FanJ
February 14th, 2003, 08:21 PM
The discussion topic of this thread is:
What would/should we expect our File Integrity Checker to do with a file with attr h.
Do we want our File Integrity Checker to return an HASH-checksum for it or are we satisfied with a result "file doesn't exist"?
I will give you examples on my Windows 98 SE system.
Look at the file C:\WINDOWS\desktop.ini
What tells NISFileCheck me about C:\WINDOWS\desktop.ini
It has no problem with it:
Application: c:\windows\desktop.ini
Status: Unchanged
Version old: N/A
Size old: 266
Date old: 1999-08-11 14:27:30
RMD160 Hash old: FCE14CA2CAD28DA980A09712ADEEC0684B167DD7
Look at the file C:\WINDOWS\System\wsock32.dll in case you have installed SockLock from PSC (link: http://www.nsclean.com/socklock.html ).
NISFileCheck has no problem with it:
Application: c:\windows\system\wsock32.dll
Status: Unchanged
Version old: 4.10.1998
Size old: 40960
Date old: 1999-08-11 14:13:18
RMD160 Hash old: BEC911836E9672BEF5620544E28CA8B9471B48E3
Now we will have a look at the CRC32-test in TDS-3.
What does it tells me?
07:53:09 [CRC32] Started - verifying 124 files ...
07:53:10 [CRC32] File doesn't exist: C:\WINDOWS\desktop.ini
07:53:11 [CRC32] File doesn't exist: C:\WINDOWS\System\wsock32.dll
07:53:15 [CRC32] Test finished.
What have wsock32.dll and desktop.ini in common?
They both have the attr r and h.
Now we will try C:\Program Files\desktop.ini :
Its attr is: h
What says NISFileCheck:
Application: c:\program files\desktop.ini
Status: Unchanged
Version old: N/A
Size old: 266
Date old: 1999-08-11 14:27:30
RMD160 Hash old: FCE14CA2CAD28DA980A09712ADEEC0684B167DD7
What says the CRC32-test in TDS-3:
08:20:09 [CRC32] File doesn't exist: C:\Program Files\desktop.ini
Now I take a complete different HASH-utility:
Karen's Hasher that calculates a MD5 Hash:
Link: http://www.karenware.com/powertools/pthasher.asp
What tells Karen's Hasher me about those files:
C:\WINDOWS\desktop.ini :
MD5 is EC6C63693372A4135193789DD2CB7CB1
C:\WINDOWS\System\wsock32.dll :
MD5 is F9F23B6D7AE19BD7DAD676B26ACA2558
c:\program files\desktop.ini
MD5 is EC6C63693372A4135193789DD2CB7CB1
What would/should we expect our File Integrity Checker to do with a file with attr h.
Do we want our File Integrity Checker to return an HASH-checksum for it or are we satisfied with a result "file doesn't exist"?
I will give you examples on my Windows 98 SE system.
Look at the file C:\WINDOWS\desktop.ini
What tells NISFileCheck me about C:\WINDOWS\desktop.ini
It has no problem with it:
Application: c:\windows\desktop.ini
Status: Unchanged
Version old: N/A
Size old: 266
Date old: 1999-08-11 14:27:30
RMD160 Hash old: FCE14CA2CAD28DA980A09712ADEEC0684B167DD7
Look at the file C:\WINDOWS\System\wsock32.dll in case you have installed SockLock from PSC (link: http://www.nsclean.com/socklock.html ).
NISFileCheck has no problem with it:
Application: c:\windows\system\wsock32.dll
Status: Unchanged
Version old: 4.10.1998
Size old: 40960
Date old: 1999-08-11 14:13:18
RMD160 Hash old: BEC911836E9672BEF5620544E28CA8B9471B48E3
Now we will have a look at the CRC32-test in TDS-3.
What does it tells me?
07:53:09 [CRC32] Started - verifying 124 files ...
07:53:10 [CRC32] File doesn't exist: C:\WINDOWS\desktop.ini
07:53:11 [CRC32] File doesn't exist: C:\WINDOWS\System\wsock32.dll
07:53:15 [CRC32] Test finished.
What have wsock32.dll and desktop.ini in common?
They both have the attr r and h.
Now we will try C:\Program Files\desktop.ini :
Its attr is: h
What says NISFileCheck:
Application: c:\program files\desktop.ini
Status: Unchanged
Version old: N/A
Size old: 266
Date old: 1999-08-11 14:27:30
RMD160 Hash old: FCE14CA2CAD28DA980A09712ADEEC0684B167DD7
What says the CRC32-test in TDS-3:
08:20:09 [CRC32] File doesn't exist: C:\Program Files\desktop.ini
Now I take a complete different HASH-utility:
Karen's Hasher that calculates a MD5 Hash:
Link: http://www.karenware.com/powertools/pthasher.asp
What tells Karen's Hasher me about those files:
C:\WINDOWS\desktop.ini :
MD5 is EC6C63693372A4135193789DD2CB7CB1
C:\WINDOWS\System\wsock32.dll :
MD5 is F9F23B6D7AE19BD7DAD676B26ACA2558
c:\program files\desktop.ini
MD5 is EC6C63693372A4135193789DD2CB7CB1