• 0

Determine if file is critical system file, HOW


Question

I wanna code to know if file is critical system file (like CONFIG.SYS , NTDETECT.COM , autoexec.bat)

I tried to use code to get file attributes and see if the file has "System" attribute but i found files like autoexec.bat hasn't "system" attribute.

I try to use that C# code but it doesn't work too (Every Time it gives me "True" value)

 public static string isFileSystem(string FileName)
		{
			try
			{
			   Type oType = Type.GetTypeFromProgID("Shell.Application");
			   object objShell = Activator.CreateInstance(oType);
			   object objFolder = oType.InvokeMember("Namespace", System.Reflection.BindingFlags.InvokeMethod, null, objShell, new object[] { new FileInfo(FileName).DirectoryName });
			   object objFolderItem = oType.InvokeMember("ParseName", System.Reflection.BindingFlags.InvokeMethod, null, objFolder, new object[] { new FileInfo(FileName).Name });
			   return oType.InvokeMember("isFileSystem", System.Reflection.BindingFlags.GetProperty, null, objFolderItem , null).ToString();
			}
			catch { return ""; }
		}

The Same code in VB.NET (without Blinding Codes) is

 Public Shared Function isFileSystem(ByVal FileName As String) As String
		Try 
			 Set objShell = CreateObject("Shell.Application")
			 Set objFolder = objShell.Namespace(new FileInfo(FileName).DirectoryName)
			 Set objFolderItem = objFolder.ParseName(new FileInfo(FileName).Name)
			 Return objFolderItem.IsFileSystem.ToString
		Catch
			 Return ""
		End Try
	End Function

I don't know where is the error.

If you have any other code can do the same task without too long codes it'll be good.

12 answers to this question

Recommended Posts

  • 0

This should work in 1.1 or 2.0:

 
	internal class MyMainClass
	{
		public static void Main()
		{
			FileAttributes fas = File.GetAttributes(@"c:\pagefile.sys");
			FileAttributes fa = File.GetAttributes(@"c:\YServer.txt");
			// should be true
			Console.WriteLine("Is System? {0}", (fas & FileAttributes.System) > 0);
			// should be false
			Console.WriteLine("Is System? {0}", (fa & FileAttributes.System) > 0);
		}
	}

In VB

Imports System.IO
Module Module1

	Sub Main()
		Dim fas As FileAttribute
		Dim fa As FileAttribute

		fas = File.GetAttributes("c:\pagefile.sys")
		fa = File.GetAttributes("c:\YServer.txt")

		Console.WriteLine("Is System? {0}", (fas And FileAttribute.System) > 0)
		Console.WriteLine("Is System? {0}", (fa And FileAttribute.System) > 0)
	End Sub

End Module

Edited by azcodemonkey
  • 0
  N_Win_Member said:

Soryy but i think you didn't understand what i was saying.

There is some files like autoexec.bat has no system attributes althouugh it's critical system file.

HOW Can I solve that ?

That IsFileSystem property just determines if it's part of the Windows file system, which is why it returns true all the time.

There must be a way to determine it, but it looks as if it is undocumented. I'll dig around to see what I can find.

  • 0

hi ! Emm, I think i'm correct in saying this, but for Windows versions above 98(2000 and xp) Config.sys , Autoexec.bat are NOT critical system files and hence maybe not marked as system. But i don't think the file attribute 'System' is the way to go about it

take for example, the file (in WinXP) C:\Windows\System32\ntoskrnl.exe i guess we could call it System critical but it has no "System" attribute to it.

I think u should maintain a list of system files and compare from that !

  • 0

I think he means "system file" by the way files are hidden. config.sys and autoexec.bat are hidden in XP. If you uncheck Hide Protected Operating System Files, and select Show Hidden Files and Folders, they show up, and hide when vice versa. I'm kind of curious as to how that is done. So far, I cannot find anything that specifies which files are considered protected OS files.

  • 0

@azcodemonkey

but that would mean that the file i said "ntoskrnl.exe" is not a system file since it does not hide with the "hide protected operating system files"...in any case..i guess, to me maintaining a list of files that we think are system is the only option, i give up !!

  • 0

Well there's SfcIsFileProtected function:

  Quote
Determines whether the specified file is protected (by Windows File Protection). Applications should avoid replacing protected system files.

Sample code, C#:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.Runtime.InteropServices;

namespace WindowsApplication1
{
	public partial class Form1 : Form
	{

		[DllImport("sfc.dll")]
		static extern int SfcIsFileProtected(int handle, [MarshalAs(UnmanagedType.LPWStr)] string path);

		public Form1()
		{
			InitializeComponent();
		}

		private void button1_Click(object sender, EventArgs e)
		{
			if (SfcIsFileProtected(0, textBox1.Text.ToString()) == 0)
			{
				MessageBox.Show("The: " + textBox1.Text + "\r\nNot protected");
			}
			else
			{
				MessageBox.Show("The: " + textBox1.Text + "\r\nIs protected");
			}
		}
	}
}

  • 0

Ahhh... The consistency of the Win32 API is astounding. :pinch: I don't think it's doable via the API, N_Win.

@Wilhelmus, I think that's for files that are stored in windows/system32/dllcache as part of the Windows File Protection scheme. But, good find, nonetheless.

@Andareed, I'm pretty sure that GetAttributesOf is the equivalent of using FileAttributes. If you only select Show hidden files and folders, config.sys/autoexec.bat/boot.ini, et al, don't show. They only show if you uncheck Hide protected operating system files(Recommended) as well. To boot, config.sys, autoexec.bat, etc, are only tagged as Archive, not Hidden nor System.

I think you're full on correct, ~InstaShock~. A list was actually my initial thought, and I figured it would be in the registry, but I cannot find a thing that declares config.sys as a critical file, which I agree with you on about it not being so.

N_Win, you may want to head over to SysInternals' forum and ask there. Those guys know everything. LOL

  • 0

If you check the description for IShellFolder::GetAttributesOf, for SFGAO_HIDDEN, it says the following:

  Quote
The item is hidden and should not be displayed unless the Show hidden files and folders option is enabled in Folder Settings.

You could try contacting a shell MVP to see if they can shed more light on how shell knows what files to hide.

  • 0

Sorry For my wait replay and Thanks for all these replies and tries. But We are still having the problem here.

First for Wilhelmus Replay that was taking about SfcIsFileProtected sub it doesn't work for all system files it only works with protected files.

About Andareed idea which i was trying to use from the beginning ( Using Shell Method ) but with less complicate way. i was tring to use isfilesystem property that i have found in the following Microsoft link http://msdn2.microsoft.com/en-us/ms723191.aspx It was giving true in each time.

Another way by using shell i found and is working properly but with too long codes can be found in the project http://www.codeproject.com/vb/net/ExpCombo.asp. There is an item called Cshitem in previous explorer project which you can give a path then it will give you a lot of this file or folder properties. By using property called 'IsFileSystem' (one Cshitem properties) you can determine if this file is critical system file and if windows will hide or not. But as I said That is too long and complicated way.

If anyone can fix the first code or have another small code, it will be so good.

Thanks

Edited by N_Win_Member
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I don't think RTSS can show the real framerate. In fact, this is the first time I have ever heard about anything showing it.
    • Yeah, Deck's overlay has CPU temps. Maybe they don't want to rely on external dlls to provide CPU temperature graphs on all machines? From my experience with Rivatuner it can be annoying to select the correct CPU temperature sensor.
    • Why would I be praising Microsoft? You do realize I'm well aware the Gamebar is a stinking pile of crap and has been for years, right? Or are you one of those "if you don't critique something at every turn you area clearly a fanboy" people? Yes, MangoHUD is built into SteamOS's Big Picture mode, and up until a few weeks ago, SteamOS was exclusive to... the Steam Deck... for 3 years. Yet you were talking about it as if you didn't need to set it up yourself, like it was built into other distributions, which it wasn't. So if we ignore the real/fake framerate feature, it's really not much different than me setting up my Rivatuner/HWInfo overlay, is it? Valve had the option of building MangoHUD into Steam, like they are doing it now, for 3 years. So let's not pretend Windows hasn't had a basic way to display your framerate built in, keeping well aware how crap it actually is. And I'm not even counting your GPU driver company, because Nvidia, AMD and Intel have their own (somehow even worse than GameBar) overlays. And of course they won't tell you fake/real framerate, why would Nvidia nor AMD want to tell you? That is absolutely a +1 on Valve.
    • As much as I like the push towards Wayland (is Gnome still bickering about window decorations and "you are doing it wrong"ing rest of the industry?) but as an admin, the fact that the FreeRDP (because VNC is dead) implementation is not functional yet is really annoying, as that is what RHEL10, and Debian13, will be stuck with for the next 3-8 years.
    • qBittorrent 5.1.1 by Razvan Serea The qBittorrent project aims to provide a Free Software alternative to µtorrent. qBittorrent is an advanced and multi-platform BitTorrent client with a nice user interface as well as a Web UI for remote control and an integrated search engine. qBittorrent aims to meet the needs of most users while using as little CPU and memory as possible. qBittorrent is a truly Open Source project, and as such, anyone can and should contribute to it. qBittorrent features: Polished µTorrent-like User Interface Well-integrated and extensible Search Engine Simultaneous search in most famous BitTorrent search sites Per-category-specific search requests (e.g. Books, Music, Movies) All Bittorrent extensions DHT, Peer Exchange, Full encryption, Magnet/BitComet URIs, ... Remote control through a Web user interface Nearly identical to the regular UI, all in Ajax Advanced control over trackers, peers and torrents Torrents queueing and prioritizing Torrent content selection and prioritizing UPnP / NAT-PMP port forwarding support Available in ~25 languages (Unicode support) Torrent creation tool Advanced RSS support with download filters (inc. regex) Bandwidth scheduler IP Filtering (eMule and PeerGuardian compatible) IPv6 compliant Available on most platforms: Linux, Mac OS X, Windows, OS/2, FreeBSD qBittorrent 5.1.1 changelog: BUGFIX: Don't interpret wildcard pattern as filepath globbing (glassez) BUGFIX: Fix appearance of search history length spinbox (glassez) BUGFIX: Remove dubious seeding time max value (glassez) BUGFIX: Fix ratio handling (glassez) BUGFIX: Fix compilation with Qt 6.6.0 (glassez) WEBUI: Make General tab text selectable by default (dezza) WEBUI: Add versioning to local preferences (Chocobo1) WEBUI: Make multi-rename search & replace fields use a monospace font (Atk) WEBUI: Fix wrong replacement sequence in IPv6 string (Chocobo1) WEBUI: Fix memory leak (bolshoytoster) WEBUI: Fix path autofill in set location and new category (tehcneko) RSS: Mark matched article as "read" if it refers to a duplicate torrent (glassez) WINDOWS: Update command line help message (KanishkaHalder1771) WINDOWS: NSIS: Don't require agreement on the license page (Chocobo1) LINUX: Fix preview not opening on Wayland (Isak05) LINUX: Add fallback for random number generator (Chocobo1) Download: qBittorrent 5.1.1 | Portable | ~40.0 MB (Open Source) Download: qBittorrent 64-bit installer (qt6) | 41.7 MB Links: qBittorrent Home page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
  • Recent Achievements

    • Week One Done
      urbanmopdubai1 earned a badge
      Week One Done
    • One Month Later
      Jim Dugan earned a badge
      One Month Later
    • First Post
      Johnny Mrkvička earned a badge
      First Post
    • Week One Done
      viraltui earned a badge
      Week One Done
    • One Month Later
      serfegyed earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      654
    2. 2
      Michael Scrip
      227
    3. 3
      ATLien_0
      218
    4. 4
      Steven P.
      150
    5. 5
      Xenon
      145
  • Tell a friend

    Love Neowin? Tell a friend!