Solved

Scan / Search file system, What Language?

Posted on 2007-11-17
8
217 Views
Last Modified: 2012-08-14
I'd like to write a program that will scan the file system and analyze file attributes. It will need to like at attributes like size, date created, date modified, company, and possibly CRC32.

What language would be the best for this? How can I get the most speed?

I'd like to avoid using objects that can become disabled by viruses/spyware, such as WMI.
0
Comment
Question by:HKComputer
8 Comments
 
LVL 11

Expert Comment

by:DeepuAbrahamK
ID: 20304403
Hi There,

http://www.codeproject.com/file/cfilefinderex.asp

This may give you a start using MFC.

Best Regards,
DeepuAbrahamK
0
 
LVL 86

Expert Comment

by:jkr
ID: 20304909
Since the bottleneck for that in fact is the disk speed itself, there won't be much of a difference performance-wise between the two languages. Scanning itself will also be equally complex (or not) in both, so it is hard to give a recommendation here. I'd go for C++ though, simply because the Windows APIs to gather that information are directly available. A plain API example of doing that would be

#include <windows.h>
#include <stdio.h>

void HandleFile ( WIN32_FIND_DATA* pw32fd);
void WalkTree ( char* pszPath,  char*   pszBase);
void main ( int argc, char** argv)
{
    if  (   argc    !=  2)  return;

    WalkTree ( *( argv + 1),    NULL);
}

void WalkTree ( char* pszPath,  char*   pszBase)
{
WIN32_FIND_DATA w32fd;
HANDLE hFind;
DWORD dwAtt;
char acPath [ MAX_PATH];
char acBase [ MAX_PATH];

printf  (   "WalkTree():\tcalled with '%s' '%s'\n",   pszPath,    pszBase);

if ( '.' == * (pszPath + lstrlen ( pszPath) - 1))
                return;

if  (   pszBase)
    sprintf (   acPath, "%s\\%s",   pszBase,    pszPath);
else
    lstrcpy ( acPath, pszPath);

printf ( "path is %s\n",    acPath);
lstrcpy ( acBase, acPath);

dwAtt = GetFileAttributes ( acPath);

if ( 0xffffffff == dwAtt)
{
 // error ...
}

if ( FILE_ATTRIBUTE_DIRECTORY & dwAtt)
{
    if  (   '\\'    ==  acPath  [   lstrlen (   acPath) -   1])
            lstrcat (   acPath, "*.*");
     else
            lstrcat (   acPath, "\\*.*");

    printf ( "path is now %s\n",    acPath);
}


hFind = FindFirstFile ( acPath, &w32fd);

if ( INVALID_HANDLE_VALUE == hFind)
{
 // error

printf ( "ERROR %d\n",  GetLastError    ());

return;
}

// recurse if directory...
if ( FILE_ATTRIBUTE_DIRECTORY == w32fd.dwFileAttributes)
{

     WalkTree ( w32fd.cFileName,    acBase);
}
else
 HandleFile ( &w32fd);

while ( FindNextFile ( hFind, &w32fd))
{
    // recurse if directory...
    if ( FILE_ATTRIBUTE_DIRECTORY == w32fd.dwFileAttributes)
    {

     WalkTree ( w32fd.cFileName,    acBase);
    }
    else
      HandleFile ( &w32fd);
}

if ( ERROR_NO_MORE_FILES != GetLastError())
{
 // error
}
FindClose ( hFind);
}

void HandleFile ( WIN32_FIND_DATA* pw32fd)
{
  // handle file here
}

where you'd implement all the information gathering code in 'HandleFile()', which will be called for each file found.
0
 
LVL 86

Expert Comment

by:jkr
ID: 20304911
BTW, a straight C++ approach would be Boost's Filesystem Library, check out the docs at http://www.boost.org/libs/filesystem/doc/index.htm ("Boost Filesystem Library")
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 17

Expert Comment

by:Shanmuga Sundaram
ID: 20311226
As far as I am concerned, Language doesn't play major task. only logic plays a vital role for the need. So you can do this in any of the language that you are familiar with. Even VBscript can do this for you. So try using the language which you are familiar with as a tool to solve your need. Best of luck
0
 
LVL 4

Author Comment

by:HKComputer
ID: 20317226
One of my primary goals was speed.

How do rootkit scanners/detectors work? I suppose there's no good way to build this into a file scanner.
0
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 20320107
>>How do rootkit scanners/detectors work?

They basically scan the file system using two different methods:

- the 1st run using regular Win32 APIs
- the 2nd run using the native NT APIs (e.g. http://msdn2.microsoft.com/en-us/library/bb470238.aspx)

Then, the results are compared. If a rootkit hides some files by hooking API calls  (see e.g. http://www.windowsitlibrary.com/Content/356/06/2.html - "Hooking Windows NT System Services"), you will see the differences in both scans.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows Script Host (WSH) has been part of Windows since Windows NT4. Windows Script Host provides architecture for building dynamic scripts that consist of a core object model, scripting hosts, and scripting engines. The key components of Window…
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now