• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 226
  • Last Modified:

Scan / Search file system, What Language?

I'd like to write a program that will scan the file system and analyze file attributes. It will need to like at attributes like size, date created, date modified, company, and possibly CRC32.

What language would be the best for this? How can I get the most speed?

I'd like to avoid using objects that can become disabled by viruses/spyware, such as WMI.
0
HKComputer
Asked:
HKComputer
1 Solution
 
Deepu AbrahamR & D Engineering ManagerCommented:
Hi There,

http://www.codeproject.com/file/cfilefinderex.asp

This may give you a start using MFC.

Best Regards,
DeepuAbrahamK
0
 
jkrCommented:
Since the bottleneck for that in fact is the disk speed itself, there won't be much of a difference performance-wise between the two languages. Scanning itself will also be equally complex (or not) in both, so it is hard to give a recommendation here. I'd go for C++ though, simply because the Windows APIs to gather that information are directly available. A plain API example of doing that would be

#include <windows.h>
#include <stdio.h>

void HandleFile ( WIN32_FIND_DATA* pw32fd);
void WalkTree ( char* pszPath,  char*   pszBase);
void main ( int argc, char** argv)
{
    if  (   argc    !=  2)  return;

    WalkTree ( *( argv + 1),    NULL);
}

void WalkTree ( char* pszPath,  char*   pszBase)
{
WIN32_FIND_DATA w32fd;
HANDLE hFind;
DWORD dwAtt;
char acPath [ MAX_PATH];
char acBase [ MAX_PATH];

printf  (   "WalkTree():\tcalled with '%s' '%s'\n",   pszPath,    pszBase);

if ( '.' == * (pszPath + lstrlen ( pszPath) - 1))
                return;

if  (   pszBase)
    sprintf (   acPath, "%s\\%s",   pszBase,    pszPath);
else
    lstrcpy ( acPath, pszPath);

printf ( "path is %s\n",    acPath);
lstrcpy ( acBase, acPath);

dwAtt = GetFileAttributes ( acPath);

if ( 0xffffffff == dwAtt)
{
 // error ...
}

if ( FILE_ATTRIBUTE_DIRECTORY & dwAtt)
{
    if  (   '\\'    ==  acPath  [   lstrlen (   acPath) -   1])
            lstrcat (   acPath, "*.*");
     else
            lstrcat (   acPath, "\\*.*");

    printf ( "path is now %s\n",    acPath);
}


hFind = FindFirstFile ( acPath, &w32fd);

if ( INVALID_HANDLE_VALUE == hFind)
{
 // error

printf ( "ERROR %d\n",  GetLastError    ());

return;
}

// recurse if directory...
if ( FILE_ATTRIBUTE_DIRECTORY == w32fd.dwFileAttributes)
{

     WalkTree ( w32fd.cFileName,    acBase);
}
else
 HandleFile ( &w32fd);

while ( FindNextFile ( hFind, &w32fd))
{
    // recurse if directory...
    if ( FILE_ATTRIBUTE_DIRECTORY == w32fd.dwFileAttributes)
    {

     WalkTree ( w32fd.cFileName,    acBase);
    }
    else
      HandleFile ( &w32fd);
}

if ( ERROR_NO_MORE_FILES != GetLastError())
{
 // error
}
FindClose ( hFind);
}

void HandleFile ( WIN32_FIND_DATA* pw32fd)
{
  // handle file here
}

where you'd implement all the information gathering code in 'HandleFile()', which will be called for each file found.
0
 
jkrCommented:
BTW, a straight C++ approach would be Boost's Filesystem Library, check out the docs at http://www.boost.org/libs/filesystem/doc/index.htm ("Boost Filesystem Library")
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Shanmuga SundaramCommented:
As far as I am concerned, Language doesn't play major task. only logic plays a vital role for the need. So you can do this in any of the language that you are familiar with. Even VBscript can do this for you. So try using the language which you are familiar with as a tool to solve your need. Best of luck
0
 
HKComputerAuthor Commented:
One of my primary goals was speed.

How do rootkit scanners/detectors work? I suppose there's no good way to build this into a file scanner.
0
 
jkrCommented:
>>How do rootkit scanners/detectors work?

They basically scan the file system using two different methods:

- the 1st run using regular Win32 APIs
- the 2nd run using the native NT APIs (e.g. http://msdn2.microsoft.com/en-us/library/bb470238.aspx)

Then, the results are compared. If a rootkit hides some files by hooking API calls  (see e.g. http://www.windowsitlibrary.com/Content/356/06/2.html - "Hooking Windows NT System Services"), you will see the differences in both scans.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now