Jump to content
Sign in to follow this  
Yashied

How to determine whether a file is protected operating system file?

Recommended Posts

Yashied
guinness

Maybe FileGetAttrib() could help?

Edited by guinness

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites
Yashied
UEZ

Probably all files with system and hide flag.

With attrib in cmd you can see the attributs.

Here my attributs on C root:

C:\>attrib
A            C:\.rnd
A  SHR       C:\BOOTSECT.BAK
A  SH   I    C:\hiberfil.sys
A  SH        C:\pagefile.sys
A       I    C:\pdiports.cat
A       I    C:\pdiports64.inf
    H        C:\treeinfo.wc

After attrib +h +s c:\treeinfo.wc treeinfo.wc is not shown anymore in windows explorer.

Br,

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Share this post


Link to post
Share on other sites
Yashied

Share this post


Link to post
Share on other sites
guinness

Just polished of my XP box and yeh that file is "Archive" Only so sorry about that. Tried this with no avail too >>

#RequireAdmin

Global $File = FileOpenDialog("Select A File To Find The Details", @ScriptDir, "(*.*)")
If @error Then Exit
ConsoleWrite(_FileDetails($File) & @CRLF)

Func _FileDetails($fd_Path)
    Local $fd_WMIService = ObjGet("winmgmts:{impersonationLevel = impersonate}!\\" & "." & "\root\cimv2")
    Local $fd_ColFiles = $fd_WMIService.ExecQuery("Select * From CIM_Datafile Where Name = '" & StringReplace($fd_Path, "\", "\\") & "'")
    If IsObj($fd_ColFiles) Then
        For $fd_ObjectFile In $fd_ColFiles
            ConsoleWrite("Access Mask: " & $fd_ObjectFile.AccessMask & @CRLF)
            ConsoleWrite("Archive: " & $fd_ObjectFile.Archive & @CRLF)
            ConsoleWrite("Compressed: " & $fd_ObjectFile.Compressed & @CRLF)
            ConsoleWrite("Compression Method: " & $fd_ObjectFile.CompressionMethod & @CRLF)
            ConsoleWrite("Creation ClassName: " & $fd_ObjectFile.CreationClassName & @CRLF)
            ConsoleWrite("Creation Date: " & _WMIDateStringToDate($fd_ObjectFile.CreationDate) & @CRLF)
            ConsoleWrite("CS Creation ClassName: " & $fd_ObjectFile.CSCreationClassName & @CRLF)
            ConsoleWrite("Computer System Name: " & $fd_ObjectFile.CSName & @CRLF)
            ConsoleWrite("Drive: " & $fd_ObjectFile.Drive & @CRLF)
            ConsoleWrite("8.3 File Name: " & $fd_ObjectFile.EightDotThreeFileName & @CRLF)
            ConsoleWrite("Encrypted: " & $fd_ObjectFile.Encrypted & @CRLF)
            ConsoleWrite("Encryption Method: " & $fd_ObjectFile.EncryptionMethod & @CRLF)
            ConsoleWrite("Extension: " & $fd_ObjectFile.Extension & @CRLF)
            ConsoleWrite("File Name: " & $fd_ObjectFile.FileName & @CRLF)
            ConsoleWrite("File Size: " & $fd_ObjectFile.FileSize & @CRLF)
            ConsoleWrite("File Type: " & $fd_ObjectFile.FileType & @CRLF)
            ConsoleWrite("FS Creation ClassName: " & $fd_ObjectFile.FSCreationClassName & @CRLF)
            ConsoleWrite("File System Name: " & $fd_ObjectFile.FSName & @CRLF)
            ConsoleWrite("Hidden: " & $fd_ObjectFile.Hidden & @CRLF)
            ConsoleWrite("Install Date: " & _WMIDateStringToDate($fd_ObjectFile.InstallDate) & @CRLF)
            ConsoleWrite("In Use Count: " & $fd_ObjectFile.InUseCount & @CRLF)
            ConsoleWrite("Last Accessed: " & _WMIDateStringToDate($fd_ObjectFile.LastAccessed) & @CRLF)
            ConsoleWrite("Last Modified: " & _WMIDateStringToDate($fd_ObjectFile.LastModified) & @CRLF)
            ConsoleWrite("Manufacturer: " & $fd_ObjectFile.Manufacturer & @CRLF)
            ConsoleWrite("Name: " & $fd_ObjectFile.Name & @CRLF)
            ConsoleWrite("Path: " & $fd_ObjectFile.Path & @CRLF)
            ConsoleWrite("Readable: " & $fd_ObjectFile.Readable & @CRLF)
            ConsoleWrite("Status: " & $fd_ObjectFile.Status & @CRLF)
            ConsoleWrite("System: " & $fd_ObjectFile.System & @CRLF)
            ConsoleWrite("Version: " & $fd_ObjectFile.Version & @CRLF)
            ConsoleWrite("Writeable: " & $fd_ObjectFile.Writeable & @CRLF)
        Next
        Return 1
    EndIf
    Return SetError(1, 1, 0)
EndFunc   ;==>_CompressEx

Func _WMIDateStringToDate($wd_Date)
    Local $wd_Delimeter = "/"
Return StringRegExpReplace($wd_Date, "(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})\.\d{6}\+\d\d\d", "$3" & $wd_Delimeter & "$2" & $wd_Delimeter & "$1  $4:$5:$6") ; jchd's Efficent Version - $10 Is The Number Of Minutes Difference Between Your Local Time And Greenwich Mean Time.
EndFunc   ;==>_WMIDateStringToDate

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites
Yashied
guinness

Maybe its just one of those things. I tried on C:\hiberfil.sys and it Returned S & H >>

#AutoIt3Wrapper_Au3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
ConsoleWrite(_IsSystemFile("C:\hiberfil.sys") & @CRLF)

Func _IsSystemFile($sFilePath)
    Local $sAttribute = FileGetAttrib($sFilePath)
    If StringInStr($sAttribute, "S") And StringInStr($sAttribute, "H") Then Return 1
    Return SetError(1, 0, 0)
EndFunc   ;==>_IsSystemFile

Edit: Read previous posts. So probably looks as though C:\autoexec.bat is an exception to the rule.

Edited by guinness

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites
UEZ

And probably config.sys is an exception on WinXP system, too.

Br,

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.