Computer Related > Any way of doing this in C? Low level file system Miscellaneous
Thread Author: RattleandSmoke Replies: 6
View Threaded 

New Fri 17 Dec 10 21:12 
 Any way of doing this in C? Low level file system - RattleandSmoke
It should be very simple but can't find out the answers on google. I need to write a simple program in console mode C which simply lists the most recent files in a given folder. Now I need low level access to this and it cannot use any of the Windows APIs.

I am currently writing a batch file to make rootkit detection a bit easier/quicker but as people understanding this will know most rootkits modify hook the APIs so that the results in windows explorer are wrong (e.g they hide the rootkit files).

If I wrote such an application my idea is would be much harder for the rootkits to manipulate its results as it won't be using the windows API. My question is what I want to do too difficult?

Would writing in Java be a better bet so it is run within the virtual machine or I wonder if rootkits now affect that too?

It would be used in situations where I am pretty sure there is no rootkit on the system but want a second opinion. I will still use a boot CD to check for files if I knew there was a rootkit but that takes too long in cases of trivial malware removal.
Last edited by: RattleandSmoke on Fri 17 Dec 10 at 21:12
Reply to this message | Report message
       
New Fri 17 Dec 10 22:03 
 Any way of doing this in C? Low level file system - Focusless
If you don't get any joy here, you could try:
tech.groups.yahoo.com/group/c-prog/

There are some real Windows experts, including the group owner (Thomas Hruska).
Reply to this message | Report message
       
New Sat 18 Dec 10 19:58 
 Any way of doing this in C? Low level file system - Kevin
Which compiler are you using?

Kevin...
Reply to this message | Report message
       
New Sat 18 Dec 10 21:05 
 Any way of doing this in C? Low level file system - teabelly
Depends on how clever the rootkit is though. If it is clever enough to hide itself is it clever enough to set something horrible off to happen if its files are listed even via another method? The boot cd approach is safer I would have thought.
Reply to this message | Report message
       
New Sat 18 Dec 10 21:48 
 Any way of doing this in C? Low level file system - Zero
I would be inclined to write this in Java, on a linux boot cd.
Reply to this message | Report message
       
New Sun 19 Dec 10 11:25 
 Any way of doing this in C? Low level file system - rtj70
To access the files even in C you need to use library files. If these have been compromised then it will be difficult to find things. Whatever is doing the scanning (home written or bought) it should be off another boot device like a live CD.

Without getting into root kits, it's possible to hide a file on NTFS for example and the original file size remains unchanged.
Reply to this message | Report message
       
New Sun 19 Dec 10 18:02 
 Any way of doing this in C? Low level file system - Kevin
With the right compiler you can compile your code and link library functions inline. ie. everything will be in your own binary. gcc will do that but you only have protection against potentially compromised shared libs on the target system since they will not be used.

If all you want to do is list creation/modification times of files it will be far, far easier to boot your favourite Linux distro from CD and use an incantation of 'find' and 'sort' to display what you want. Ten minute job.

Kevin...
Reply to this message | Report message
       
Latest Forum Posts