C and C++ example of monitoring disk and directory operations

  • 2020-11-25 07:24:46
  • OfStack

Traversal disk capacity:


#include <stdio.h>
#include <Windows.h>

void GetDrivesType(const char* lpRootPathName)
{
	UINT uDriverType = GetDriveType(lpRootPathName);
	switch (uDriverType)
	{
		case DRIVE_UNKNOWN:puts(" Unknown disk "); break;
		case DRIVE_NO_ROOT_DIR: puts(" The path is invalid "); break;
		case DRIVE_REMOVABLE: puts(" Removable disk "); break;
		case DRIVE_FIXED: puts(" Fixed disk "); break;
		case DRIVE_REMOTE: puts(" Network disk "); break;
		case DRIVE_CDROM: puts(" drive "); break;
		case DRIVE_RAMDISK: puts(" Memory mapped disk "); break;
		default: break;
	}
}

void GetDrivesFreeSpace(const char* lpRootPathName)
{
	unsigned long long available, total, free;
	if (GetDiskFreeSpaceEx(lpRootPathName, (ULARGE_INTEGER*)&available, 
		(ULARGE_INTEGER*)&total, (ULARGE_INTEGER*)&free))
	{
		printf(" disk : %s |  A total of : %lld MB  Has been used : %lld MB  The remaining : %lld MB \n",
			lpRootPathName, total >> 20, available >> 20, free >> 20);
	}
}

int main(int argc,char *argv[])
{
	DWORD dwSize = MAX_PATH;
  char szLogicalDrives[MAX_PATH] = {0};

  //  Gets the logical drive letter string 
	DWORD dwResult = GetLogicalDriveStringsA(dwSize, szLogicalDrives);
	
	if (dwResult > 0 && dwResult <= MAX_PATH) {
		char* szSingleDrive = szLogicalDrives;      //  Start at the buffer start address 
		while (*szSingleDrive) {
			//printf("Drive: %s\n", szSingleDrive);   //  The drive letter that outputs a single drive 
			// GetDrivesType(szSingleDrive);
			GetDrivesFreeSpace(szSingleDrive);
			szSingleDrive += strlen(szSingleDrive) + 1; //  To obtain the 1 Drive address 
		}
	}

	system("pause");
	return 0;
}

Traversal file specific path:

Loop through the file path and filter out the path with the.exe suffix.


#include <stdio.h>
#include <windows.h>
#include <tlhelp32.h>

void SearchFile(char *pszDirectory)
{
	//  Searches for files of the specified type 
	char *pszFileName = NULL;
	char *pTempSrc = NULL;
	WIN32_FIND_DATA FileData = { 0 };

	//  Request dynamic memory 
	pszFileName = new char[2048];
	pTempSrc = new char[2048];

	//  Construct a search file type string  *.*  Represents a search for all file types 
	wsprintf(pszFileName, "%s\\*.*", pszDirectory);

	HANDLE hFile = ::FindFirstFile(pszFileName, &FileData);
	if (INVALID_HANDLE_VALUE != hFile)
	{
		do
		{
			//  Filters out the current directory "."  And on the 1 Layer directory ".."
			if ('.' == FileData.cFileName[0])
				continue;

			//  Splice file path 	
			wsprintf(pTempSrc, "%s\\%s", pszDirectory, FileData.cFileName);
			//  Determine if it is a directory or a file 
			if (FileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
				SearchFile(pTempSrc);     //  If it is a directory, recursion continues 
			else
			{
				char drive[_MAX_DRIVE], dir[_MAX_DIR], fname[_MAX_FNAME], ext[_MAX_EXT];
				_splitpath(pTempSrc, drive, dir, fname, ext);
				//  If it is a file and the suffix is .exe Output the specific path 
				if (strcmp(ext, ".exe") == 0)
					printf("%s \n", pTempSrc);
			}
		} while (::FindNextFile(hFile, &FileData));
	}
	FindClose(hFile);
	delete[]pTempSrc;
	delete[]pszFileName;
}

int main(int argc, char * argv[])
{
	SearchFile("c:\\MinGW7");
	system("pause");
	return 0;
}

Monitor file directory changes:


#include <stdio.h>
#include <windows.h>
#include <tlhelp32.h>

UINT MonitorFileThreadProc(LPVOID lpVoid)
{
	char *pszDirectory = (char *)lpVoid;

	//  Open directory ,  Gets a file handle 
	HANDLE hDirectory = CreateFile(pszDirectory, FILE_LIST_DIRECTORY, FILE_SHARE_READ | FILE_SHARE_WRITE,
		NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
	if (INVALID_HANDLE_VALUE == hDirectory)
		return 1;

	char szFileName[MAX_PATH] = { 0 };
	BOOL bRet = FALSE;
	DWORD dwRet = 0;
	DWORD dwBufferSize = 2048;

	//  To apply for 1 A sufficiently large buffer  
	BYTE *pBuf = new BYTE[dwBufferSize];
	if (NULL == pBuf)
		return 2;

	FILE_NOTIFY_INFORMATION *pFileNotifyInfo = (FILE_NOTIFY_INFORMATION *)pBuf;

	//  Start loop setup monitoring 
	do
	{
		RtlZeroMemory(pFileNotifyInfo, dwBufferSize);
		//  Set monitoring directory 
		bRet = ReadDirectoryChangesW(hDirectory, pFileNotifyInfo, dwBufferSize, TRUE,
			FILE_NOTIFY_CHANGE_FILE_NAME |			//  Modify file name 
			FILE_NOTIFY_CHANGE_ATTRIBUTES |			//  Modify file properties 
			FILE_NOTIFY_CHANGE_LAST_WRITE,			//  The last 1 Time to write 
			&dwRet, NULL, NULL);
		if (FALSE == bRet)
			break;

		//  Converts a wide character to a narrow character , Wide - byte string to multi - byte string 
		WideCharToMultiByte(CP_ACP, 0, (wchar_t *)(&pFileNotifyInfo->FileName),
			(pFileNotifyInfo->FileNameLength / 2),szFileName,MAX_PATH,NULL,NULL);

		//  Connect the path to the file as a full file path 
		char FullFilePath[1024] = { 0 };
		strncpy(FullFilePath, pszDirectory, strlen(pszDirectory));
		strcat(FullFilePath, szFileName);

		//  Determine the operation type and display it 
		switch (pFileNotifyInfo->Action)
		{
			case FILE_ACTION_ADDED:
				printf(" The file is  [ create ]: %s \n", FullFilePath); break;
			case FILE_ACTION_REMOVED:
				printf(" The file is  [ delete ]: %s \n", FullFilePath); break;
			case FILE_ACTION_MODIFIED:
				printf(" The file is  [ Modify the ]: %s \n", FullFilePath); break;
			case FILE_ACTION_RENAMED_OLD_NAME:
				printf(" The file is  [ rename ]: %s \n", FullFilePath); break;
		}
	} while (bRet);

	CloseHandle(hDirectory);
	delete[] pBuf;
	pBuf = NULL;
	return 0;
}

int main(int argc, char * argv[])
{
	char *pszDirectory = "C:\\";
	//  Create threads to start monitoring 
	CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MonitorFileThreadProc, pszDirectory, 0, NULL);
	while (1)
	{
		Sleep(10000);
	}
	system("pause");
	return 0;
}

Monitor directory file changes:

It can be changed to a simple file tamper - proof program, can also be used to monitor the behavior of viruses.


#include <stdio.h>
#include <Windows.h>
#include <tlhelp32.h>

DWORD WINAPI MonitorFileThreadProc(LPVOID lParam)
{
	char *pszDirectory = (char *)lParam;
	BOOL bRet = FALSE;
	BYTE Buffer[1024] = { 0 };

	FILE_NOTIFY_INFORMATION *pBuffer = (FILE_NOTIFY_INFORMATION *)Buffer;
	DWORD dwByteReturn = 0;
	HANDLE hFile = CreateFile(pszDirectory, FILE_LIST_DIRECTORY, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
		NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
	if (INVALID_HANDLE_VALUE == hFile)
		return 1;

	while (TRUE)
	{
		ZeroMemory(Buffer, sizeof(Buffer));
		//  Set the monitor directory callback function 
		bRet = ReadDirectoryChangesW(hFile,&Buffer,sizeof(Buffer),TRUE,
			FILE_NOTIFY_CHANGE_FILE_NAME |			//  Modify file name 
			FILE_NOTIFY_CHANGE_ATTRIBUTES |			//  Modify file properties 
			FILE_NOTIFY_CHANGE_LAST_WRITE,			//  The last 1 Time to write 
			&dwByteReturn, NULL, NULL);
		if (TRUE == bRet)
		{
			char szFileName[MAX_PATH] = { 0 };

			//  Converts a wide character to a narrow character , Wide - byte string to multi - byte string 
			WideCharToMultiByte(CP_ACP,0,pBuffer->FileName,(pBuffer->FileNameLength / 2),
				szFileName,MAX_PATH,NULL,NULL);

			//  Connect the path to the file as a full file path 
			char FullFilePath[1024] = { 0 };
			strncpy(FullFilePath, pszDirectory, strlen(pszDirectory));
			strcat(FullFilePath, szFileName);

			switch (pBuffer->Action)
			{
				case FILE_ACTION_ADDED:
				{
					printf(" add : %s \n", FullFilePath); break;
				}
				case FILE_ACTION_REMOVED:
				{
					printf(" delete : %s \n", FullFilePath); break;
				}
				case FILE_ACTION_MODIFIED:
				{
					printf(" Modify the : %s \n", FullFilePath); break;
				}
				case FILE_ACTION_RENAMED_OLD_NAME:
				{
					printf(" rename : %s", szFileName);
					if (0 != pBuffer->NextEntryOffset)
					{
						FILE_NOTIFY_INFORMATION *tmpBuffer = (FILE_NOTIFY_INFORMATION *)
							((DWORD)pBuffer + pBuffer->NextEntryOffset);
						switch (tmpBuffer->Action)
							{
								case FILE_ACTION_RENAMED_NEW_NAME:
								{
									ZeroMemory(szFileName, MAX_PATH);
									WideCharToMultiByte(CP_ACP,0,tmpBuffer->FileName,
										(tmpBuffer->FileNameLength / 2),
										szFileName,MAX_PATH,NULL,NULL);
									printf(" -> %s \n", szFileName);
									break;
								}
							}
					}
					break;
				}
				case FILE_ACTION_RENAMED_NEW_NAME:
				{
					printf(" rename (new): %s \n", FullFilePath); break;
				}
			}
		}
	}
	CloseHandle(hFile);
	return 0;
}

int main(int argc, char * argv[])
{
	char *pszDirectory = "C:\\";

	HANDLE hThread = CreateThread(NULL, 0, MonitorFileThreadProc, pszDirectory, 0, NULL);
	WaitForSingleObject(hThread, INFINITE);
	CloseHandle(hThread);
	return 0;
}

That's how C/C++ monitors disk and directory operations. For more information on C/C++ monitors disk and directory operations, check out the other articles on this site!

[

lyshark
Article source: https: / / www cnblogs. com/lyshark

]

Related articles: