minivers icon indicating copy to clipboard operation
minivers copied to clipboard

Published 20 hours ago verified publisher icon guidoreina

Some upgrade request

Open ewedominic opened this issue 6 years ago • 5 comments

Hi. This is Erdem Firstly thanks for this project really its perfect for use. just i want to know some things . for upgrade for this project. i think its will perfect after this changes.

1- how is possible to find process for changed file ? so i want to know witch process traying to change the file. 2. how can i find full path for changed file before change.

if you can help me for this request really i will be very happy. i have search internet for like this solution last 4 month just i find this solution working perfectly.

thanks for everything.

ewedominic avatar Oct 06 '18 18:10 ewedominic

Hello Erdem,

Thank you very much for your feedback :-).

Answering your second question: "how can i find full path for changed file before change.", if you start the DebugView (https://docs.microsoft.com/en-us/sysinternals/downloads/debugview), and enable the kernel capture, you will see the full path before and after the change. This is an example:

Filename: '\Device\HarddiskVolume2\Users\IEUser\Desktop\test.txt', extension: 'txt'.
Copied file '\Device\HarddiskVolume2\Users\IEUser\Desktop\test.txt' -> '\Device\HarddiskVolume2\Users\IEUser\Desktop\test.txt.20181012_051446_373.minivers', filesize: 8.

Or, do you prefer to see something like C:\Users\IEUser\Desktop\test.txt ?

I will work on the first question and see if I can get the process name of the file trying to modify the file.

guidoreina avatar Oct 12 '18 12:10 guidoreina

Hi Erdem, I have implemented the first feature.

guidoreina avatar Oct 12 '18 20:10 guidoreina

Hi guidoreina :) 👍 i dont know your real name thats why i will call u like this :)

Firstly thanks for answer and implement. its will be enougt for full path like "C:\Users\IEUser\Desktop\test.txt". and i have an idea for this application. if u can do this i think will be better good if its possible.

Normally application is working when file have change then getting a copy to same directory with old data. i have to say this its really perfect project... :) 👍 please try this when file opening get a copy file to same directory. i think it will get some problem so will many file in folder but i think possible to check file is changed or not. Mybe for this possible to use CRC32 Code comparison with copied file between changed file. So File > Opened > Copy File Before Change > Comparison File New Copied File Between Changed File.

i know i want to so much thing.

And if possible give me or send me an email for direct message please. i have some nice idea for work. i will wait impatiently your answer. Again thank you so very much for answer and for this solution my friend have nice day.

my mail is : [email protected] Erdem

ewedominic avatar Oct 13 '18 16:10 ewedominic

I have read that there might not be a drive letter which maps to a volume and that there might be multiple drive letters which map to the same volume: https://community.osr.com/discussion/203953 They don't recommend to do that.

It would be overkill for a driver to compare the MD5 of the file before and after the change, every time a file is changed, I think it would be better if you perform that operation from a program running in user-mode.

guidoreina avatar Oct 15 '18 11:10 guidoreina

i see. U are right i think MD5 will better good for this progress. i have some idea for upgradet his solution but i dont know what do youy think for this. Because i think its will perfect after upgrade. this solution perfect for recovery listed extention files. But i have a plan for catch and kill any ransomware attack. Just i dont know possible to the include this solution or need to create new solution for this.

am sorry for my english is not good.

ewedominic avatar Oct 15 '18 11:10 ewedominic