FindExInfoBasic
The FindFirstFileEx function does not query the short file name, improving overall enumeration speed. The data is returned in a WIN32_FIND_DATA structure, and the cAlternateFileName
member is always a NULL string.
Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This value is not supported until Windows Server 2008 R2 and Windows 7.
You see even though the clarion Directory() function help doc suggests I should be able to use the ff_:Directory equate to filter the results, that doesnt work. I have to specify a wildcard at the end of the path and include ff_:Directory to get it to include the subfolders. I then have to loop through the queue and ignore all entries ie files which are not subfolders.
Anyway just finishing off a class to use the various apis related to FindFirstFileA and FindFirstFileExA etc as I can get more info from these api’s which will be useful.
RichClaCode,
Maybe accessing the files on NTFS drives via the MFT data structures is what you need here?
From your other posts, I’m assuming you might be able to utilize the following technical article: Super Fast File Enumeration with NTFS Structures
One of my hard disks is of Ext4 file system. Windows accesses it using the Paragon Linux FS driver. I have 2 letters to mapped drives on the home NAS. How suggested way can help with these drives? Incomplete solution = no solution.
I had that Paragon Linux Ext Driver, I’m surprised you got it to work on windows, I got a refund because it didnt work properly on my machine, it was easier to just setup a Linux NAS with a variety of file systems and plonk Samba - opening windows to a wider world on the linux box so files could be accessed via SMB.
I understand what you are saying though, if you cant access a drive, how can you audit it. Market share is what I’m going after for now.
The help clearly states that is NOT how it works… It ALWAYS has Files…
If you add ff_:DIRECTORY to ff_:NORMAL, you will get files AND sub-directories from the path . Since ff_:NORMAL is an equate for zero (0), you will always get files.
If you copy an app using api’s which need to be elevated onto a windows OS which uses elevation, the app’s application icon is automatically modified to include the elevation shield. This is without having to run the app, which suggests windows is analyzing all files copied onto a running OS.
Makes a mockery of the ransomware sideshow doesnt it!
Edit.
Its interesting the very first folder created during installation of windows on xp is
c:\windows
then
c:\windows\system32
c:\windows\system32\config
c:\windows\system32\ras
c:\windows\system32\spool
c:\windows\system32\spool\drivers
and so on. It gives an insight it how windows installs itself and what its installing first and why.
Its a good point so I renamed the app from PCSetup to PCtest, copied from my XP virtual machine onto Win10 and it still added the shield. Maybe its looking at the embedded manifest file or something. Dont know, but using the API FindFirstFileA has got it down to 3mins something which is better.
C:\Users appears to be the first folder created on Win10, and there are some interesting attributes attached to folders, even in XP.
If you have an embedded manifest, and it says requireAdministrator, then yes. Windows is looking at that. You should be able to confirm by looking at the resources of the exe with a resource viewer. If a manifest is present, there should be a folder called “Manifest”.
attributes An integer constant, variable, or expression that specifies the attributes of the files to place in the queue .
The attributes bitmap is an OR filter: if you add the equates, you get files with any of the attributes you specify. This means that, when you just set the attributes to ff_:NORMAL, you only get files (no sub-directories) without the hidden, system, or archive bits set. If you add ff_:DIRECTORY to ff_:NORMAL, you will get files AND sub-directories from the path . Since ff_:NORMAL is an equate for zero (0), you will always get files.
Yes it was the manifest, I had it set to requireAdministrator or HighestAvailable, but changing it to asInvoker has removed the elevation shield now when I copy it from XP to Win10. Oh well Red Herring there, still its interesting to know its scanning the manifest when copied. I wonder if it also scans the versioninfo embeded into an exe or dll GetFileVersionInfoA function (winver.h) - Win32 apps | Microsoft Learn.
Most antivirus will do this, its not just restricted to Windows Defender.
I’ve stopped using the MS Cloud app because it was ignoring the settings changes I made and did its own thing so it filled up with data that triggered the charges. So I dont use it and have it switched off when the OS is installed.
So what I have found, is despite using the flags in the EX version to limit to directories the api’s fetch everything in the folder or path location. I still have to filter out everything that is not a directory, which is the same behaviour I see when I use the built in Clarion Directory function. The extra time I see on Win10 I am putting down to more files in each folder location which then needs to be filtered out.
I havent tried the Transacted api yet, still on the todo list, but in order to solve another problem, I’ve had to go off onto something else, namely modifying some templates to get them to work because the problem of the template group names having to be unique in the template registry and not just the template chain is possibly why some of my templates have failed when I go to use them later on.
I’ll check that out. So far I’ve been able to get the EX api to list every file and folder, and then filter out the files or folders into a Class Q and that takes about 55 seconds, which is better, and its about 1.5times writing from the class Q to a tps file with logout, but theres a bug somewhere which causes it to hang when a bitlocker drive is not decrypted which I need to fix.
