Is there a way to determine that the file was created programmatically, and not just copied? Those. for my program to work, I have to know for sure that the file was created on this particular machine.
Kromster
9,782 7 golden marks 31 silver badge 59 bronze marks
grotsun grotsun
170 1 golden mark 5 silver marks 18 bronze marks
|
3 answers
This can be determined by the difference between the creation date and the date the file was modified.
If the file was created programmatically, the date of its modification cannot be earlier than the date of creation. And if the file was copied, the time of its creation will coincide with the time of copying, and the time of the change will remain the same and most likely will be earlier than the time of creation.
Modus modus
8,338 18 silver marks 56 bronze marks
- oneOf course, all this, provided that this information is correct and that it is not about samba, etc. - cy6erGn0m
- Normal file managers copy along with dates. - Qwertiy ♦
|
They are all created by software =)
And the file system doesn’t care who created it - your program or any file manager - the file entry will not change.
If you have not monitored and interceptors on the file system functions, like an antivirus, then I think you will not know.
Alexey Sonkin Alexey Sonkin
3.802 12 silver marks 21 bronze marks
|
In the case of files downloaded from the Internet, and their subsequent launch, the shell knows that the file was received from an unsafe source. How? And it’s very simple - on NTFS partitions there are inaccessible directly additional file streams. I think that by analyzing their contents, you can get the necessary information.
If the task is more global (for example, you write an antivirus) and there is a possibility of parsing at the sector level of the file system - you can, for example, study the file system logfile.
gecube gecube
13.4k 25 silver marks 45 bronze marks
|