Menu
I came across a mind-blowing weird script that crashes the console:
set "h=/?" & call [if | for | rem] %%h%%
IF, FOR and REM aren't normal internal commands.
They use an own special parser, which possibly caused some interception errors so it crashed.@jeb pointed out CALL doesn't execute the following special characters, but instead convert them into a "token" (version dependent):
& returns /
&& returns 1
| returns 2
|| returns 0
/? returns <
@ returns +
@() returns ;
@if a==a : returns ,
@for %a in () do : returns +
@rem : returns -
However, even though they have unique parsers, it still doesn't explain why they all crash. So I did some testing:
- Remove
callC:\>set "h=/?" & for %h% %%h%% was unexpected at this time.
- Change the command to something else. (I tried all other internal commands, none works)
- Seperate two commands:
C:\>set "h=/?" C:\>call for %%h%% --FOR help message--
- Add
@C:\>set "h=/?" & call for @%%h%% CRASH!!!
- Surround the scriptblock by
()C:\>set "h=/?" & call for (%%h%%) CRASH!!!
Summary of question:
call play?
643
If Command Prompt is not opening on your Windows PC, you can try alternative ways to launch CMD. You can try launching Command Prompt from File Explorer or Task Manager. If that doesn't work, you can try running a System File Checker (SFC) scan to fix the corrupted system files and make CMD work.
If the system file is damaged, it may also cause the problem that CMD opens and closes immediately in Windows 10. For this, you can try to fix this problem by running the Windows 10 System File Checker (SFC).
Open Command Prompt, type cleanmgr, and hit Enter. In the Drive Selection window, select the drive you want to clean up and click OK. Next, in the Disk Cleanup window, select all the files you want to delete and click OK.
The CALL is necessary to start a second round of the parser.
But there is a small bug (or more), in that phase it's not possible to execute any of the special commands or using &, |, &&, ||, redirection or command blocks.
The cause seems to be, that the parser build internally a token graph, replacing the special things into some kind of token values.
But with CALL the executer doesn't know anymore how to handle them.
This code tries to execute a batch file, named 3.bat !!!
(The name can be different, depending on the windows version)
set "cmd=(a) & (b)"
call %%cmd%%
But in your sample, the help function is triggered on a non executable token.
That seems to be the final death trigger for the executer to be completely out of sanity.
179
Calling linefeeds \n or FOR, IF & REM's help function crashes cmd, exiting with ERRORLEVEL -1073741819 aka 0xC0000005, which indicates an access violation error.
First, the cmd parser tries to start werfault to terminate the process.
If you prematurely terminate werfault, an error message will appear!
Access violation error:
The instruction at 0x00007FF7F18E937B referenced memory at 0x0000000000000070. The memory could not be read.
It is conjectured that if, for and rem uses special parsers, but when the help function is triggered by call, a non-command token is returned, which crashes the cmd parser.
Sources:
- Why I can't CALL "IF" and "FOR" neither in batch nor in the cmd?
- CALL me, or better avoid call
- Limit CMD processing to internal commands, safer and faster?
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
