Syntax
Each command starts with a new line and has the following format:
<Command name> <Options, arguments or values separated by spaces> |
Argument values can be string, binary and numeric. A value is read as a string unless specified otherwise.
Type |
Description |
Examples |
|---|---|---|
String |
If a value starts with a double quote ("), it is read up to the same closing double quote. In addition, escaped quotes (\") are replaced with regular double quotes. Otherwise, a value is read up to a space, comment, or the end of the line or file. |
fs-remove c:\con fs-remove "c:\con 2" |
Binary |
Values are read by pairs of HEX digits. |
0B8E (2 bytes) |
Numeric |
Values are unsigned and written in decimal and hexadecimal formats. |
15 0xFE |
Comments to commands start with the # symbol.
Code validation
Syntax errors are highlighted in the command input field and displayed in the lower input field panel. Click the 
Errors panel to view the detected error list and error descriptions. To create a FixIt! tool, you have to resolve all errors.
List of commands
A script with commands is run sequentially in three steps:
1.Anti-rootkit scanner. Commands are run randomly at this step.
2.Script commands. Commands are run in the specified order at this step.
3.Data collection. Commands are run randomly at this step.