Jump to content

Copying file name


AutoHelp
 Share

Recommended Posts

What was used to copy the file to the removable drive?

How do you know which file was the one that was copied?

1. To copy the file: the built-in windows copier(copy-paste) was used.

2. That's what I'm trying to find out.When the copier is run, then the operation that we are trying to observe was done, but what file was copied and where I don't know at this state.

*trying to do a script that will monitor and write to a log file, files that where writen to removable drives.

Link to comment
Share on other sites

Can we get a file's name after it was copied to a removable drive?(please help, ps: eny file)

What are you trying to do precisely?

Do you want to know exactly which file were copied from a given machine onto any removable device plugged into it by someone else than you?

Is it actually to trace unwanted file "evasion" or do you want to monitor someone else activity?

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites

Do a copy&paste operation and then run this code:

MsgBox(0,"",ClipGet())

It returns the path of the file: "c:\test\test.txt" in a message box.Nice idea!:mellow:

but how do we get to know if the copy operation has been made?, I can put an item in the clipbord without actually copying it.Is there a process or something like that windows runs when a file operation is done?

Link to comment
Share on other sites

Try to make the search area less fuzzy, try to answer my questions. I asked them on purpose, not for wasting electrons.

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites

Can we get a file's name after it was copied to a removable drive?(please help, ps: eny file)

idea: replace windows copier

#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
HotKeySet("{ESC}", "Terminate")

CIM_LogicalFile_Notification("C:\temp")

Func CIM_LogicalFile_Notification($Dir_OR_Drive_Path,$FileExtension = "")
Local $strComputer = "."
$objWMIServices = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMv2")
if Not IsObj($objWMIServices) Then Return -1
$sink = ObjCreate( _
    "WbemScripting.SWbemSink")
if Not IsObj($sink) Then Return -2
ObjEvent($sink,"SINK_")
if Not FileExists($Dir_OR_Drive_Path) Then Return -3
if StringRight($Dir_OR_Drive_Path,1) == "\" Then _
$Dir_OR_Drive_Path = StringTrimRight($Dir_OR_Drive_Path,1)
$PathArray = StringSplit($Dir_OR_Drive_Path,":")
$Drive = $PathArray[1] & ":"
$Path = StringReplace(StringTrimLeft($PathArray[2],1),"\","\\")
if (StringLen($FileExtension) <> 0) Then
$FileExtension = StringReplace($FileExtension,".","")
$objWMIServices.ExecNotificationQueryAsync ($sink, _
     "SELECT * FROM __InstanceOperationEvent WITHIN 5 WHERE " & _
    "TargetInstance ISA 'CIM_LogicalFile'" & _
    " AND TargetInstance.Drive = '" & $Drive & "'" & _
    " AND TargetInstance.Extension = '" & $FileExtension & "'" & _
    " AND TargetInstance.Path = '\\" & $Path & "\\'")
Else
Local $Backslash = "\\"
If ($Path) == "" Then $Backslash = ""
$objWMIServices.ExecNotificationQueryAsync ($sink, _
    "SELECT * FROM __InstanceOperationEvent WITHIN 3 WHERE " & _
    "TargetInstance ISA 'CIM_LogicalFile'" & _
    " AND TargetInstance.Drive = '" & $Drive & "'" & _
    " AND TargetInstance.Path = '\\" & $Path & $Backslash & "'")
EndIf
EndFunc


While 1
Wend

Func SINK_OnObjectReady($objObject, $objAsyncContext)
ConsoleWrite($objObject.GetObjectText_())
EndFunc

Func Terminate()
    Exit 0
EndFunc
Edited by wolf9228

صرح السماء كان هنا

 

Link to comment
Share on other sites

actually, I think from a business standpoint, it's a very good tool. It would catch anyone attempting to copy sensitive data to a thumb drive and take it home to do whatever. Would be a great security tool for businesses :mellow:

with a bit of tweeking it could also be used in reverse. Could check to see if anyone copied anything from a thumb drive to the pc. Maybe catch someone trying to upload a virus to a public computer, or introduce a trojan in the work pcs or something.

Edited by kaotkbliss

010101000110100001101001011100110010000001101001011100110010000

001101101011110010010000001110011011010010110011100100001

My Android cat and mouse game
https://play.google.com/store/apps/details?id=com.KaosVisions.WhiskersNSqueek

We're gonna need another Timmy!

Link to comment
Share on other sites

@AutoHelp:

Sorry I didn't fully read or rather get the content of post#3. I'm not a former agent of Stasi, hopefully, and I didn't imply you were trying to acheive anything nasty. I was just trying to make the possible framework more precise and narrow.

Now, if you mean by "removable device" essentially USB/Firewire (removable) filesystems, there might be something possible. Have a look at this. In your case, you can either block the operation (but it would show!) or simply silently acknowledge the copy. Of course such hooks can't just be an AutoIt native code part, they have to be thread safe (I would guess) so an indirect implementation needs to be made, typically as a C dll. But if your read the page, the requirements should be easily matched.

What you could investigate: have a main AutoIt executable which registers a copy hook handler (in an ad hoc .dll) and monitor the available volumes, say every 5 seconds (It would be hard to plug a USB stick, have it ready, copy file(s) on it and remove it in less than 5s: even 10s would do). While new removable devices are present, repeatidly ask the dll, using an AutoIt<-->dll specific call, what file(s) were copied and where since the last call. There is no need to keep track of operations taking place on the same device (but beware of links then!).

The MSDN page tells you that you don't get any confirmation that files are successfully copied or not, but if you feel that having a confirmation is important to you, it's still possible to periodically look at the USB device if the files that went accross the hook were finally copied on that device.

Of course, this doesn't cover other means to copy material: make a Ghost image and copy it on a DAT tape, use MS backup and burn a CD, you name it!

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...