C and C++ example of monitoring disk and directory operations
- 2020-11-25 07:24:46
- OfStack
Traversal disk capacity:
#include <stdio.h>
#include <Windows.h>
void GetDrivesType(const char* lpRootPathName)
{
UINT uDriverType = GetDriveType(lpRootPathName);
switch (uDriverType)
{
case DRIVE_UNKNOWN:puts(" Unknown disk "); break;
case DRIVE_NO_ROOT_DIR: puts(" The path is invalid "); break;
case DRIVE_REMOVABLE: puts(" Removable disk "); break;
case DRIVE_FIXED: puts(" Fixed disk "); break;
case DRIVE_REMOTE: puts(" Network disk "); break;
case DRIVE_CDROM: puts(" drive "); break;
case DRIVE_RAMDISK: puts(" Memory mapped disk "); break;
default: break;
}
}
void GetDrivesFreeSpace(const char* lpRootPathName)
{
unsigned long long available, total, free;
if (GetDiskFreeSpaceEx(lpRootPathName, (ULARGE_INTEGER*)&available,
(ULARGE_INTEGER*)&total, (ULARGE_INTEGER*)&free))
{
printf(" disk : %s | A total of : %lld MB Has been used : %lld MB The remaining : %lld MB \n",
lpRootPathName, total >> 20, available >> 20, free >> 20);
}
}
int main(int argc,char *argv[])
{
DWORD dwSize = MAX_PATH;
char szLogicalDrives[MAX_PATH] = {0};
// Gets the logical drive letter string
DWORD dwResult = GetLogicalDriveStringsA(dwSize, szLogicalDrives);
if (dwResult > 0 && dwResult <= MAX_PATH) {
char* szSingleDrive = szLogicalDrives; // Start at the buffer start address
while (*szSingleDrive) {
//printf("Drive: %s\n", szSingleDrive); // The drive letter that outputs a single drive
// GetDrivesType(szSingleDrive);
GetDrivesFreeSpace(szSingleDrive);
szSingleDrive += strlen(szSingleDrive) + 1; // To obtain the 1 Drive address
}
}
system("pause");
return 0;
}
Traversal file specific path:
Loop through the file path and filter out the path with the.exe suffix.
#include <stdio.h>
#include <windows.h>
#include <tlhelp32.h>
void SearchFile(char *pszDirectory)
{
// Searches for files of the specified type
char *pszFileName = NULL;
char *pTempSrc = NULL;
WIN32_FIND_DATA FileData = { 0 };
// Request dynamic memory
pszFileName = new char[2048];
pTempSrc = new char[2048];
// Construct a search file type string *.* Represents a search for all file types
wsprintf(pszFileName, "%s\\*.*", pszDirectory);
HANDLE hFile = ::FindFirstFile(pszFileName, &FileData);
if (INVALID_HANDLE_VALUE != hFile)
{
do
{
// Filters out the current directory "." And on the 1 Layer directory ".."
if ('.' == FileData.cFileName[0])
continue;
// Splice file path
wsprintf(pTempSrc, "%s\\%s", pszDirectory, FileData.cFileName);
// Determine if it is a directory or a file
if (FileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
SearchFile(pTempSrc); // If it is a directory, recursion continues
else
{
char drive[_MAX_DRIVE], dir[_MAX_DIR], fname[_MAX_FNAME], ext[_MAX_EXT];
_splitpath(pTempSrc, drive, dir, fname, ext);
// If it is a file and the suffix is .exe Output the specific path
if (strcmp(ext, ".exe") == 0)
printf("%s \n", pTempSrc);
}
} while (::FindNextFile(hFile, &FileData));
}
FindClose(hFile);
delete[]pTempSrc;
delete[]pszFileName;
}
int main(int argc, char * argv[])
{
SearchFile("c:\\MinGW7");
system("pause");
return 0;
}
Monitor file directory changes:
#include <stdio.h>
#include <windows.h>
#include <tlhelp32.h>
UINT MonitorFileThreadProc(LPVOID lpVoid)
{
char *pszDirectory = (char *)lpVoid;
// Open directory , Gets a file handle
HANDLE hDirectory = CreateFile(pszDirectory, FILE_LIST_DIRECTORY, FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
if (INVALID_HANDLE_VALUE == hDirectory)
return 1;
char szFileName[MAX_PATH] = { 0 };
BOOL bRet = FALSE;
DWORD dwRet = 0;
DWORD dwBufferSize = 2048;
// To apply for 1 A sufficiently large buffer
BYTE *pBuf = new BYTE[dwBufferSize];
if (NULL == pBuf)
return 2;
FILE_NOTIFY_INFORMATION *pFileNotifyInfo = (FILE_NOTIFY_INFORMATION *)pBuf;
// Start loop setup monitoring
do
{
RtlZeroMemory(pFileNotifyInfo, dwBufferSize);
// Set monitoring directory
bRet = ReadDirectoryChangesW(hDirectory, pFileNotifyInfo, dwBufferSize, TRUE,
FILE_NOTIFY_CHANGE_FILE_NAME | // Modify file name
FILE_NOTIFY_CHANGE_ATTRIBUTES | // Modify file properties
FILE_NOTIFY_CHANGE_LAST_WRITE, // The last 1 Time to write
&dwRet, NULL, NULL);
if (FALSE == bRet)
break;
// Converts a wide character to a narrow character , Wide - byte string to multi - byte string
WideCharToMultiByte(CP_ACP, 0, (wchar_t *)(&pFileNotifyInfo->FileName),
(pFileNotifyInfo->FileNameLength / 2),szFileName,MAX_PATH,NULL,NULL);
// Connect the path to the file as a full file path
char FullFilePath[1024] = { 0 };
strncpy(FullFilePath, pszDirectory, strlen(pszDirectory));
strcat(FullFilePath, szFileName);
// Determine the operation type and display it
switch (pFileNotifyInfo->Action)
{
case FILE_ACTION_ADDED:
printf(" The file is [ create ]: %s \n", FullFilePath); break;
case FILE_ACTION_REMOVED:
printf(" The file is [ delete ]: %s \n", FullFilePath); break;
case FILE_ACTION_MODIFIED:
printf(" The file is [ Modify the ]: %s \n", FullFilePath); break;
case FILE_ACTION_RENAMED_OLD_NAME:
printf(" The file is [ rename ]: %s \n", FullFilePath); break;
}
} while (bRet);
CloseHandle(hDirectory);
delete[] pBuf;
pBuf = NULL;
return 0;
}
int main(int argc, char * argv[])
{
char *pszDirectory = "C:\\";
// Create threads to start monitoring
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MonitorFileThreadProc, pszDirectory, 0, NULL);
while (1)
{
Sleep(10000);
}
system("pause");
return 0;
}
Monitor directory file changes:
It can be changed to a simple file tamper - proof program, can also be used to monitor the behavior of viruses.
#include <stdio.h>
#include <Windows.h>
#include <tlhelp32.h>
DWORD WINAPI MonitorFileThreadProc(LPVOID lParam)
{
char *pszDirectory = (char *)lParam;
BOOL bRet = FALSE;
BYTE Buffer[1024] = { 0 };
FILE_NOTIFY_INFORMATION *pBuffer = (FILE_NOTIFY_INFORMATION *)Buffer;
DWORD dwByteReturn = 0;
HANDLE hFile = CreateFile(pszDirectory, FILE_LIST_DIRECTORY, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
if (INVALID_HANDLE_VALUE == hFile)
return 1;
while (TRUE)
{
ZeroMemory(Buffer, sizeof(Buffer));
// Set the monitor directory callback function
bRet = ReadDirectoryChangesW(hFile,&Buffer,sizeof(Buffer),TRUE,
FILE_NOTIFY_CHANGE_FILE_NAME | // Modify file name
FILE_NOTIFY_CHANGE_ATTRIBUTES | // Modify file properties
FILE_NOTIFY_CHANGE_LAST_WRITE, // The last 1 Time to write
&dwByteReturn, NULL, NULL);
if (TRUE == bRet)
{
char szFileName[MAX_PATH] = { 0 };
// Converts a wide character to a narrow character , Wide - byte string to multi - byte string
WideCharToMultiByte(CP_ACP,0,pBuffer->FileName,(pBuffer->FileNameLength / 2),
szFileName,MAX_PATH,NULL,NULL);
// Connect the path to the file as a full file path
char FullFilePath[1024] = { 0 };
strncpy(FullFilePath, pszDirectory, strlen(pszDirectory));
strcat(FullFilePath, szFileName);
switch (pBuffer->Action)
{
case FILE_ACTION_ADDED:
{
printf(" add : %s \n", FullFilePath); break;
}
case FILE_ACTION_REMOVED:
{
printf(" delete : %s \n", FullFilePath); break;
}
case FILE_ACTION_MODIFIED:
{
printf(" Modify the : %s \n", FullFilePath); break;
}
case FILE_ACTION_RENAMED_OLD_NAME:
{
printf(" rename : %s", szFileName);
if (0 != pBuffer->NextEntryOffset)
{
FILE_NOTIFY_INFORMATION *tmpBuffer = (FILE_NOTIFY_INFORMATION *)
((DWORD)pBuffer + pBuffer->NextEntryOffset);
switch (tmpBuffer->Action)
{
case FILE_ACTION_RENAMED_NEW_NAME:
{
ZeroMemory(szFileName, MAX_PATH);
WideCharToMultiByte(CP_ACP,0,tmpBuffer->FileName,
(tmpBuffer->FileNameLength / 2),
szFileName,MAX_PATH,NULL,NULL);
printf(" -> %s \n", szFileName);
break;
}
}
}
break;
}
case FILE_ACTION_RENAMED_NEW_NAME:
{
printf(" rename (new): %s \n", FullFilePath); break;
}
}
}
}
CloseHandle(hFile);
return 0;
}
int main(int argc, char * argv[])
{
char *pszDirectory = "C:\\";
HANDLE hThread = CreateThread(NULL, 0, MonitorFileThreadProc, pszDirectory, 0, NULL);
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
return 0;
}
That's how C/C++ monitors disk and directory operations. For more information on C/C++ monitors disk and directory operations, check out the other articles on this site!
[
lyshark
Article source: https: / / www cnblogs. com/lyshark