nmcv · August 1, 2013 07:57
diff --git a/msec.exploitable.bat b/msec.exploitable.bat
 @echo off
 setlocal ENABLEEXTENSIONS
 @REM get local Path of script
 for /F %%I in ("%0") do set localDir=%%~dpI

 @REM Check for MSEC.dll in current directory, and in script directory
 if not exist .\msec.dll (
 	if not exist %localDir%\msec.dll (
 		echo.
 		echo MSEC.dll not in current directory, please copy MSEC.dll locally and
 		echo rerun classify.bat.
 		echo.
 		goto error
 	) else (
 		set msecPath=%localdir%\msec.dll
 	)
 ) else (
 	set msecPath=.\msec.dll
 )

 @REM Check that cdb.exe is in the path or local directory
 WHERE /Q cdb.exe
 IF  ERRORLEVEL 1 (
    echo.
    echo cdb.exe was not found in the local directory or path
    echo.
    goto error
  )

 @REM Validate First Parameter
 if /i "%~1" EQU "" goto Usage
 if /i "%~1" EQU "/?" goto Usage
 if /i "%~1" EQU "-?" goto Usage
 if /i "%~1" EQU "/help" goto Usage
 if /i "%~1" EQU "-help" goto Usage
 if not exit "%~1" (
 	echo.
    echo "%~1" could not be found.
    echo.
    goto error
 )

 @REM Validate second Parameter
 if /i "%~2" EQU "" goto Usage
 if exist "%~2" (
  dir /a:d "%~2" > nul
  IF  ERRORLEVEL 1 (
    echo.
    echo "%~2" is a file, the second paremeter should be a directory
    echo.
    goto error
  )
 )

 @REM ERROR Checking Is Over
 set Hash=
 set Type=
 set Exploitability=
 set tempLog=.\ExploitableLog-%random%.Log

 cdb -z "%~1" -a%msecPath% -c ".symfix+; .reload; .logopen \"%tempLog%\";!exploitable -m;.logclose;q"

 for /f "tokens=1* delims=:" %%a in (%tempLog%) do (
 	for /f "tokens=1*" %%c in ("%%b") do (
 	   if /i "%%a" EQU "MAJOR_HASH" set MajorHash=%%c
 	   if /i "%%a" EQU "MINOR_HASH" set MinorHash=%%c
 	   if /i "%%a" EQU "SHORT_DESCRIPTION" set Type=%%c
 	   if /i "%%a" EQU "CLASSIFICATION" set Exploitability=%%c
 	)
 )

 set ResultDir=%~2\%CrashDir%\%Exploitability%\%type%\%MajorHash%\%MinorHash%
 md "%ResultDir%"
 copy /b /y "%~1" "%ResultDir%"
 copy /b /y %tempLog% "%ResultDir%"
 del /q %tempLog%
 goto end

 :usage
 Echo classify.bat ^ ^
 echo.
 echo Classify.bat will place the specified dump and log into a directory structure as follows:
 echo.
 echo ^\^\^\^
 echo.
 echo Examples:
 echo ^\EXPLOITABLE\WriteAV\0x6e05193a\0x7505193a
 echo ^\PROBABLY_EXPLOITABLE\TaintedDataControlsCodeFlow\0x6e05193a\0x7505193a
 echo ^\UNKNOWN\PossibleStackCorruption\0x6e05193a\0x7505193a
 echo.
 echo Classify.bat requires MSEC.dll to be in the current directory and cdb to be
 echo in the path.
 echo.
 echo To easily run classify.bat against a set of dumps try the following command:
 echo.
 echo for /R . ^%%a in (*.dmp) do classify.bat ^%%a C:\Crashes
 echo.
 goto error
 :error
 exit /b 1
 :end
 exit /b 0
	@echo off
	setlocal ENABLEEXTENSIONS
	@REM get local Path of script
	for /F %%I in ("%0") do set localDir=%%~dpI

	@REM Check for MSEC.dll in current directory, and in script directory
	if not exist .\msec.dll (
	if not exist %localDir%\msec.dll (
	echo.
	echo MSEC.dll not in current directory, please copy MSEC.dll locally and
	echo rerun classify.bat.
	echo.
	goto error
	) else (
	set msecPath=%localdir%\msec.dll
	)
	) else (
	set msecPath=.\msec.dll
	)

	@REM Check that cdb.exe is in the path or local directory
	WHERE /Q cdb.exe
	IF ERRORLEVEL 1 (
	echo.
	echo cdb.exe was not found in the local directory or path
	echo.
	goto error
	)

	@REM Validate First Parameter
	if /i "%~1" EQU "" goto Usage
	if /i "%~1" EQU "/?" goto Usage
	if /i "%~1" EQU "-?" goto Usage
	if /i "%~1" EQU "/help" goto Usage
	if /i "%~1" EQU "-help" goto Usage
	if not exit "%~1" (
	echo.
	echo "%~1" could not be found.
	echo.
	goto error
	)

	@REM Validate second Parameter
	if /i "%~2" EQU "" goto Usage
	if exist "%~2" (
	dir /a:d "%~2" > nul
	IF ERRORLEVEL 1 (
	echo.
	echo "%~2" is a file, the second paremeter should be a directory
	echo.
	goto error
	)
	)

	@REM ERROR Checking Is Over
	set Hash=
	set Type=
	set Exploitability=
	set tempLog=.\ExploitableLog-%random%.Log

	cdb -z "%~1" -a%msecPath% -c ".symfix+; .reload; .logopen \"%tempLog%\";!exploitable -m;.logclose;q"

	for /f "tokens=1* delims=:" %%a in (%tempLog%) do (
	for /f "tokens=1*" %%c in ("%%b") do (
	if /i "%%a" EQU "MAJOR_HASH" set MajorHash=%%c
	if /i "%%a" EQU "MINOR_HASH" set MinorHash=%%c
	if /i "%%a" EQU "SHORT_DESCRIPTION" set Type=%%c
	if /i "%%a" EQU "CLASSIFICATION" set Exploitability=%%c
	)
	)

	set ResultDir=%~2\%CrashDir%\%Exploitability%\%type%\%MajorHash%\%MinorHash%
	md "%ResultDir%"
	copy /b /y "%~1" "%ResultDir%"
	copy /b /y %tempLog% "%ResultDir%"
	del /q %tempLog%
	goto end

	:usage
	Echo classify.bat ^ ^
	echo.
	echo Classify.bat will place the specified dump and log into a directory structure as follows:
	echo.
	echo ^\^\^\^
	echo.
	echo Examples:
	echo ^\EXPLOITABLE\WriteAV\0x6e05193a\0x7505193a
	echo ^\PROBABLY_EXPLOITABLE\TaintedDataControlsCodeFlow\0x6e05193a\0x7505193a
	echo ^\UNKNOWN\PossibleStackCorruption\0x6e05193a\0x7505193a
	echo.
	echo Classify.bat requires MSEC.dll to be in the current directory and cdb to be
	echo in the path.
	echo.
	echo To easily run classify.bat against a set of dumps try the following command:
	echo.
	echo for /R . ^%%a in (*.dmp) do classify.bat ^%%a C:\Crashes
	echo.
	goto error
	:error
	exit /b 1
	:end
	exit /b 0