Solved

Scan / Search file system, What Language?

Posted on 2007-11-17
8
216 Views
Last Modified: 2012-08-14
I'd like to write a program that will scan the file system and analyze file attributes. It will need to like at attributes like size, date created, date modified, company, and possibly CRC32.

What language would be the best for this? How can I get the most speed?

I'd like to avoid using objects that can become disabled by viruses/spyware, such as WMI.
0
Comment
Question by:HKComputer
8 Comments
 
LVL 11

Expert Comment

by:DeepuAbrahamK
ID: 20304403
Hi There,

http://www.codeproject.com/file/cfilefinderex.asp

This may give you a start using MFC.

Best Regards,
DeepuAbrahamK
0
 
LVL 86

Expert Comment

by:jkr
ID: 20304909
Since the bottleneck for that in fact is the disk speed itself, there won't be much of a difference performance-wise between the two languages. Scanning itself will also be equally complex (or not) in both, so it is hard to give a recommendation here. I'd go for C++ though, simply because the Windows APIs to gather that information are directly available. A plain API example of doing that would be

#include <windows.h>
#include <stdio.h>

void HandleFile ( WIN32_FIND_DATA* pw32fd);
void WalkTree ( char* pszPath,  char*   pszBase);
void main ( int argc, char** argv)
{
    if  (   argc    !=  2)  return;

    WalkTree ( *( argv + 1),    NULL);
}

void WalkTree ( char* pszPath,  char*   pszBase)
{
WIN32_FIND_DATA w32fd;
HANDLE hFind;
DWORD dwAtt;
char acPath [ MAX_PATH];
char acBase [ MAX_PATH];

printf  (   "WalkTree():\tcalled with '%s' '%s'\n",   pszPath,    pszBase);

if ( '.' == * (pszPath + lstrlen ( pszPath) - 1))
                return;

if  (   pszBase)
    sprintf (   acPath, "%s\\%s",   pszBase,    pszPath);
else
    lstrcpy ( acPath, pszPath);

printf ( "path is %s\n",    acPath);
lstrcpy ( acBase, acPath);

dwAtt = GetFileAttributes ( acPath);

if ( 0xffffffff == dwAtt)
{
 // error ...
}

if ( FILE_ATTRIBUTE_DIRECTORY & dwAtt)
{
    if  (   '\\'    ==  acPath  [   lstrlen (   acPath) -   1])
            lstrcat (   acPath, "*.*");
     else
            lstrcat (   acPath, "\\*.*");

    printf ( "path is now %s\n",    acPath);
}


hFind = FindFirstFile ( acPath, &w32fd);

if ( INVALID_HANDLE_VALUE == hFind)
{
 // error

printf ( "ERROR %d\n",  GetLastError    ());

return;
}

// recurse if directory...
if ( FILE_ATTRIBUTE_DIRECTORY == w32fd.dwFileAttributes)
{

     WalkTree ( w32fd.cFileName,    acBase);
}
else
 HandleFile ( &w32fd);

while ( FindNextFile ( hFind, &w32fd))
{
    // recurse if directory...
    if ( FILE_ATTRIBUTE_DIRECTORY == w32fd.dwFileAttributes)
    {

     WalkTree ( w32fd.cFileName,    acBase);
    }
    else
      HandleFile ( &w32fd);
}

if ( ERROR_NO_MORE_FILES != GetLastError())
{
 // error
}
FindClose ( hFind);
}

void HandleFile ( WIN32_FIND_DATA* pw32fd)
{
  // handle file here
}

where you'd implement all the information gathering code in 'HandleFile()', which will be called for each file found.
0
 
LVL 86

Expert Comment

by:jkr
ID: 20304911
BTW, a straight C++ approach would be Boost's Filesystem Library, check out the docs at http://www.boost.org/libs/filesystem/doc/index.htm ("Boost Filesystem Library")
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 17

Expert Comment

by:Shanmuga Sundaram
ID: 20311226
As far as I am concerned, Language doesn't play major task. only logic plays a vital role for the need. So you can do this in any of the language that you are familiar with. Even VBscript can do this for you. So try using the language which you are familiar with as a tool to solve your need. Best of luck
0
 
LVL 4

Author Comment

by:HKComputer
ID: 20317226
One of my primary goals was speed.

How do rootkit scanners/detectors work? I suppose there's no good way to build this into a file scanner.
0
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 20320107
>>How do rootkit scanners/detectors work?

They basically scan the file system using two different methods:

- the 1st run using regular Win32 APIs
- the 2nd run using the native NT APIs (e.g. http://msdn2.microsoft.com/en-us/library/bb470238.aspx)

Then, the results are compared. If a rootkit hides some files by hooking API calls  (see e.g. http://www.windowsitlibrary.com/Content/356/06/2.html - "Hooking Windows NT System Services"), you will see the differences in both scans.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Enums (shorthand for ‘enumerations’) are not often used by programmers but they can be quite valuable when they are.  What are they? An Enum is just a type of variable like a string or an Integer, but in this case one that you create that contains…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now