XYplorer Beta Club

Posted: **18 Dec 2014 21:30**

Hi Forum, we have somewhat random files infected with Cryptolocker virus. We need to enumerate the full path to the infected files. I think we can do it based on the ransom note file deposited in each folder. Our restoration software requires an explicit list of files to restore. Here’s my ideas.

1) We can detect the base directory by searching on the “how_decrypt.gif” file that is present in all infected directories. I’ve done this already in XYPlorer and have a list of directories that have infected files. However, from this list, I need to enumerate all the contained files into another list for our backup software.
2) Approach two, would be a new enumeration effort, where Xyplorer can enumerate files in a directory IF the "how_decrypt.gif" file exists in the same directory!

Sorry I wasn't able to fully search the forum for the answer! Any help is appreciated.

Posted: **18 Dec 2014 22:09**

Hi and welcome,

just a quick note from the dev: if nobody comes up with an idea till tomorrow I will add something. It's on my list anyway: list folders based on contained files. Cool feature.

Don

Posted: **18 Dec 2014 22:39**

admin wrote:just a quick note from the dev: if nobody comes up with an idea till tomorrow I will add something. It's on my list anyway: list folders based on contained files. Cool feature.

Indeed, this could render my saveSettings.xys useless. This script does nothing but iterating a folder hierarchy for directories containing a certain file (backup script) and generate a backup job menu. Well, it does some more things, but the essence..

Posted: **19 Dec 2014 00:38**

Something like this?

Code: Select all

    // SearchResultsTab (.ini): 0 = current tab , 1 = new tab , 2 = "search results" tab (locked), 3 = "search results" tab (unlocked)
    $searchSetting = getkey("SearchResultsTab", "General");
    if (!$searchSetting) { $oldPath = "<curpath>"; }

    $sTemplate = <<<>>>
[Find]
Version=3
Mode=0
FullPath=0
Case=0
InclSubs=1
Inverted=0
Fuzzy=0
FollowFolderLinks=0
SelectedLocations=0
WholeWords=0
AutoSync=1
IgnoreDiacritics=0
TypeFilter=0
Mind0=1

[ExcludeFolders2]
Count=2
1=+*\System Volume Information\*
2=+*\$RECYCLE.BIN\*

[Named]
Named="how_decrypt.gif"

[LookIn]
LookIn=""
>>>;

    writefile("<xydata>\FindTemplates\FindCryptolocker.ini", $sTemplate);
    loadsearch "FindCryptolocker", "rle";

    $allFiles = listpane( , , 1, "<crlf>");

    if ($searchSetting) { tab("close", 0); }
    else                { goto $oldPath;   }

    $output = "";
    foreach($file, $allFiles, "<crlf>") {
        $files  = listfolder(getpathcomponent($file, "path"), , 1, "<crlf>");
        $output = $output . $files . "<crlf>";
    }
    $output = formatlist($output, "dentsf", "<crlf>", "!how_decrypt.gif", "f");
    text $output;

It uses a real search template to get the results as quickly as possible...

Posted: **19 Dec 2014 10:36**

Did not test your script since I had to do something else: Added the promised feature, and hey it is cool!

Here is a preview of the change log:

Code: Select all

  +++ Find Files and Quick Search: Added switch /p (think "parent") by which the 
      search will return the parent folders of the matching items.
      Examples:
        readme.txt /p  //return all folders that contain a file readme.txt
        green /Lp      //return all folders that contain a file labeled "green"
        /p             //return all folders that are not empty (= that are parents)
      Notes:
      - The parent switch can be combined with all other switches and all search 
        filters (Name, Size, Date, Attributes, Tags, Contents, Dupes). It even 
        works on a tags database search.
        Note: On a Dupes search with parent switch you can get duplicate folders 
        in the list.
      - With the exception of a Dupes search, the logic takes care that you get 
        no duplicate items in the results.
      - Tip: To run e.g. a Date-filtered search without any Name filter just 
        enter the naked parent switch into the Name field and enable the Name 
        filter:
        /p
      - This is a pretty cool enhancement! And translators will love it since it 
        works without a single new word. :)

Posted: **19 Dec 2014 12:04**

I'll rewrite it once the new beta is out.

Btw, isn't there any pattern for the quick search to find all empty directories?

Posted: **19 Dec 2014 12:44**

No AFAIK.

Posted: **19 Dec 2014 13:20**

Would be pretty cool to have one. System maintenance includes deleting unused empty folders (for me) and an option that finds these in a split of a second... awesome! xD

Posted: **19 Dec 2014 13:28**

Well, I thought so too and just finished adding one. The syntax might appear a bit odd, but the power and speed is there!

Code: Select all

    + SC property enhanced: Added argument "#Empty" to return whether a file or 
      folder is empty or not.
        #Empty      = Emptiness
                      Returned bits:
                        1 = it's a file
                        2 = it's a folder
                        4 = it has contents
                      So, these are the possible results:
                        0 = item not found
                        1 = empty file
                        5 = non-empty file
                        2 = empty folder
                        6 = non-empty folder
      Examples:  
        text property("#Empty");  //defaults to current tree or list item
        text property("#Empty", "E:\Test\funstuff\goodfellas.jpg");
      It can also be used for search (which is the really interesting usage):
        prop:#empty:1   //finds all empty files
        prop:#empty:2   //finds all empty folders
        prop:#empty:5   //finds all non-empty files
        prop:#empty:6   //finds all non-empty folders
        !prop:#empty:2  //finds items apart from empty folders
        :prop:#empty:1 OR 2 //finds all empty files and folders

Posted: **19 Dec 2014 14:06**

This works ONLY with the latest beta from today!

Code: Select all

    // SearchResultsTab (.ini): 0 = current tab , 1 = new tab , 2 = "search results" tab (locked), 3 = "search results" tab (unlocked)
    $searchSetting = getkey("SearchResultsTab", "General");
    if (!$searchSetting) { $oldPath = "<curpath>"; }

    goto "? how_decrypt.gif /p";

    $allFolders = listpane( , , 2, "<crlf>");

    if ($searchSetting) { tab("close", 0); }
    else                { goto $oldPath;   }

    $output = "";
    foreach($folder, $allFolders, "<crlf>") {
        $files  = listfolder($folder, , 1, "<crlf>");
        $output = $output . $files . "<crlf>";
    }
    $output = formatlist($output, "dentsf", "<crlf>", "!how_decrypt.gif", "f");
    text $output;

Posted: **19 Dec 2014 14:15**

The question is: Why do you need a script at all now?

Conc. Find Empty: Just added something much better and easier to use.

Code: Select all

    + Find Files and Quick Search: Added switch /e (think "empty") by which the 
      search will return only empty files (empty = zero bytes) and empty folders 
      (empty = no items contained).
      Examples:
        a* /e       //finds all empty items starting with "a"
        a* /ef      //finds all empty files starting with "a"
        a* /ed      //finds all empty folders starting with "a"

Posted: **19 Dec 2014 14:25**

The question is: Why do you need a script at all now?

He still wants a list of all files in those folders. Even if we can get the list of all folders with one quick search now, we still need to get the files in those folders?

Posted: **19 Dec 2014 14:27**

highend wrote:
The question is: Why do you need a script at all now?
He still wants a list of all files in those folders. Even if we can get the list of all folders with one quick search now, we still need to get the files in those folders?

Ah, I see.

Posted: **19 Dec 2014 14:32**

+ Find Files and Quick Search: Added switch /e (think "empty") by which the
search will return only empty files (empty = zero bytes) and empty folders
(empty = no items contained).
Examples:
a* /e //finds all empty items starting with "a"
a* /ef //finds all empty files starting with "a"
a* /ed //finds all empty folders starting with "a"

Btw, this is MUCH better than the property #empty! Crawling through properties is a rather slow process (if you have a few thousand directories / files). This is waaaay faster, thanks!

Posted: **19 Dec 2014 14:43**

Yep. And "ed" is easy to remember.

XYplorer Beta Club

Enumerate Directories of Files based on another File

Enumerate Directories of Files based on another File

Re: Enumerate Directories of Files based on another File

Re: Enumerate Directories of Files based on another File

Re: Enumerate Directories of Files based on another File

Re: Enumerate Directories of Files based on another File

Re: Enumerate Directories of Files based on another File

Re: Enumerate Directories of Files based on another File

Re: Enumerate Directories of Files based on another File

Re: Enumerate Directories of Files based on another File

Re: Enumerate Directories of Files based on another File

Re: Enumerate Directories of Files based on another File

Re: Enumerate Directories of Files based on another File

Re: Enumerate Directories of Files based on another File

Re: Enumerate Directories of Files based on another File

Re: Enumerate Directories of Files based on another File