b2ev - Bat2Exe eVolved
Moderator: DosItHelp
b2ev - Bat2Exe eVolved
Hello !
I come there to present you yet another Batch to Executable packer !
The most interesting features of this Batch to Exe is :
- out of box exact-directory support (use file system as workspace instead of projects like F2KO Batch to Exe), thus, you can put entire directories in built executables
- flavor a minimal overhead approaching 25 Kio with a minimal hello world (with F2KO Batch to Exe, we get 89 Kio)
- flavor lz4 compression (disableable) that considerably reduce executable size (especially for big projects)
- very fast (unpack time is approximativelly 2 times faster than F2KO Batch to Exe)
- non-Windows platform support, well, this looks dubious, but you can use Dos9 to provide a batch implementation for e.g Linux
Everything is Open, your executable is built from known and provided source code, the archive does not contain any executables (except Tiny C Compiler).
(this is a partial copy of README of the gitlab page : https://gitlab.com/TSnake41/b2ev)
Lightweight toolkit to pack batch files (and even directories) to a single autonomous executable.
Features
- very lightweight and fast executable
- lz4 compression (with in-memory uncompression)
- directory packing
- modular approach
- custom non-Windows platform support
How to use
Put all your files in files directory then run build.bat, your ready executable is output.exe.
Your files must contains main.bat which is the entry point of your program.
Download : https://cdn.discordapp.com/attachments/ ... 60/b2ev.7z
GitLab page (with source code and more explanations) : https://gitlab.com/TSnake41/b2ev
Virus total of a simple hello world : https://www.virustotal.com/#/file/57db8 ... /detection
In comparison with the same code but with F2KO Batch to Exe compiler : https://www.virustotal.com/#/file/f07c4 ... /detection
The reason of that is the technical difference between F2KO Batch to Exe and b2ev.
F2KO Batch to Exe uses a lot a different functions with some of these "risky functions" such as SetFocus, BringWindowToTop, GetSystemMetrics, GetVersionEx (can be used in RAT tools) ..., and some special PE features : AcceleratorTable, Ressources, ... .
The list of functions used by F2KO Batch to Exe is quite big : https://hastebin.com/xeviqevake.css
b2ev uses less functions : https://hastebin.com/iziqereviw.cpp
So, it's sure that anti-virusses are unlikely triggering since the program is potentially less dangerous (as it is not doing anything dangerous).
I come there to present you yet another Batch to Executable packer !
The most interesting features of this Batch to Exe is :
- out of box exact-directory support (use file system as workspace instead of projects like F2KO Batch to Exe), thus, you can put entire directories in built executables
- flavor a minimal overhead approaching 25 Kio with a minimal hello world (with F2KO Batch to Exe, we get 89 Kio)
- flavor lz4 compression (disableable) that considerably reduce executable size (especially for big projects)
- very fast (unpack time is approximativelly 2 times faster than F2KO Batch to Exe)
- non-Windows platform support, well, this looks dubious, but you can use Dos9 to provide a batch implementation for e.g Linux
Everything is Open, your executable is built from known and provided source code, the archive does not contain any executables (except Tiny C Compiler).
(this is a partial copy of README of the gitlab page : https://gitlab.com/TSnake41/b2ev)
Lightweight toolkit to pack batch files (and even directories) to a single autonomous executable.
Features
- very lightweight and fast executable
- lz4 compression (with in-memory uncompression)
- directory packing
- modular approach
- custom non-Windows platform support
How to use
Put all your files in files directory then run build.bat, your ready executable is output.exe.
Your files must contains main.bat which is the entry point of your program.
Download : https://cdn.discordapp.com/attachments/ ... 60/b2ev.7z
GitLab page (with source code and more explanations) : https://gitlab.com/TSnake41/b2ev
Virus total of a simple hello world : https://www.virustotal.com/#/file/57db8 ... /detection
In comparison with the same code but with F2KO Batch to Exe compiler : https://www.virustotal.com/#/file/f07c4 ... /detection
The reason of that is the technical difference between F2KO Batch to Exe and b2ev.
F2KO Batch to Exe uses a lot a different functions with some of these "risky functions" such as SetFocus, BringWindowToTop, GetSystemMetrics, GetVersionEx (can be used in RAT tools) ..., and some special PE features : AcceleratorTable, Ressources, ... .
The list of functions used by F2KO Batch to Exe is quite big : https://hastebin.com/xeviqevake.css
b2ev uses less functions : https://hastebin.com/iziqereviw.cpp
So, it's sure that anti-virusses are unlikely triggering since the program is potentially less dangerous (as it is not doing anything dangerous).
Last edited by TSnake41 on 14 Oct 2018 04:54, edited 1 time in total.
Re: b2ev - Bat2Exe eVolved
Many thanks for this tool.
Converters of bat to exe that have the word "Compiler" seems not very reliable, because it not convert the batch script to machine language, it only extract the script to temporal folder and run.
It always depends and needs cmd.exe
Batch script always are interpreted. Cmd read a plain text source script.
Thus, the possible reason for convert to exe of protect the code is not achieved.
But i like your project because is open source and a excellent work.
In the past I tried develop a method using environment variables: Ofuscate the script code in a environment variable, set a environment variable with a name, for example: _code_ and extract a batch script with this code: and run (create the process providing that environment variable).
That limits some parts of the language, but allowed to execute certain code. The problem was a user show me that the code in the environment variable was available if you do a memory dump of cmd.exe.
I think that your tool because is open source code and allow good possibilities.
Converters of bat to exe that have the word "Compiler" seems not very reliable, because it not convert the batch script to machine language, it only extract the script to temporal folder and run.
It always depends and needs cmd.exe
Batch script always are interpreted. Cmd read a plain text source script.
Thus, the possible reason for convert to exe of protect the code is not achieved.
But i like your project because is open source and a excellent work.
In the past I tried develop a method using environment variables: Ofuscate the script code in a environment variable, set a environment variable with a name, for example: _code_ and extract a batch script with this code:
Code: Select all
%_code_%
That limits some parts of the language, but allowed to execute certain code. The problem was a user show me that the code in the environment variable was available if you do a memory dump of cmd.exe.
I think that your tool because is open source code and allow good possibilities.
Re: b2ev - Bat2Exe eVolved
Thanks for your reply carlos !
You are right, I shouldn't name it as a compiler and should more name it as a converter or packer.Converters of bat to exe that have the word "Compiler" seems not very reliable, because it not convert the batch script to machine language, it only extract the script to temporal folder and run.
It always depends and needs cmd.exe
Batch script always are interpreted. Cmd read a plain text source script.
Thus, the possible reason for convert to exe of protect the code is not achieved.
This way to embed code could be interesting for small codes maybe.In the past I tried develop a method using environment variables: Ofuscate the script code in a environment variable, set a environment variable with a name, for example: _code_ and extract a batch script with this code:and run (create the process providing that environment variable).Code: Select all
%_code_%
That limits some parts of the language, but allowed to execute certain code. The problem was a user show me that the code in the environment variable was available if you do a memory dump of cmd.exe.
Obfuscating (in particular in Batch) is hard, and is often easier to circumvent than to make.
There are way to make it very hard to circumvent (and maybe compile ?) but, it needs more research especially with dos9.org which will be useful there.
Re: b2ev - Bat2Exe eVolved
i get this error
please help
=
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1047: warning: implicit declaration of function 'GetACP'
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1050: warning: implicit declaration of function 'GetOEMCP'
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1085: error: 'MB_ERR_INVALID_CHARS' undeclared
=
please help
=
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1047: warning: implicit declaration of function 'GetACP'
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1050: warning: implicit declaration of function 'GetOEMCP'
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1085: error: 'MB_ERR_INVALID_CHARS' undeclared
=
- Attachments
-
- error.JPG (27.04 KiB) Viewed 14650 times
-
- Posts: 21
- Joined: 08 Jul 2019 05:22
Re: b2ev - Bat2Exe eVolved
I tried the program from the link above (https: //cdn.discordapp.com ...) and I did not encounter any error. On the other hand, the detection rate of the output.exe generated by virustotal is 13 out of 71, not so good ...
Re: b2ev - Bat2Exe eVolved
I have no idea on why you get this error.icc wrote: ↑08 Jul 2019 18:55i get this error
please help
=
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1047: warning: implicit declaration of function 'GetACP'
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1050: warning: implicit declaration of function 'GetOEMCP'
In file included from src/dir2tar.c:32:
src/lib/dirent.h:1085: error: 'MB_ERR_INVALID_CHARS' undeclared
=
Check your tiny c compiler installation (you can download the latest version there : http://download.savannah.gnu.org/releas ... 32-bin.zip)
You can try to install the full winapi headers for tinycc : http://download.savannah.gnu.org/releas ... 0.9.27.zip
You just need to replace the tcc/include directory with the new one from this zip.
If you enable NO_CONSOLE (which is currently only in gitlab repository), you may have a more suspicious file as it is not visible to the user thus anti-viruses are a lot more attentive to that kind of program.bakemonogatari wrote: ↑09 Jul 2019 13:29I tried the program from the link above (https: //cdn.discordapp.com ...) and I did not encounter any error. On the other hand, the detection rate of the output.exe generated by virustotal is 13 out of 71, not so good ...
In most case, you want your program to be running as it is a batch file, which doesn't use this feature. Disabling NO_CONSOLE very significantly reduces the detection rate of the program (check virustotal of the first post, they are still relevant with latest gitlab version).
I shouldn't (and won't) try to workarround anti-viruses as it is non-goal and possibly even more suspicious.
Anyway, this feature is disabled by default and should be only enabled when required.
NOTE: Keep in mind that detection rate also depends of the content of the payload (files inside your executable).
EDIT: The latest version of b2ev uses another method to disable the console, instead of completly disabling it, it closes it at the very beginning which makes the console almost (most-likely) invisible.
Now, the detection rate is functionnaly the same as with console enabled.
-
- Posts: 21
- Joined: 08 Jul 2019 05:22
Re: b2ev - Bat2Exe eVolved
@TSnake41
hi,
When I run output.exe, I would like him to ask me for a password. Is there a way to do it with b2ev? I do not want the batch content to be readable in %tmp% without the password being entered first...
hi,
When I run output.exe, I would like him to ask me for a password. Is there a way to do it with b2ev? I do not want the batch content to be readable in %tmp% without the password being entered first...
Re: b2ev - Bat2Exe eVolved
other batch wrappers do have this option ( but shows more viruses)
i would suggest you to 7zip the content with password then use 7zip from batch to extract it when password match to encrypted file (you will need to add 7zip in your exe)
i would suggest you to 7zip the content with password then use 7zip from batch to extract it when password match to encrypted file (you will need to add 7zip in your exe)
-
- Posts: 21
- Joined: 08 Jul 2019 05:22
Re: b2ev - Bat2Exe eVolved
is there a reason why after compiled it can't run something like "manage-bde -status c:" ? it says it is not recognized as an internal command.