Win7 how to display military time and seconds in a DIR command

#1
Hardware/Software
. existing HP notebook with Win7 32bit

Symptoms
. to diagnose a virus attack, it helps to know, to the second, when a file
was updated. With only a sorted ADMIN DIR output B 4 the restore, it could
only log to the minute. Tho I eventually saw the files it created, seconds
are more accurate in tracking the events THAT AREN'T SURPRESSED!
Attempts to address
. many; ...
... DIR; looked in help, tried /t w/DIRCMD, searched around; nothing.
...... It may be in physical order tho, so there may be SOME order
... explorer/prop just says "within 7 hours", eventually (days/weeks?)
showing the second. HARDLY USEFUL AT THE TIME!!
... powershell showed the time to milliseconds, but only for a single file.

Solution
I wrote an MASM assembler program using INT21h/4E&Fh with an IBM mainframe
flavor (a la VSAM) to chain&swap multiple active DTA requests per DIR (based
on day (ie: TODAY)), like RPLs after POINTs. Using CMSort.exe w/the few
hundred I get daily, I get a .txt file, for example, sorted to the millisecond,
which runs surprisingly quick (<1min; 5sec when buffered) against the root drive:
2013/03/12 22:13:07.418 0000018939 a CMSORT.BAT C:\DAD\CMSort &C:\DAD\CMSort\CMSORT.BAT &
I'd like to hear any other solutions anyone else has for this issue...

#####

DSNTODAY system now available
For anyone interested, my program is available here:
http://users.foxvalley.net/~qcd/index4.htm
If your platform is x86 and supports the Win32 API,
download the .zip file to a DIRectory and extract it, then
either make a Shortcut on your Desktop, double-click the .BAT
file using Explorer, or use cmd.exe (the .BAT has the doc).
In about a minute or so, the console window should PAUSE
with this message:
date&time 32bit Good: DSNTODAY=0,CMSort=N/A ...
but the .log file in your extracted DIR now shows all the
"non-System" files updated today on your C: drive in
"alphabetical" order. The first run may have to perform
disk I/O, but still should run in less than a minute.
This "N/A" failure is just until the .BAT file knows about
CMSort, when the file can be sorted by descending date&time.

This is kinda what I was expecting PowerShell to do.
An issue with a 'DIR /o-d' is that it doesn't span directories.
I set this up to AUTOMATICALLY and SILENTLY run at intervals
with Windows Task Scheduler, showing files&DIRs updated today;
you can decide whether to append or over-write the .log file
whenever and however you decide to run it.

Perhaps businesses that offer guests Internet access would
find this beneficial for both, or for parents monitoring what
their children surf to, or for anyone that got infected to
easily find the bogus file(s) and when they were implanted,
or to find ANY files that have a logically-bogus date&time.

Have fun...

NOTE: CMSort.exe can be downloaded from here:
http://www.chmaas.handshake.de/delphi/freeware/cmsort/cmsort.htm

#####

Watch for any recently implanted executables
I added an option to watch for any executable files that were recently implanted,
or to list all executables, based on the PATHEXT Environment Variable, plus a few more.
In addition, I can look at all 3 file timestamps at once. This means that, for
example, if a file, such as a .dll, a .lnk, a .exe, or more, is CREATED by a trojan,
even if its' attributes are System and/or Hidden, I'll now see any within 5 minutes
(the minimum time allowed by WTS), and the sort places them at the top.
This now replaces what I used to do manually every day using multiple
sorted ADMIN DIR outputs for monitoring executables, while the regular run
(as supplied) monitors any other files that are UPDATED.
 


#2
I added an external monitor that will beep within 5 minutes whenever an executable
is detected with the current date. This way, even when surfing under the GUEST LID,
I can use audio cues to keep track of my system...
 


Josephur

Windows Forum Admin
Staff member
Premium Supporter
#3
I suggest you move your program to a GUI based program that could show a report daily. I used to work on projects like this for myself, however the way you have it bundled using lots of batch files and little components makes people very wary to try out your software, and not sure if they should trust it or not. Something such as Everything seems to do a better job for myself :)
 


Neemobeer

Windows Forum Team
Staff member
#4
If you're just wanting to identify changes in your filesystem for virus detection then I'd use AIDE. aide.sourceforge.net It's basically a free clone of Tripwire.
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.