windows script host

the wsh (windows script host) is an object based host for any number of scripting languages. by default, it supports both vbscript and jscript but can be configured to support others. this is used by system administrators all over the world.

to execute a script via the windows gui, you could simply double-click the file, or at the run option (win+r) you would type "wscript" followed by the filename including the extension, and then any arguments that you may need to pass in. to execute a file from the command-line, simply type "cscript /?" to see the usage instructions. wsh files have the extension .wsf, which allows you to extend functionality, and are written in xml (extensible markup language), but we need not worry about that as we'll only be working with .vbs files.

to understand how to work with the wsh, you need to study the object layout. we briefly discussed how object orientation works in the previous chapter if you'd like to refresh your memory. in vbscript, the object at the top of the hierarchy is wscript. this object has methods, properties, and child objects that have their own methods and properties. now this may seem a bit overwhelming at first, but it's really not. if "wscript" is the main object, and one of this object's methods is "echo" then to say hello we type:

 wscript.echo "hello world" 

type it in notepad, save it with a .vbs extension, and then double-click the file. you should get a little popup box saying "hello world." see? it's easy. knowing the object model will let us know what we can do. another method of the wscript object is "sleep," which pauses execution. so if we want to echo a message, wait 5 seconds, and then echo another message, we would type:

 wscript.echo "hello" wscript.sleep (5000) wscript.echo "um.. nevermind" 

we type "5000" instead of "5" because it allows you to specify 1/1000th of a second. the parentheses aren't required but look pretty, don't they?

one of the most useful objects is the wshshell, which allows you to create more customized popup windows, create shortcuts, edit the registry, etc. to access this child object, we have to go through the parent (wscript) by using its method "createobject" as follows:

 set wshshell = wscript.createobject("") wshshell.popup "test", 12, "testing", 5 + 32 

we set the value of wshshell (a variable) to represent an instance of the "shell" object. now we can access that object's "popup" method. as you can see above, the popup method takes four arguments separated by commas (only the first one is required):

  • message (what text is displayed)

  • timeout (how long before the box disappears)

  • title (title of our popup window)

  • buttons and icon (what buttons and picture to display)

some button/icon numbers include:

0 : ok button

1 : ok and cancel

2 : abort, retry, and ignore

3 : yes, no, and cancel

4 : yes and no

5 : retry and cancel

16 : "stop mark" icon

32 : "question mark" icon

48 : "exclamation mark" icon

64 : "information mark" icon

each button returns a value. a detailed reference for the wsh object model can be found at

to actually interact with wsh you will need to know some visual basic syntax as well. you already know how a programming language is constructed, so all you need to do is learn the rules and syntax for this particular language. the following script uses a "while" loop in visual basic:

 set wshshell = createobject("") click = 0 while click <> 6     click = wshshell.popup("are you gay?", 0, "hey", 4 + 32) wend 

the "<>" operator expresses inequality. we set "click" to a value of 0, and say "while click is not equal to 6, keep asking this question." the "yes" button returns the number 6 to the script, so when the user clicks yes the loop will die (because the variable "click" is now equal to 6). other return values for buttons include:

1 : ok

2 : cancel

3 : abort

4 : retry

5 : ignore

6 : yes

7 : no

to tell a program to run hidden (such as notepad):

 dim wshshell set wshshell = wscript.createobject("") "%windir%\notepad.exe ", 0 wscript.quit() 

in the above example, "dim" is a way of saying we want to create a variable or array. the "run" method's second argument "0" tells the script how the program should run, which is in this case hidden. the problem with the above code is that you will likely get a message from your anti-virus program (if you have it) telling you that the code is malicious ha. there are a couple of ways around this. one (the easiest way), tell your anti-virus program to always allow this script. two, there is always a way to code around such things, via digital signature (telling the system it's safe) or the like. consider the following alternative to the above code (numbered for line wrapping):

 1) const win = 12 2) set obj = getobject("winmgmts:{ impersonationlevel= impersonate} !\\.\root\cimv2") 3) set objstart = obj.get("win32_processstartup") 4) set objshw = objstart.spawninstance_ 5) objshw.showwindow = win 6) set objhide = getobject("winmgmts:root\cimv2:win32_process") 7) rtrn = objhide.create("notepad.exe ", null, objshw, intprocessid) 

this code should run notepad in a hidden window without any problems. you can find similar code and many other free scripts from microsoft's online code repository.

one other script that i grabbed is as follows, which allows you to send mail through your isp's smtp address. just look on your isp's website or ask them what it is if you don't know it. look through the code carefully and you can see where changes can be made to customize it for yourself.

 1) set objmessage = createobject("cdo.message") 2) objmessage.from = "not@liberty2.say" 3) = "" 4) objmessage.subject = "junk mail" 5) objmessage.textbody = "hello i am junk." 6) objmessage.configuration.fields.item (" cdo/configuration/sendusing") = 2 7) objmessage.configuration.fields.item (" cdo/configuration/smtpserver") = "" 8) objmessage.configuration.fields.item (" cdo/configuration/smtpserverport") = 25 9) objmessage.configuration.fields.update 10) objmessage.send 

the mail script could be used to send mail anonymously (even though it can still be traced back to your isp), or to send yourself mail from someone else's computer.

if you're wondering why the code found above and in microsoft's repository looks so crazy, it's because it utilizes wmi (windows management instrumentation), which is the plumbing by which almost all windows resources can be accessed. a quick primer on wmi can be found at

you don't necessarily need to learn wmi (you could be a script-kiddy), although it would be useful if you're considering taking this whole windows-scripting thing seriously. you can also look on the microsoft website for a neat little (script-kiddy) tool that you can download free called "scriptomatic," which will write wmi scripts for you, and you don't even have to know the first thing about wmi :-o

the microsoft website contains a plethora of information and links to educational resources regarding all of these technologies.

if/else statements in visual basic don't use curly brackets, but rather the following structure. you'll notice that lines do not need to end with a semicolon in this language, but instead end with a "new-line." many of visual basic's control structures follow the same patterns as seen below, but it's pointless to get into depth on them all as we're not really using that many examples.

 if something    then do something elseif    then do something else else    last resort endif 

we'll be covering more as we move along, but if you have any questions, a complete visual basic reference covering up to date operators, functions, etc can be found by searching for "visual basic."

note: the majority of all that destructive information and knowledge that people use to target innocent windows users is freely available information from the company itself to whoever wants to read it. as many times as i've said rtfm, people just don't seem to get it, so here i am more or less writing a manual on how to rtfm. *sigh* anyway the best thing to do if you're interested in pursuing the language is to look for an on-line community revolved around vb.

i've barely even touched on everything that is possible with wsh and visual basic, but by now you should realize just how powerful they can be in combination. in fact, the infamous "i love you" virus that hit in the year 2000 was a .vbs file. speaking of viruses…

Tapeworm - 1337 Hax or Handbook
Tapeworm - 1337 Hax or Handbook
Year: 2005
Pages: 74 © 2008-2017.
If you may any questions please contact us: