Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Scan / Search file system, What Language?

Posted on 2007-11-17
8
219 Views
Last Modified: 2012-08-14
I'd like to write a program that will scan the file system and analyze file attributes. It will need to like at attributes like size, date created, date modified, company, and possibly CRC32.

What language would be the best for this? How can I get the most speed?

I'd like to avoid using objects that can become disabled by viruses/spyware, such as WMI.
0
Comment
Question by:HKComputer
8 Comments
 
LVL 11

Expert Comment

by:DeepuAbrahamK
ID: 20304403
Hi There,

http://www.codeproject.com/file/cfilefinderex.asp

This may give you a start using MFC.

Best Regards,
DeepuAbrahamK
0
 
LVL 86

Expert Comment

by:jkr
ID: 20304909
Since the bottleneck for that in fact is the disk speed itself, there won't be much of a difference performance-wise between the two languages. Scanning itself will also be equally complex (or not) in both, so it is hard to give a recommendation here. I'd go for C++ though, simply because the Windows APIs to gather that information are directly available. A plain API example of doing that would be

#include <windows.h>
#include <stdio.h>

void HandleFile ( WIN32_FIND_DATA* pw32fd);
void WalkTree ( char* pszPath,  char*   pszBase);
void main ( int argc, char** argv)
{
    if  (   argc    !=  2)  return;

    WalkTree ( *( argv + 1),    NULL);
}

void WalkTree ( char* pszPath,  char*   pszBase)
{
WIN32_FIND_DATA w32fd;
HANDLE hFind;
DWORD dwAtt;
char acPath [ MAX_PATH];
char acBase [ MAX_PATH];

printf  (   "WalkTree():\tcalled with '%s' '%s'\n",   pszPath,    pszBase);

if ( '.' == * (pszPath + lstrlen ( pszPath) - 1))
                return;

if  (   pszBase)
    sprintf (   acPath, "%s\\%s",   pszBase,    pszPath);
else
    lstrcpy ( acPath, pszPath);

printf ( "path is %s\n",    acPath);
lstrcpy ( acBase, acPath);

dwAtt = GetFileAttributes ( acPath);

if ( 0xffffffff == dwAtt)
{
 // error ...
}

if ( FILE_ATTRIBUTE_DIRECTORY & dwAtt)
{
    if  (   '\\'    ==  acPath  [   lstrlen (   acPath) -   1])
            lstrcat (   acPath, "*.*");
     else
            lstrcat (   acPath, "\\*.*");

    printf ( "path is now %s\n",    acPath);
}


hFind = FindFirstFile ( acPath, &w32fd);

if ( INVALID_HANDLE_VALUE == hFind)
{
 // error

printf ( "ERROR %d\n",  GetLastError    ());

return;
}

// recurse if directory...
if ( FILE_ATTRIBUTE_DIRECTORY == w32fd.dwFileAttributes)
{

     WalkTree ( w32fd.cFileName,    acBase);
}
else
 HandleFile ( &w32fd);

while ( FindNextFile ( hFind, &w32fd))
{
    // recurse if directory...
    if ( FILE_ATTRIBUTE_DIRECTORY == w32fd.dwFileAttributes)
    {

     WalkTree ( w32fd.cFileName,    acBase);
    }
    else
      HandleFile ( &w32fd);
}

if ( ERROR_NO_MORE_FILES != GetLastError())
{
 // error
}
FindClose ( hFind);
}

void HandleFile ( WIN32_FIND_DATA* pw32fd)
{
  // handle file here
}

where you'd implement all the information gathering code in 'HandleFile()', which will be called for each file found.
0
 
LVL 86

Expert Comment

by:jkr
ID: 20304911
BTW, a straight C++ approach would be Boost's Filesystem Library, check out the docs at http://www.boost.org/libs/filesystem/doc/index.htm ("Boost Filesystem Library")
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 17

Expert Comment

by:Shanmuga Sundaram
ID: 20311226
As far as I am concerned, Language doesn't play major task. only logic plays a vital role for the need. So you can do this in any of the language that you are familiar with. Even VBscript can do this for you. So try using the language which you are familiar with as a tool to solve your need. Best of luck
0
 
LVL 4

Author Comment

by:HKComputer
ID: 20317226
One of my primary goals was speed.

How do rootkit scanners/detectors work? I suppose there's no good way to build this into a file scanner.
0
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 20320107
>>How do rootkit scanners/detectors work?

They basically scan the file system using two different methods:

- the 1st run using regular Win32 APIs
- the 2nd run using the native NT APIs (e.g. http://msdn2.microsoft.com/en-us/library/bb470238.aspx)

Then, the results are compared. If a rootkit hides some files by hooking API calls  (see e.g. http://www.windowsitlibrary.com/Content/356/06/2.html - "Hooking Windows NT System Services"), you will see the differences in both scans.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you haven’t already, I encourage you to read the first article (http://www.experts-exchange.com/articles/18680/An-Introduction-to-R-Programming-and-R-Studio.html) in my series to gain a basic foundation of R and R Studio.  You will also find the …
I was working on a PowerPoint add-in the other day and a client asked me "can you implement a feature which processes a chart when it's pasted into a slide from another deck?". It got me wondering how to hook into built-in ribbon events in Office.
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question