Go Back   Computer Forums > General Computing > Programming
Join Computer forums Today

Thread Tools Search this Thread Display Modes
Old 11-03-2008, 11:13 PM   #1
Baseband Member
Join Date: Oct 2008
Posts: 21
Default Something I want to share with you...

I like to know what files and directories are being added/removed to/from my computer (Windows XP Pro SP2) without my knowledge or consent and when it happened. Wouldn’t you like to save directory listings of every directory on your computer with the times and dates they were made, then later save second listings of the same directories again and compare them with the last ones for changes made (added/removed files or directories)? Its just that simple, but it would be tedious to do manually... time to write some code (I used Scheme).

I named it monitorf.exe (stands for monitor files). Before running the application, you make a text file for monitorf.exe to read (name it paths.txt) containing the paths of all the directories you want to have checked for added/removed files/directories. I included c:, c:\windows, c:\windows\system32, c:\progra~1, and more. You can include every directory on the machine if you want.

When monitorf.exe runs, it takes all the paths in paths.txt and logs their directory listings to text files. The next time it runs, it does the same and compares the new directory listings to the old ones. Each time it runs, it logs the changes on another text file (call it changes.txt) by making a column called “Added,” and a column called “Removed.” It also keeps track of the time/date of each directory listing so that while observing the changes, you also know the time/date interval (marked by the run times of monitorf.exe) that these changes occurred within.

With this, you can run monitorf.exe, do some activity (browse internet, download, install programs, etc), then run it again and see what files/directories were added or removed as a result. You can attribute these changes to that activity. You know every file/directory added or removed caused by every activity you perform on your computer.

I like this because it is a way to monitor your file/directory system without the monitoring software being required to run constantly. Find those mysterious dll files that appear. Additionally, you don’t have to even LOOK at the directory listings themselves; monitorf.exe does that for you. It also deletes the old ones that are not needed anymore after the changes are logged. So schedule it to run every night, run it also when you want to run it, and just periodically check the changes.txt file... that’s all you have to do (besides writing code).

Example: if you run monitorf.exe at 11:31, then browse the web causing some files to change in (for example) c:\windows and c:\windows\system32, then run it again at 11:35, the log that is made will look like the following, and you will know that this internet session was what accounted for the changes:

Directory: c:\windows\system32
11:31 PM 11/3/2008
11:35 PM 11/3/2008

Added Removed
------- ----------
anjdis.dll jio9df.exe
mkfdjfd.dll mlkdi89fd.txt

Directory: c:\windows
11:31 PM 11/3/2008
11:35 PM 11/3/2008

Added Removed
------- ----------
asd3.dll fds
jfsks.dll js8kdfss.txt
asdf.exe 89i3.cpl

These file/dir names are made up. The table isn't aligned because this forum doesn't allow multiple spaces, but alignment of tables is very possible in ascii text files.

Each time monitorf.exe runs, several tables are made, one for each directory that had changes. If no changes were made, nothing is logged. This program doesn’t monitor the registry though... that can be another project if possible.

I know I’m not the first person who thought of this, so if you’ve done something similar, please share it with us to make for an interesting thread.
miked8887 is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT -5. The time now is 04:28 AM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0