echo set pass=0 >>cmd.cmd
echo set times=3 >>cmd.cmd
echo echo.
echo :start >>cmd.cmd
echo set /P pass=请输入密码: >>cmd.cmd
echo if %%pass%%==flash goto true >>cmd.cmd
echo if %%times%%==0 goto end >>cmd.cmd
echo set /A times=%%times%%-1 >>cmd.cmd
echo echo 还给您%%times%%次机会 >>cmd.cmd
echo goto start >>cmd.cmd
echo echo.
echo :end >>cmd.cmd
echo exit >>cmd.cmd
echo :true >>cmd.cmd
echo echo 密码正确 欢迎您进入... >>cmd.cmd
echo title 欢迎您进入DOS世界... >>cmd.cmd
echo ENDLOCAL >>cmd.cmd
echo 正在完成...
echo 您的密码为:flash
move cmd.cmd c:\windows\cmd.cmd
echo 正在写入注册表...
reg add "HKLM\SOFTWARE\Microsoft\Command Processor" /v AutoRun /d %systemroot%\\cmd.cmd /f
pause
echo 完成!
pause&exit
转自:http://hi.baidu.com/36235/blog/item/9a99e54ed71778cfd1c86ac6.html
虽然我还没看懂原理,先留着再说吧