -RCX
   

  Next the screen will look like this

  C:\Users\CorruptGenetix)DEBUG C:\hello.bat
  -RCX
  CX 0027
  :

  
  CX 0027 is the size of our script which is integral in debugging!
  Next press enter again  and the screen should then look like this

  C:\Users\CorruptGenetix)DEBUG C:\hello.bat
  -RCX
  CX 0027
  :
  -


  Now type D and press enter the screen should then look like this

  C:\Users\CorruptGenetix)DEBUG C:\hello.bat
  -RCX
  CX 0027
  :
  -D
  1761:0100 40 65 63 68 6F 20 6F 66-66 0D 0A 65 63 68 6F 20  @echo off..echo
  1761:0110 68 65 6C 6C 6F 20 56 58-65 72 0D 0A 70 61 75 73  hello vxer..paus
  1761:0120 65 0D 0A 65 78 69 74 00-00 00 00 00 00 00 00 00  e..exit.........
  1761:0130 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
  1761:0140 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
  1761:0150 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
  1761:0160 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
  -
  
   Before we continue a few tips unless you see alot of zero's like the above one it may not
   be the end of the debugged script and you may need to type D and press enter again until alot of zero's begin to appear
   then you shall know you've reached the end of your script. Another thing is you don't need to understand
   all these figures just copy them down to a txt file but do not use copy the hyphens or the zero's only up to the last 
   digit which is line 8 and ends with '74' and ignore the '1761:' and the '@echo...' comments to the right
   so you should have copied down this

  0100 40 65 63 68 6F 20 6F 66 66 0D 0A 65 63 68 6F 20
  0110 68 65 6C 6C 6F 20 56 58 65 72 0D 0A 70 61 75 73
  0120 65 0D 0A 65 78 69 74

   Now we have successfully converted our batch to binary, but this binary is useless so in order to use it we have to re-assmble
   it to it's original script (if you are confused as to why we want to re-assmble this after we have jus de-assembled it i dont
   think you have grasped the concept and should end reading this tutorial now :)) now i will show you step by step how to re-assmble
   this binary into a woking script.

   Now when coding back to a script we write the binary to abtch file that will then write to a seperate file which will then be dubugged
   and renamed to a operable batch file, see below the script and comments:


  ::echo is used to write the lines of data to a seperate file for debugging purposes
  echo e 0100 40 65 63 68 6F 20 6F 66 66 0D 0A 65 63 68 6F 20>>vxer
  echo e 0110 68 65 6C 6C 6F 20 56 58 65 72 0D 0A 70 61 75 73>>vxer
  echo e 0120 65 0D 0A 65 78 69 74>>vxer
  :: In the above lines we echo the boinary code to a file called vxer (it can be called whatever you like)
  :: we have to remember to put the 'e' infront of the binary codes lines to make sure the debug.exe knows what
  :: it is doin (debugging)
  echo rcx>>vxer
  :: Next we get the size of our code, which when we were first debugging the original batch script was CX 0027
  echo 27>>vxer
  :: we now write the file size into the file vxer. we leave out the CX and the zero's and only write the digits which is 27
  echo n bat>>vxer
  :: in the above line we name our file which i just simply called bat it can be whatever you like but the 'n' has to be there
  :: as it's the parameter used for naming the file
  echo w>>vxer
  :: The 'w' tells the debugger to now write the code to the file BAT in tha above lines
  echo q>>vxer
  :: the 'q' quits the debugging process
  debug<vxer
  :: this is where the actual debugging takes place remeber the '<' is needed in order to do process the file for debugging
  ren bat helloVXer.bat
  :: this will rename the 'bat' which we called the program a few lines up to an operable batch filr (with the extension .bat)
  del vxer
  :: this will delete the file used to debug the code.



   You should now see a file called helloVXer.bat in the current directory, this is the working batch script which we debugged and re-assembled
   run it and the text 'hello VXer' shall appear, so we have went from a script to a binary which got debugged and now gave us the batch we processed
   earlier on.


   This technique can also be used to debug pictures, sounds, VBS scripts, .exe's, .com's and many more. I hope this tutorial sheds some light
   on the illusive debug.exe in windows. If there are any problems or queries feel free to contact me and i'll do my best to help.



  [?]Contact Me:
    -----------

  [@]immortalassassin@rocketmail.com


  
   
   