2

I noticed that cmd seems to accept some characters at the ends of commands. for example all of the following function correctly:

cls.
cls;
cls(
cls\
cls+
cls=
cls\"whatever"
cls\$
cls\#

and these do not:

cls'
cls$
cls)
cls-
cls#
cls\/

Does anybody know why this happens?

Thanks in advance.

Endoro
  • 34,892
  • 8
  • 45
  • 61
Samy Bencherif
  • 1,101
  • 10
  • 23
  • 1
    Another one it accepts is `cls+` and `cls=`. – invert Aug 15 '13 at 13:49
  • If you escape those broken characters with `\\` then they accept. It happens because of how cmd.exe interprets the command line, which is wildly varied from how GNU / Linux shell might interpret it: consistently. See http://stackoverflow.com/a/4094897/114147 – invert Aug 15 '13 at 13:56
  • 5
    Perhaps the question to ask is "Why are you putting random characters at the end of command line statements?" – Ken White Aug 15 '13 at 15:36

1 Answers1

1

It depends on the batch parser.

;,= are general batch delimiters, so you can append/prepend them to the most commands without effect.

;,,=  ,=; echo hello
;,cls,;,,

The . dot can be appended to the most commands, as the parser will try to find a file named cls (without extension) cls.exe cls.bat, and when nothing is found then it takes the internal command.

The opening bracket is also a special charcter that the parser removes without error.

The \ backslash is used as path delimiter, so sometimes it works but sometimes you could change even the command.

cls\..\..\..\windows\system32\calc.exe

jeb
  • 70,992
  • 15
  • 159
  • 202