Solved

Scan / Search file system, What Language?

Posted on 2007-11-17
8
220 Views
Last Modified: 2012-08-14
I'd like to write a program that will scan the file system and analyze file attributes. It will need to like at attributes like size, date created, date modified, company, and possibly CRC32.

What language would be the best for this? How can I get the most speed?

I'd like to avoid using objects that can become disabled by viruses/spyware, such as WMI.
0
Comment
Question by:HKComputer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 11

Expert Comment

by:DeepuAbrahamK
ID: 20304403
Hi There,

http://www.codeproject.com/file/cfilefinderex.asp

This may give you a start using MFC.

Best Regards,
DeepuAbrahamK
0
 
LVL 86

Expert Comment

by:jkr
ID: 20304909
Since the bottleneck for that in fact is the disk speed itself, there won't be much of a difference performance-wise between the two languages. Scanning itself will also be equally complex (or not) in both, so it is hard to give a recommendation here. I'd go for C++ though, simply because the Windows APIs to gather that information are directly available. A plain API example of doing that would be

#include <windows.h>
#include <stdio.h>

void HandleFile ( WIN32_FIND_DATA* pw32fd);
void WalkTree ( char* pszPath,  char*   pszBase);
void main ( int argc, char** argv)
{
    if  (   argc    !=  2)  return;

    WalkTree ( *( argv + 1),    NULL);
}

void WalkTree ( char* pszPath,  char*   pszBase)
{
WIN32_FIND_DATA w32fd;
HANDLE hFind;
DWORD dwAtt;
char acPath [ MAX_PATH];
char acBase [ MAX_PATH];

printf  (   "WalkTree():\tcalled with '%s' '%s'\n",   pszPath,    pszBase);

if ( '.' == * (pszPath + lstrlen ( pszPath) - 1))
                return;

if  (   pszBase)
    sprintf (   acPath, "%s\\%s",   pszBase,    pszPath);
else
    lstrcpy ( acPath, pszPath);

printf ( "path is %s\n",    acPath);
lstrcpy ( acBase, acPath);

dwAtt = GetFileAttributes ( acPath);

if ( 0xffffffff == dwAtt)
{
 // error ...
}

if ( FILE_ATTRIBUTE_DIRECTORY & dwAtt)
{
    if  (   '\\'    ==  acPath  [   lstrlen (   acPath) -   1])
            lstrcat (   acPath, "*.*");
     else
            lstrcat (   acPath, "\\*.*");

    printf ( "path is now %s\n",    acPath);
}


hFind = FindFirstFile ( acPath, &w32fd);

if ( INVALID_HANDLE_VALUE == hFind)
{
 // error

printf ( "ERROR %d\n",  GetLastError    ());

return;
}

// recurse if directory...
if ( FILE_ATTRIBUTE_DIRECTORY == w32fd.dwFileAttributes)
{

     WalkTree ( w32fd.cFileName,    acBase);
}
else
 HandleFile ( &w32fd);

while ( FindNextFile ( hFind, &w32fd))
{
    // recurse if directory...
    if ( FILE_ATTRIBUTE_DIRECTORY == w32fd.dwFileAttributes)
    {

     WalkTree ( w32fd.cFileName,    acBase);
    }
    else
      HandleFile ( &w32fd);
}

if ( ERROR_NO_MORE_FILES != GetLastError())
{
 // error
}
FindClose ( hFind);
}

void HandleFile ( WIN32_FIND_DATA* pw32fd)
{
  // handle file here
}

where you'd implement all the information gathering code in 'HandleFile()', which will be called for each file found.
0
 
LVL 86

Expert Comment

by:jkr
ID: 20304911
BTW, a straight C++ approach would be Boost's Filesystem Library, check out the docs at http://www.boost.org/libs/filesystem/doc/index.htm ("Boost Filesystem Library")
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 17

Expert Comment

by:Shanmuga Sundaram
ID: 20311226
As far as I am concerned, Language doesn't play major task. only logic plays a vital role for the need. So you can do this in any of the language that you are familiar with. Even VBscript can do this for you. So try using the language which you are familiar with as a tool to solve your need. Best of luck
0
 
LVL 4

Author Comment

by:HKComputer
ID: 20317226
One of my primary goals was speed.

How do rootkit scanners/detectors work? I suppose there's no good way to build this into a file scanner.
0
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 20320107
>>How do rootkit scanners/detectors work?

They basically scan the file system using two different methods:

- the 1st run using regular Win32 APIs
- the 2nd run using the native NT APIs (e.g. http://msdn2.microsoft.com/en-us/library/bb470238.aspx)

Then, the results are compared. If a rootkit hides some files by hooking API calls  (see e.g. http://www.windowsitlibrary.com/Content/356/06/2.html - "Hooking Windows NT System Services"), you will see the differences in both scans.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes some techniques which will make your VBA or Visual Basic Classic code easier to understand and maintain, whether by you, your replacement, or another Experts-Exchange expert.
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question