Recently I am trying to build a file system watcher on my computer with Windows 7. I am using FileSystemWatcher of Powershell, it works quite good! I can monitor file/folder creating, deleting, renaming and file changing, including all files and folders in subfolders. But when I want to monitor the situation that user opens a folder, for example by double clicking, I cannot find any event listeners in Powershell for that, but it is quite important for my file system watcher.
Does Powershell have this kind of event listener for getting the event of opening a folder? Or there is another better way to do it.
Related
I've implemented a user mode program and a Windows file system minifilter that creates a skeleton view of users files for a remote file storage system. It maps the remote files to the local drive. The user mode program creates a reparse tag for each file on the remote system. When a create request (e.g., CreateFile for read) is detected, the minifilter asks the user mode program to download the file. This should only happen when a program wants to open the file for viewing or editing.
But, I'm finding that Windows Explorer is triggering my files to download. I'd like to prevent the Explorer File windows and File Open/Save dialogs from
triggering downloads. And, I also want to display the file thumbnails and file
size.
[Update: I've found I can use Windows sparse files to show my remote
file size in Explorer. ]
Therefore, I have also implemented a Shell Extension, IThumbnailProvider, that downloads a rendition of the file. This provides the file thumbnails.
For my testing, I've registered the IThumbnailProvider for all files (*) and for .jpg files.
I'm seeing two interesting behaviors using a combination of Process Monitor and DebugView (both from SysInternals):
1. If I make my minifilter reject requests to open the file from Explorer, then my IThumbnailProvider is invoked.
2. If I permit open requests from Explorer, I see thumbcache.dll in the call stack trying to open the file and my IThumbnailProvider is not called. It appears that the default thumbnail provider reads the downloaded file and creates the thumbnail.
I must be missing something.
Update: if I use InitializeWithStream instead of InitializeWithFile, it appears my handler is invoked. But, that also triggers a download of the file.
There are many shell extension types which can access to your files. Icon handler can read file to create icon, Info tip handler can read file to create text hint, Data object handler can read file to create clipboard data and so on.
Questions from developer with the same problem: first and second. Solution was to create namespace shell extension. NSE can control all access to your files.
I'm in over my head. This is for my company who just laid off everyone that used to do this.
Quick summary: I have modified the registry so when you right click a folder, you get the option "Folder_To_PDF" and the data for the regedit is merge1.bat "%1" which runs a batch file that is located in C:\Windows
Problem: Click on "Folder to PDF" and it appears the cmd.exe opens for a brief second, then disappears but never actually executes. (It is supposed to open Ghostscript then do the folder to PDF)
What I've done: I have successfully made the batch file work by moving it from C:\Windows to the folder itself, where you can run the batch file and it opens Ghostscript fine. So I know it's not the batch file or Ghostscript setup. I think the problem is either 1) this is a corporate computer with corporate security, maybe not allowing it to run as admin? (I am an Admin by sheer lack of options) Or, the folder to pdf button does not know where to find the batch file, but I've already created a PATH in the environment variables.
I create a shell extension (DLL) that work properly, But when using the Uninstaller to remove the program that DLL not removed becuase it opened by Windows Explorer & i must use TaskManager to first close Explorer.exe then run it again and delete manualy that file (Shell Extenstion Dll),
Now my qustion is, How to delete Shell Extestion files in the Uninstaller script? I use Nullsoft Scriptable Install System 2.46 (NSIS) to create Setup program.
There is no good way to uninstall shell extensions on Windows.
Your best option is to try to delete the .dll and fall back to a reboot: Delete /RebootOK "$InstDir\MyExt.dll".
Another alternative is to try to move the .dll to %temp%. This will not unload the extension but it will allow you to delete everything else and the extension will not load the next time the user logs in. (This will only work if it is on the same volume as %temp%?)
It is important to remember that any application that uses the Open/Save common dialog or internally uses SHGetFileInfo(), IShellFolder or IShellItem could have loaded your extension so just killing Explorer might not be enough.
When deleting a folder that contains a file that is in use, it is common to see the following Windows 7 message,
"The action can't be completed because the folder or a file in it is open in another program."
I commonly have 10-20 programs open, 30-40 folders open, etc. In short, I have many executables running and many windows explorers open.
Does anyone know a simple trick to determine which program is using the file?
Does anyone know a simple trick to determine which file is blocking the delete operation?
This information would be highly useful to display in the Windows 7 'folder in use' dialog, but it is missing.
Consequently I have to close many of my open applications and folders to complete the delete operation. This is annoying because I have to re-open them after deleting them.
Have you seen this other question or this one?
I use to run ProccessExplorer and Find for the blocked folder.
Closing the application Malwarebytes allowed me to delete what I needed to via Windows Explorer.
Last few days i have been working on building an application to hide folders(thanks to the paid versions of such softwares). After a heavy googling I zeroed into some shell script that would first create a folder and then rename the folder to "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}". It would then hide this folder by using the command attrib -s -h Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}. The funda behind this is to make it a system folder and hide it. But if you would uncheck the Hide sytem folders in Folder option the control panel becomes visible. I would like to make this folder completely invisible as how the other folder protecting softwares do.
Can somebody throw some more light on this?
Thanks a ton...
Most folder hiding software works by implementing either an extension for Windows Explorer or a file system filter driver.
The first method means that certain items will not be visible when browsing folders in Windows via the UI, but will still be visible to other software and via the command prompt. For example, the Recycle Bin and Temporary Internet Files folders work this way.
The file system filter driver method proxies calls between Windows and the underlying file system and only allows certain requests through. This is similar to how virus scanners prevent access to infected files.
The general idea is that you hook the file system API's and filter out the file system entries you want to hide.
But JelloMonkey is right - this is rootkit behavior and you will get flagged as malicious by rootkit detectors for this kind of behavior. That's likely to get your entire directory quarantined or deleted.