I like to know what files and directories are being added/removed to/from my computer (Windows XP Pro SP2) without my knowledge or consent and when it happened. Wouldn't you like to save directory listings of every directory on your computer with the times and dates they were made, then later save second listings of the same directories again and compare them with the last ones for changes made (added/removed files or directories)? Its just that simple, but it would be tedious to do manually... time to write some code (I used Scheme).
I named it monitorf.exe (stands for monitor files). Before running the application, you make a text file for monitorf.exe to read (name it paths.txt) containing the paths of all the directories you want to have checked for added/removed files/directories. I included c:, c:\windows, c:\windows\system32, c:\progra~1, and more. You can include every directory on the machine if you want.
When monitorf.exe runs, it takes all the paths in paths.txt and logs their directory listings to text files. The next time it runs, it does the same and compares the new directory listings to the old ones. Each time it runs, it logs the changes on another text file (call it changes.txt) by making a column called “Added,†and a column called “Removed.†It also keeps track of the time/date of each directory listing so that while observing the changes, you also know the time/date interval (marked by the run times of monitorf.exe) that these changes occurred within.
With this, you can run monitorf.exe, do some activity (browse internet, download, install programs, etc), then run it again and see what files/directories were added or removed as a result. You can attribute these changes to that activity. You know every file/directory added or removed caused by every activity you perform on your computer.
I like this because it is a way to monitor your file/directory system without the monitoring software being required to run constantly. Find those mysterious dll files that appear. Additionally, you don't have to even LOOK at the directory listings themselves; monitorf.exe does that for you. It also deletes the old ones that are not needed anymore after the changes are logged. So schedule it to run every night, run it also when you want to run it, and just periodically check the changes.txt file... that's all you have to do (besides writing code).
Example: if you run monitorf.exe at 11:31, then browse the web causing some files to change in (for example) c:\windows and c:\windows\system32, then run it again at 11:35, the log that is made will look like the following, and you will know that this internet session was what accounted for the changes:
----------------------------------------
Directory: c:\windows\system32
11:31 PM 11/3/2008
11:35 PM 11/3/2008
Added Removed
------- ----------
anjdis.dll jio9df.exe
mkfdjfd.dll mlkdi89fd.txt
nj899s.exe
----------------------------------------
Directory: c:\windows
11:31 PM 11/3/2008
11:35 PM 11/3/2008
Added Removed
------- ----------
asd3.dll fds
jfsks.dll js8kdfss.txt
asdf.exe 89i3.cpl
These file/dir names are made up. The table isn't aligned because this forum doesn't allow multiple spaces, but alignment of tables is very possible in ascii text files.
Each time monitorf.exe runs, several tables are made, one for each directory that had changes. If no changes were made, nothing is logged. This program doesn't monitor the registry though... that can be another project if possible.
I know I'm not the first person who thought of this, so if you've done something similar, please share it with us to make for an interesting thread.
I named it monitorf.exe (stands for monitor files). Before running the application, you make a text file for monitorf.exe to read (name it paths.txt) containing the paths of all the directories you want to have checked for added/removed files/directories. I included c:, c:\windows, c:\windows\system32, c:\progra~1, and more. You can include every directory on the machine if you want.
When monitorf.exe runs, it takes all the paths in paths.txt and logs their directory listings to text files. The next time it runs, it does the same and compares the new directory listings to the old ones. Each time it runs, it logs the changes on another text file (call it changes.txt) by making a column called “Added,†and a column called “Removed.†It also keeps track of the time/date of each directory listing so that while observing the changes, you also know the time/date interval (marked by the run times of monitorf.exe) that these changes occurred within.
With this, you can run monitorf.exe, do some activity (browse internet, download, install programs, etc), then run it again and see what files/directories were added or removed as a result. You can attribute these changes to that activity. You know every file/directory added or removed caused by every activity you perform on your computer.
I like this because it is a way to monitor your file/directory system without the monitoring software being required to run constantly. Find those mysterious dll files that appear. Additionally, you don't have to even LOOK at the directory listings themselves; monitorf.exe does that for you. It also deletes the old ones that are not needed anymore after the changes are logged. So schedule it to run every night, run it also when you want to run it, and just periodically check the changes.txt file... that's all you have to do (besides writing code).
Example: if you run monitorf.exe at 11:31, then browse the web causing some files to change in (for example) c:\windows and c:\windows\system32, then run it again at 11:35, the log that is made will look like the following, and you will know that this internet session was what accounted for the changes:
----------------------------------------
Directory: c:\windows\system32
11:31 PM 11/3/2008
11:35 PM 11/3/2008
Added Removed
------- ----------
anjdis.dll jio9df.exe
mkfdjfd.dll mlkdi89fd.txt
nj899s.exe
----------------------------------------
Directory: c:\windows
11:31 PM 11/3/2008
11:35 PM 11/3/2008
Added Removed
------- ----------
asd3.dll fds
jfsks.dll js8kdfss.txt
asdf.exe 89i3.cpl
These file/dir names are made up. The table isn't aligned because this forum doesn't allow multiple spaces, but alignment of tables is very possible in ascii text files.
Each time monitorf.exe runs, several tables are made, one for each directory that had changes. If no changes were made, nothing is logged. This program doesn't monitor the registry though... that can be another project if possible.
I know I'm not the first person who thought of this, so if you've done something similar, please share it with us to make for an interesting thread.
