CMD2EXE ... Kind of Like a Batch File Compiler

Jim Lawless

For some personal needs, I built a C program that would act as kind of an installer tool. I embedded some files to the executable. When run, the executable would extract the files and it would invoke a specific one as a batch file. I formalized the code a bit yielding a new utility: CMD2EXE.

CMD2EXE was based on a simple C runtime stub. When executed, the stub would check for files that had been appended to it. It would write them to a temporary directory and it would invoke one that had been specified. All of this was managed by keeping a string literal in the stub that would hold the size of the executable stub. The internal code would call the atoi() function on the string literal to convert it to a size. The code would then open itself … the EXE … for reading beginning at the next address after the number specified by the string literal. Injecting the size into that field was just part of the build process.

This was an easy way to embed a batch file into an executable. It was pretty popular. It was under MailGrab in terms of sales. Despite the popularity, I ran into a few problems.

Anti-Virus Software

Someone must have use CMD2EXE to encode a nefarious payload for a virus. One of my customers contacted me saying that they could no longer use the tool to package executables. I tried it myself. They were correct. Apparently, some data strings in the CMD2EXE stub were catlogued as belonging to a virus. I worked with some AV companies to stop this, but it happened after that … more than once.

Security Constraints

Some AV / Anti-Malware software was starting to prevent programs from writing scripts to temporary file areas and executing them. There are perfectly normal reasons for doing this, but I was in no position to try to fight this.

A Couple of Last Features

I remember adding the ability to hide the console window on execution ( building in functions from Run & Hide ). I also added the ability to run a series of commands sequentially instead of writing them out to a file. This was a very inefficient way of executing commands in batch, but it was the only way that would not be scrutinized by AV and security software.

Eventually, I stopped selling CMD2EXE. It was quite handy and it was popular. I was going to expand it with instructions on running a variety of scripting languages from within a packaged EXE. There were a number of tools emerging to do this at the time, so I felt no urgency to throw my hat into the ring. I felt that this approach was just trying to leverage a technique that fell out of favor with modern security practices.