Determine if file is critical system file, HOW

[N_Win_Member]

I wanna code to know if file is critical system file (like CONFIG.SYS , NTDETECT.COM , autoexec.bat)

I tried to use code to get file attributes and see if the file has "System" attribute but i found files like autoexec.bat hasn't "system" attribute.

I try to use that C# code but it doesn't work too (Every Time it gives me "True" value)

 public static string isFileSystem(string FileName)
		{
			try
			{
			   Type oType = Type.GetTypeFromProgID("Shell.Application");
			   object objShell = Activator.CreateInstance(oType);
			   object objFolder = oType.InvokeMember("Namespace", System.Reflection.BindingFlags.InvokeMethod, null, objShell, new object[] { new FileInfo(FileName).DirectoryName });
			   object objFolderItem = oType.InvokeMember("ParseName", System.Reflection.BindingFlags.InvokeMethod, null, objFolder, new object[] { new FileInfo(FileName).Name });
			   return oType.InvokeMember("isFileSystem", System.Reflection.BindingFlags.GetProperty, null, objFolderItem , null).ToString();
			}
			catch { return ""; }
		}

The Same code in VB.NET (without Blinding Codes) is

 Public Shared Function isFileSystem(ByVal FileName As String) As String
		Try 
			 Set objShell = CreateObject("Shell.Application")
			 Set objFolder = objShell.Namespace(new FileInfo(FileName).DirectoryName)
			 Set objFolderItem = objFolder.ParseName(new FileInfo(FileName).Name)
			 Return objFolderItem.IsFileSystem.ToString
		Catch
			 Return ""
		End Try
	End Function

I don't know where is the error.

If you have any other code can do the same task without too long codes it'll be good.

[azcodemonkey]

This should work in 1.1 or 2.0:

 
	internal class MyMainClass
	{
		public static void Main()
		{
			FileAttributes fas = File.GetAttributes(@"c:\pagefile.sys");
			FileAttributes fa = File.GetAttributes(@"c:\YServer.txt");
			// should be true
			Console.WriteLine("Is System? {0}", (fas & FileAttributes.System) > 0);
			// should be false
			Console.WriteLine("Is System? {0}", (fa & FileAttributes.System) > 0);
		}
	}

In VB

Imports System.IO
Module Module1

	Sub Main()
		Dim fas As FileAttribute
		Dim fa As FileAttribute

		fas = File.GetAttributes("c:\pagefile.sys")
		fa = File.GetAttributes("c:\YServer.txt")

		Console.WriteLine("Is System? {0}", (fas And FileAttribute.System) > 0)
		Console.WriteLine("Is System? {0}", (fa And FileAttribute.System) > 0)
	End Sub

End Module

Edited December 30, 2006 by azcodemonkey

[N_Win_Member]

Soryy but i think you didn't understand what i was saying.

There is some files like autoexec.bat has no system attributes althouugh it's critical system file.

HOW Can I solve that ?

[azcodemonkey]

  N_Win_Member said:

Soryy but i think you didn't understand what i was saying.

There is some files like autoexec.bat has no system attributes althouugh it's critical system file.

HOW Can I solve that ?

That IsFileSystem property just determines if it's part of the Windows file system, which is why it returns true all the time.

There must be a way to determine it, but it looks as if it is undocumented. I'll dig around to see what I can find.

[John Veteran]

You'll have to define "critical system file" first. Every file on your hard drive serves some purpose, and without that file, the functionality it provides will be lost.

[~InstaShock~]

hi ! Emm, I think i'm correct in saying this, but for Windows versions above 98(2000 and xp) Config.sys , Autoexec.bat are NOT critical system files and hence maybe not marked as system. But i don't think the file attribute 'System' is the way to go about it

take for example, the file (in WinXP) C:\Windows\System32\ntoskrnl.exe i guess we could call it System critical but it has no "System" attribute to it.

I think u should maintain a list of system files and compare from that !

[azcodemonkey]

I think he means "system file" by the way files are hidden. config.sys and autoexec.bat are hidden in XP. If you uncheck Hide Protected Operating System Files, and select Show Hidden Files and Folders, they show up, and hide when vice versa. I'm kind of curious as to how that is done. So far, I cannot find anything that specifies which files are considered protected OS files.

[~InstaShock~]

@azcodemonkey

but that would mean that the file i said "ntoskrnl.exe" is not a system file since it does not hide with the "hide protected operating system files"...in any case..i guess, to me maintaining a list of files that we think are system is the only option, i give up !!

[Wilhelmus]

Well there's SfcIsFileProtected function:

  Quote

Determines whether the specified file is protected (by Windows File Protection). Applications should avoid replacing protected system files.

Sample code, C#:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.Runtime.InteropServices;

namespace WindowsApplication1
{
	public partial class Form1 : Form
	{

		[DllImport("sfc.dll")]
		static extern int SfcIsFileProtected(int handle, [MarshalAs(UnmanagedType.LPWStr)] string path);

		public Form1()
		{
			InitializeComponent();
		}

		private void button1_Click(object sender, EventArgs e)
		{
			if (SfcIsFileProtected(0, textBox1.Text.ToString()) == 0)
			{
				MessageBox.Show("The: " + textBox1.Text + "\r\nNot protected");
			}
			else
			{
				MessageBox.Show("The: " + textBox1.Text + "\r\nIs protected");
			}
		}
	}
}

[Andareed]

If you are referring to "Show hidden files and folders" setting, you can use IShellFolder::GetAttributesOf or SHGetFileInfo with SFGAO_HIDDEN.

[azcodemonkey]

Ahhh... The consistency of the Win32 API is astounding. :pinch: I don't think it's doable via the API, N_Win.

@Wilhelmus, I think that's for files that are stored in windows/system32/dllcache as part of the Windows File Protection scheme. But, good find, nonetheless.

@Andareed, I'm pretty sure that GetAttributesOf is the equivalent of using FileAttributes. If you only select Show hidden files and folders, config.sys/autoexec.bat/boot.ini, et al, don't show. They only show if you uncheck Hide protected operating system files(Recommended) as well. To boot, config.sys, autoexec.bat, etc, are only tagged as Archive, not Hidden nor System.

I think you're full on correct, ~InstaShock~. A list was actually my initial thought, and I figured it would be in the registry, but I cannot find a thing that declares config.sys as a critical file, which I agree with you on about it not being so.

N_Win, you may want to head over to SysInternals' forum and ask there. Those guys know everything. LOL

[Andareed]

If you check the description for IShellFolder::GetAttributesOf, for SFGAO_HIDDEN, it says the following:

  Quote

The item is hidden and should not be displayed unless the Show hidden files and folders option is enabled in Folder Settings.

You could try contacting a shell MVP to see if they can shed more light on how shell knows what files to hide.

[N_Win_Member]

Sorry For my wait replay and Thanks for all these replies and tries. But We are still having the problem here.

First for Wilhelmus Replay that was taking about SfcIsFileProtected sub it doesn't work for all system files it only works with protected files.

About Andareed idea which i was trying to use from the beginning ( Using Shell Method ) but with less complicate way. i was tring to use isfilesystem property that i have found in the following Microsoft link http://msdn2.microsoft.com/en-us/ms723191.aspx It was giving true in each time.

Another way by using shell i found and is working properly but with too long codes can be found in the project http://www.codeproject.com/vb/net/ExpCombo.asp. There is an item called Cshitem in previous explorer project which you can give a path then it will give you a lot of this file or folder properties. By using property called 'IsFileSystem' (one Cshitem properties) you can determine if this file is critical system file and if windows will hide or not. But as I said That is too long and complicated way.

If anyone can fix the first code or have another small code, it will be so good.

Thanks

Edited December 31, 2006 by N_Win_Member