Sign in to follow this  
Followers 0
Yashied

How to determine whether a file is protected operating system file?

9 posts in this topic




#2 ·  Posted (edited)

Maybe FileGetAttrib() could help?

Edited by guinness

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Probably all files with system and hide flag.

With attrib in cmd you can see the attributs.

Here my attributs on C root:

C:\>attrib
A            C:\.rnd
A  SHR       C:\BOOTSECT.BAK
A  SH   I    C:\hiberfil.sys
A  SH        C:\pagefile.sys
A       I    C:\pdiports.cat
A       I    C:\pdiports64.inf
    H        C:\treeinfo.wc

After attrib +h +s c:\treeinfo.wc treeinfo.wc is not shown anymore in windows explorer.

Br,

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Share this post


Link to post
Share on other sites

Just polished of my XP box and yeh that file is "Archive" Only so sorry about that. Tried this with no avail too >>

#RequireAdmin

Global $File = FileOpenDialog("Select A File To Find The Details", @ScriptDir, "(*.*)")
If @error Then Exit
ConsoleWrite(_FileDetails($File) & @CRLF)

Func _FileDetails($fd_Path)
    Local $fd_WMIService = ObjGet("winmgmts:{impersonationLevel = impersonate}!\\" & "." & "\root\cimv2")
    Local $fd_ColFiles = $fd_WMIService.ExecQuery("Select * From CIM_Datafile Where Name = '" & StringReplace($fd_Path, "\", "\\") & "'")
    If IsObj($fd_ColFiles) Then
        For $fd_ObjectFile In $fd_ColFiles
            ConsoleWrite("Access Mask: " & $fd_ObjectFile.AccessMask & @CRLF)
            ConsoleWrite("Archive: " & $fd_ObjectFile.Archive & @CRLF)
            ConsoleWrite("Compressed: " & $fd_ObjectFile.Compressed & @CRLF)
            ConsoleWrite("Compression Method: " & $fd_ObjectFile.CompressionMethod & @CRLF)
            ConsoleWrite("Creation ClassName: " & $fd_ObjectFile.CreationClassName & @CRLF)
            ConsoleWrite("Creation Date: " & _WMIDateStringToDate($fd_ObjectFile.CreationDate) & @CRLF)
            ConsoleWrite("CS Creation ClassName: " & $fd_ObjectFile.CSCreationClassName & @CRLF)
            ConsoleWrite("Computer System Name: " & $fd_ObjectFile.CSName & @CRLF)
            ConsoleWrite("Drive: " & $fd_ObjectFile.Drive & @CRLF)
            ConsoleWrite("8.3 File Name: " & $fd_ObjectFile.EightDotThreeFileName & @CRLF)
            ConsoleWrite("Encrypted: " & $fd_ObjectFile.Encrypted & @CRLF)
            ConsoleWrite("Encryption Method: " & $fd_ObjectFile.EncryptionMethod & @CRLF)
            ConsoleWrite("Extension: " & $fd_ObjectFile.Extension & @CRLF)
            ConsoleWrite("File Name: " & $fd_ObjectFile.FileName & @CRLF)
            ConsoleWrite("File Size: " & $fd_ObjectFile.FileSize & @CRLF)
            ConsoleWrite("File Type: " & $fd_ObjectFile.FileType & @CRLF)
            ConsoleWrite("FS Creation ClassName: " & $fd_ObjectFile.FSCreationClassName & @CRLF)
            ConsoleWrite("File System Name: " & $fd_ObjectFile.FSName & @CRLF)
            ConsoleWrite("Hidden: " & $fd_ObjectFile.Hidden & @CRLF)
            ConsoleWrite("Install Date: " & _WMIDateStringToDate($fd_ObjectFile.InstallDate) & @CRLF)
            ConsoleWrite("In Use Count: " & $fd_ObjectFile.InUseCount & @CRLF)
            ConsoleWrite("Last Accessed: " & _WMIDateStringToDate($fd_ObjectFile.LastAccessed) & @CRLF)
            ConsoleWrite("Last Modified: " & _WMIDateStringToDate($fd_ObjectFile.LastModified) & @CRLF)
            ConsoleWrite("Manufacturer: " & $fd_ObjectFile.Manufacturer & @CRLF)
            ConsoleWrite("Name: " & $fd_ObjectFile.Name & @CRLF)
            ConsoleWrite("Path: " & $fd_ObjectFile.Path & @CRLF)
            ConsoleWrite("Readable: " & $fd_ObjectFile.Readable & @CRLF)
            ConsoleWrite("Status: " & $fd_ObjectFile.Status & @CRLF)
            ConsoleWrite("System: " & $fd_ObjectFile.System & @CRLF)
            ConsoleWrite("Version: " & $fd_ObjectFile.Version & @CRLF)
            ConsoleWrite("Writeable: " & $fd_ObjectFile.Writeable & @CRLF)
        Next
        Return 1
    EndIf
    Return SetError(1, 1, 0)
EndFunc   ;==>_CompressEx

Func _WMIDateStringToDate($wd_Date)
    Local $wd_Delimeter = "/"
Return StringRegExpReplace($wd_Date, "(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})\.\d{6}\+\d\d\d", "$3" & $wd_Delimeter & "$2" & $wd_Delimeter & "$1  $4:$5:$6") ; jchd's Efficent Version - $10 Is The Number Of Minutes Difference Between Your Local Time And Greenwich Mean Time.
EndFunc   ;==>_WMIDateStringToDate

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Maybe its just one of those things. I tried on C:\hiberfil.sys and it Returned S & H >>

#AutoIt3Wrapper_Au3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
ConsoleWrite(_IsSystemFile("C:\hiberfil.sys") & @CRLF)

Func _IsSystemFile($sFilePath)
    Local $sAttribute = FileGetAttrib($sFilePath)
    If StringInStr($sAttribute, "S") And StringInStr($sAttribute, "H") Then Return 1
    Return SetError(1, 0, 0)
EndFunc   ;==>_IsSystemFile

Edit: Read previous posts. So probably looks as though C:\autoexec.bat is an exception to the rule.

Edited by guinness

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

And probably config.sys is an exception on WinXP system, too.

Br,

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0