breaking the cmd :)

Microsoft Windows
Post Reply
User avatar
MigrationUser
Posts: 336
Joined: 2021-Jul-12, 1:37 pm
Contact:

breaking the cmd :)

Post by MigrationUser »

02 Nov 2012 09:30
npocmaka

Any idea why this breaks the cmd:

Code: Select all

@echo off 
rem do not set new lines at the end or you'll break the breaker
echo combobreaker |(>^
This the most fun variation of this.If you'are fast enough with pressing ctrl+c there's a chance to "save" the cmd session ,and you'll receive GeTokens(smthng) on every line.
Theese will just broke the cmd (not every variation crashes the cmd. Somes just prints empty line , or will echo without new line , here are only this that I found that causes crash of the cmd):

Code: Select all

@echo off 
echo combobreaker |)>^

Code: Select all

@echo off 
echo combobreaker |(<^^

Code: Select all

@echo off 
echo combobreaker |>^
here you need the empty line before combobreaker echoing:

Code: Select all

@echo off 

echo combobreaker |(^

Code: Select all

@echo off 

echo combo >(|^

And this you'll say that the can't find the called file:

Code: Select all

@echo off 
rem file not found
echo combobreaker |)<^^
this will require 4 ctrl+c to stop:

Code: Select all

@echo off 
rem do not set new lines at the end
echo ^

|(>^
Last edited by npocmaka (02 Nov 2012 09:34)

----------------------------

#2 02 Nov 2012 12:37
dbenham

I don't see anything unusual with

Code: Select all

@echo off 
echo combobreaker |(<^^
You are piping to a parenthesized block of code, but you never close the block, so the command aborts cleanly. It never attempts to process the redirection. It would likely fail if it did because a file named "^" probably does not exist.

Nor do I see anything unusual with

Code: Select all

@echo off
rem do not set new lines at the end or you'll break the breaker
echo combobreaker |)<^^
The code would attempt to pipe the ECHO result to a command named ")" (which would fail with its own error), but before it does that it attempts to redirect input to a non-existent file named "^".

But all the other versions that end with a single caret fail in some bizarre way. The caret is the escape character - the CMD batch parser wants to read the next character and ignore any special meaning that it might normally have. But there is no next character since you have reached the end-of-file. CMD should detect this error condition and exit the batch script with a nice error message. Obviously the batch parser has a bug and appears to enter some endless loop doing who knows what. The various versions are in different parsing contexts when the bug occurs, which could explain why you get different behaviors (all bad).

Dave Benham

----------------------------

#3 02 Nov 2012 16:04
npocmaka


O yeaah..
Thanks for the hint.
So the whole fun is in the redirecting from/out-to escaped :eof.

Which game the idea to try few other things:

Code: Select all

@echo off
( echo ^
<^

and

@echo off
( echo ^
>^
Nothing so interesting just will require double ctrl+c to stop.I suppose the first one is just escaped.

e:

Code: Select all

@echo off
goto :eof >^

Code: Select all

@echo off
goto :eof <^


Again a lot of GeTokens:

Code: Select all

@echo off
echo combobreaker |( goto :eof >^

Code: Select all

@echo off
echo combobreaker |( goto :eof <^

Just a little bit more ctrl+c-s

Another cmd crashers:

Code: Select all

@echo off
( goto :eof |<^

Code: Select all

@echo off
( goto :eof |>^
And.The.Thing.That.Scares.Me.

Code: Select all

 @echo off
( goto :eof >^

Code: Select all

 @echo off
( goto :eof <^
I don't know what the difference is with the opening parenthesis but this completely freezes my machine.At the moment I have no other machine to try but I will later...

Last edited by npocmaka (02 Nov 2012 16:25)

----------------------------

#4 27 Feb 2013 20:59
npocmaka

One more way:

Code: Select all

echo on
break | for %%A in () do echo %%A
I saw jeb to use similar thing to pass parameters to FOR /F.
but with empty body this crashes the cmd.
And with echo on it prints :

Code: Select all

    for %%A in ((nul)) do echo %%A
I'm curious if there are more ways for crashing.

----------------------------

#5 01 Mar 2013 09:39
jeb

I suppose the full crash with pipes occours, as you can't reach the new cmd.exe with ctrl-c context, build by the pipe.

Carets can crash in many cases.

Code: Select all

set "caret=^"
call echo %%caret%%
Crashes not on all Windows versions , but on some

jeb

----------------------------

#6 15 Jul 2013 21:19
npocmaka

I've tried some more things with caret and call , and this is the result:

Code: Select all

::breaks the cmd
:: EOF after the caret
break & call ^
if its only call ^ it can be stopped with ctrl+c.And instead of break , any other command can be used ,but break seems look good here.

----------------------------

#7 15 Jul 2013 22:21
jeb


I like your tests ... but in this case it's not the CALL command that fails with the caret, it's just the caret at the end of file.

Appending a line and the batch works fine.

Or try to replace the CALL with ECHO or even SETLOCAL, they all creates a crash.

----------------------------
#8 16 Jul 2013 00:47
Simon Sheppard


Possibly the shortest batch file that crashes the shell:

Code: Select all

^&^
----------------------------

#9 18 Jul 2013 07:04
npocmaka

Ha!Thanks.Now I'm much better at crashing the prompt :-D

----------------------------

#10 29 Jul 2015 10:39
npocmaka

Code: Select all

@echo off 
rem do not set new lines at the end or you'll break the breaker
echo combobreaker |(>^
just installed windows 10.
Fixed there sad

Last edited by npocmaka (29 Jul 2015 10:40)

----------------------------

#11 13 Aug 2015 14:41
npocmaka

...and one more way to crash the command prompt:

Code: Select all

@echo off
set "h=/?"
call rem  %%h%%

from command line this can be used - set "h=/?"&call rem %%h%%

Last edited by npocmaka (13 Aug 2015 14:56)
Post Reply