Hidden Files

Discussion in 'NIS File Check Forum' started by FanJ, Feb 14, 2003.

Thread Status:
Not open for further replies.
  1. FanJ
    Offline

    FanJ Guest

    The discussion topic of this thread is:

    What would/should we expect our File Integrity Checker to do with a file with attr h.
    Do we want our File Integrity Checker to return an HASH-checksum for it or are we satisfied with a result "file doesn't exist"?

    I will give you examples on my Windows 98 SE system.

    Look at the file C:\WINDOWS\desktop.ini

    What tells NISFileCheck me about C:\WINDOWS\desktop.ini

    It has no problem with it:
    Application: c:\windows\desktop.ini
    Status: Unchanged
    Version old: N/A
    Size old: 266
    Date old: 1999-08-11 14:27:30
    RMD160 Hash old: FCE14CA2CAD28DA980A09712ADEEC0684B167DD7


    Look at the file C:\WINDOWS\System\wsock32.dll in case you have installed SockLock from PSC (link: http://www.nsclean.com/socklock.html ).

    NISFileCheck has no problem with it:

    Application: c:\windows\system\wsock32.dll
    Status: Unchanged
    Version old: 4.10.1998
    Size old: 40960
    Date old: 1999-08-11 14:13:18
    RMD160 Hash old: BEC911836E9672BEF5620544E28CA8B9471B48E3

    Now we will have a look at the CRC32-test in TDS-3.
    What does it tells me?

    07:53:09 [CRC32] Started - verifying 124 files ...
    07:53:10 [CRC32] File doesn't exist: C:\WINDOWS\desktop.ini
    07:53:11 [CRC32] File doesn't exist: C:\WINDOWS\System\wsock32.dll
    07:53:15 [CRC32] Test finished.

    What have wsock32.dll and desktop.ini in common?
    They both have the attr r and h.


    Now we will try C:\Program Files\desktop.ini :
    Its attr is: h

    What says NISFileCheck:

    Application: c:\program files\desktop.ini
    Status: Unchanged
    Version old: N/A
    Size old: 266
    Date old: 1999-08-11 14:27:30
    RMD160 Hash old: FCE14CA2CAD28DA980A09712ADEEC0684B167DD7

    What says the CRC32-test in TDS-3:

    08:20:09 [CRC32] File doesn't exist: C:\Program Files\desktop.ini


    Now I take a complete different HASH-utility:
    Karen's Hasher that calculates a MD5 Hash:
    Link: http://www.karenware.com/powertools/pthasher.asp

    What tells Karen's Hasher me about those files:

    C:\WINDOWS\desktop.ini :
    MD5 is EC6C63693372A4135193789DD2CB7CB1

    C:\WINDOWS\System\wsock32.dll :
    MD5 is F9F23B6D7AE19BD7DAD676B26ACA2558

    c:\program files\desktop.ini
    MD5 is EC6C63693372A4135193789DD2CB7CB1
Thread Status:
Not open for further replies.