Sunday, June 28, 2015

CCRevEngCC

Initially after my training I had renewed interest in learning assembly language and try to develop a dissassembler. This is way back in 2011 or 2012. Sadly still disassembler development is going on. I started development of the dissassembler but abandoned it. But few months back I have again taken it up but with new design. So in those days we 3 of us - Me, Srivatsa, Shishir had created this google site. In this all the things we learnt about assembly language, and trails for developing assembly language are put up there. 


It has very useful resources.


And yeah you can see only Shishir was successful in creating disassembler. Hopefully I will do it as soon as possible.

List Files and Folders in Command Line interface

I was reading about File Systems in an Operating Systems book and suddenly thought of writing a tool which will list me all the files and folders of an OS. I had tried something similar to this previously with a GUI without much success. It is listed in my blog as List Files and Folders.

Well that previous attempt did helped me in getting an idea how not to start the development. First lesson learnt dont try to complete the design. First develop the basic and most simple stuff and then start adding on to it.

With this approach first thing I decided was I will not bother about GUI, rather it will be on Command Line interface. As a first iteration I will just list all the files and folders and their corresponding size. Later I added paths to this like absolute path, parent folder. Then show whether it is a file or a folder. Also try to show few attributes like is it hidden, is it readonly or is it system specific File/Folder. Once this is working fine, I latter added few other attributes like alternate name of the file/folder, creation time, last access time and last write time. This is display all this in a tab separated csv format.

Programming Aspect:

To represent a file or folder I have following structure -
typedef struct structFileFolder
{
WCHAR* strFileFolderName;
__int64 Size;
WCHAR* strAbsolutePath;
WCHAR* strParent;
WCHAR* strAlternameName;
SYSTEMTIME* sysTimeCreation;
SYSTEMTIME* sysTimeLastAccess;
SYSTEMTIME* sysTimeLastWrite;
DWORD dwAttributes;
bool isFolder;
bool isReadonly;
bool isHidden;
bool isSystem;
bool isEncrypted;
bool isCompressed;
bool isArchived;
}FileFolderInfo;

I have 3 main functions - 

extern "C" __declspec(dllexport) int ListFiles(char* strOption);
int ListFilesinPath(WCHAR* strPath, WCHAR* strParentPath);
int ListFilesOfDirectory(FileFolderInfo* folderInfo);

As you can see ListFiles function is exposed to outside world. This is the entry point for the file listing. strOption can be 3 things - ALL, a folder path, a file.
ALL means it will loop through all drives and list corresponding files and folders.
If it is not ALL it will check if it is a file or a folder. based on that it will take action.
It will actually call ListFilesinPath function. This intern will call ListFilesOfDirectory recursively to list all the files and folders. For iterating through the files I am using FindFirstFile, FindNextFile and FindFileData of Win32 API.

For creation time, last access time and write time, FindFileData has it in FILETIME structure. So I am converting to SYSTEMTIME when storing it in my FileFolderInfo structure. But when I am displaying I am converting it to a string format of type dd-MM-yyyy hh:mm:ss.

Also all the file attributes like isFolder, isReadOnly, isHidden, isSystem, isEncrypted, isCompressed, isArchived are derived from dwAttributes only.

To dynamically allocate memory and initialize FileFolder Info I have following function.
FileFolderInfo* GetFolderFileInfo();

Similarly to deallocate the memory for the same structure, I have following function
int CleanUpFolderFileInfo(FileFolderInfo* folderInfo);

For folders FindFileData does not provide you size. So we have to iterate through all the contents of the folder and add the size of each of these contents to get the size of the folder.

Following things are displayed about the file - it is similar to what structure is storing
File/Folder Name
Absolute Path of File/Folder
Parent Folder
Alternate Name of File/Folder
Is it a File of Folder
Is it Read Only
Is it Hidden
Is it System specific File/Folder
Is it Compressed
Is it Encrypted
Is it Archived
File/Folder Creation time
File/Folder Last access time
File/Folder Last Write time
File/Folder Attribute double word.

So code is present in the following github location -
https://github.com/harsha-kadekar/Disassembler.git

Actual code is present in two files - SystemStatistics.h and SystemStatistics.cpp of the project ProcessDissector.

These files will be later updated about other system statistics functions like listing process, services etc.