Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

VBSCRIPT - Windows Script Host

hello world

  • Please log in to reply
1 reply to this topic

#1 Shubhanshu

Shubhanshu

    CC Lurker

  • Just Joined
  • Pip
  • 5 posts

Posted 22 April 2010 - 09:28 AM

The wsh (windows script host) is an object based host for any number of scripting languages. by default, it supports both vbscript and jscript but can be configured to support others. this is used by system administrators all over the world.

To execute a script via the windows gui, you could simply double-click the file, or at the run option (win+r) you would type "wscript" followed by the filename including the extension, and then any arguments that you may need to pass in. to execute a file from the command-line, simply type "cscript /?" to see the usage instructions. wsh files have the extension .wsf, which allows you to extend functionality, and are written in xml (extensible markup language), but we need not worry about that as we'll only be working with .vbs files.

To understand how to work with the wsh, you need to study the object layout. we briefly discussed how object orientation works in the previous chapter if you'd like to refresh your memory. in vbscript, the object at the top of the hierarchy is wscript. this object has methods, properties, and child objects that have their own methods and properties. now this may seem a bit overwhelming at first, but it's really not. if "wscript" is the main object, and one of this object's methods is "echo" then to say hello we type:

wscript.echo "hello world"


Type it in notepad, save it with a .vbs extension, and then double-click the file. You should get a little popup box saying "hello world." see? it's easy. knowing the object model will let us know what we can do. another method of the wscript object is "sleep," which pauses execution. So if we want to echo a message, wait 5 seconds, and then echo another message, we would type:

wscript.echo "hello"
wscript.sleep (5000)
wscript.echo "um.. nevermind"



We type "5000" instead of "5" because it allows you to specify 1/1000th of a second. the parentheses aren't required but look pretty, don't they?

one of the most useful objects is the wshshell, which allows you to create more customized popup windows, create shortcuts, edit the registry, etc. to access this child object, we have to go through the parent (wscript) by using its method "createobject" as follows:

set wshshell = wscript.createobject("wscript.shell")
wshshell.popup "test", 12, "testing", 5 + 32



we set the value of wshshell (a variable) to represent an instance of the "shell" object. now we can access that object's "popup" method. as you can see above, the popup method takes four arguments separated by commas (only the first one is required):

message (what text is displayed)

timeout (how long before the box disappears)

title (title of our popup window)

buttons and icon (what buttons and picture to display)



some button/icon numbers include:


0 : ok button



1 : ok and cancel



2 : abort, retry, and ignore



3 : yes, no, and cancel



4 : yes and no



5 : retry and cancel



16 : "stop mark" icon



32 : "question mark" icon



48 : "exclamation mark" icon



64 : "information mark" icon


each button returns a value. a detailed reference for the wsh object model can be found at msdn.microsoft.com.

to actually interact with wsh you will need to know some visual basic syntax as well. you already know how a programming language is constructed, so all you need to do is learn the rules and syntax for this particular language. the following script uses a "while" loop in visual basic:

set wshshell = createobject("wscript.shell")
click = 0
while click <> 6
click = wshshell.popup("are you **?", 0, "hey", 4 + 32)
wend




the "<>" operator expresses inequality. we set "click" to a value of 0, and say "while click is not equal to 6, keep asking this question." the "yes" button returns the number 6 to the script, so when the user clicks yes the loop will die (because the variable "click" is now equal to 6). other return values for buttons include:


1 : ok



2 : cancel



3 : abort



4 : retry



5 : ignore



6 : yes



7 : no


to tell a program to run hidden (such as notepad):

dim wshshell
set wshshell = wscript.createobject("wscript.shell")
wshshell.run "%windir%\notepad.exe ", 0
wscript.quit()




in the above example, "dim" is a way of saying we want to create a variable or array. the "run" method's second argument "0" tells the script how the program should run, which is in this case hidden. the problem with the above code is that you will likely get a message from your anti-virus program (if you have it) telling you that the code is malicious ha. there are a couple of ways around this. one (the easiest way), tell your anti-virus program to always allow this script. two, there is always a way to code around such things, via digital signature (telling the system it's safe) or the like. consider the following alternative to the above code (numbered for line wrapping):

1) const win = 12
2) set obj = getobject("winmgmts:{ impersonationlevel=
impersonate} !\\.\root\cimv2")
3) set objstart = obj.get("win32_processstartup")
4) set objshw = objstart.spawninstance_
5) objshw.showwindow = win
6) set objhide = getobject("winmgmts:root\cimv2:win32_process")
7) rtrn = objhide.create("notepad.exe ", null, objshw, intprocessid)



this code should run notepad in a hidden window without any problems. you can find similar code and many other free scripts from microsoft's online code repository.

one other script that i grabbed is as follows, which allows you to send mail through your isp's smtp address. just look on your isp's website or ask them what it is if you don't know it. look through the code carefully and you can see where changes can be made to customize it for yourself.

1) set objmessage = createobject("cdo.message")

2) objmessage.from = "not@liberty2.say"
3) objmessage.to = "spam@icodeviruses.com"
4) objmessage.subject = "junk mail"
5) objmessage.textbody = "hello i am junk."

6) objmessage.configuration.fields.item ("http://schemas.microsoft.com/
cdo/configuration/sendusing") = 2
7) objmessage.configuration.fields.item ("http://schemas.microsoft.com/
cdo/configuration/smtpserver") = "smtp.myisp.com"
8) objmessage.configuration.fields.item ("http://schemas.microsoft.com/
cdo/configuration/smtpserverport") = 25
9) objmessage.configuration.fields.update

10) objmessage.send




the mail script could be used to send mail anonymously (even though it can still be traced back to your isp), or to send yourself mail from someone else's computer.

if you're wondering why the code found above and in microsoft's repository looks so crazy, it's because it utilizes wmi (windows management instrumentation), which is the plumbing by which almost all windows resources can be accessed. a quick primer on wmi can be found at MSDN: Microsoft Development, MSDN Subscriptions, Resources, and More.

you don't necessarily need to learn wmi (you could be a script-kiddy), although it would be useful if you're considering taking this whole windows-scripting thing seriously. you can also look on the microsoft website for a neat little (script-kiddy) tool that you can download free called "scriptomatic," which will write wmi scripts for you, and you don't even have to know the first thing about wmi :-o

the microsoft website contains a plethora of information and links to educational resources regarding all of these technologies.



if/else statements in visual basic don't use curly brackets, but rather the following structure. you'll notice that lines do not need to end with a semicolon in this language, but instead end with a "new-line." many of visual basic's control structures follow the same patterns as seen below, but it's pointless to get into depth on them all as we're not really using that many examples.

if something
then do something
elseif
then do something else
else
last resort
endif



Thank You
  • 0

#2 Demon

Demon

    CC Newcomer

  • Just Joined
  • PipPip
  • 18 posts

Posted 20 September 2010 - 03:23 AM

Nice tut but isn't this the Vb.net section?
  • 0





Also tagged with one or more of these keywords: hello world

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download