-
1
- #1
I've just finished a small project which in principle is similar to the System File Checker. Instead of using CRC32, as does SFC, I've implemented the MD5 hashing algorithm to create a signature for a pre-defined list of files. The file paths and signatures are held in the registry and on a Restart/Shutdown the current files have their signature computed and are compared with those in the registry. If any signatures fail a match we can abort the Restart/Shutdown and investigate.
At the moment the list is:
C:\WINDOWS\System.ini
C:\WINDOWS\win.ini
C:\AUTOEXEC.BAT
C:\CONFIG.SYS
C:\MSDOS.SYS
C:\WINDOWS\PROTOCOL.INI
C:\WINDOWS\Application Data\Microsoft\Templates\Normal.dot
C:\WINDOWS\SYSTEM\msconfig.exe
C:\WINDOWS\SYSTEM\VMM32.VXD
c:\windows\fonts\desktop.ini
C:\WINDOWS\SYSTEM\FONTEXT.DLL
C:\WINDOWS\HIMEM.SYS
C:\WINDOWS\WIN.COM
C:\DOSSTART.BAT
C:\IO.SYS
C:\WINDOWS\RUNDLL32.EXE
The time taken to verify the above is less than 200ms on my 600MHz system.
Obviously, many files can bring us grief during a boot but I've simply included those which I've seen mentioned on forums, at MSKB and some I reckoned myself.
System.ini and Win.ini are not carved in stone so we will be alerted on innocuous alterations. I can live with that after seeing a member of another forum find that she had a corrupted System.ini and all copys in the rb0nn.cab files were also corrupted.
Can anyone think of any other files to include in this 'critical' list.
Thanks in anticpation
deltarho
At the moment the list is:
C:\WINDOWS\System.ini
C:\WINDOWS\win.ini
C:\AUTOEXEC.BAT
C:\CONFIG.SYS
C:\MSDOS.SYS
C:\WINDOWS\PROTOCOL.INI
C:\WINDOWS\Application Data\Microsoft\Templates\Normal.dot
C:\WINDOWS\SYSTEM\msconfig.exe
C:\WINDOWS\SYSTEM\VMM32.VXD
c:\windows\fonts\desktop.ini
C:\WINDOWS\SYSTEM\FONTEXT.DLL
C:\WINDOWS\HIMEM.SYS
C:\WINDOWS\WIN.COM
C:\DOSSTART.BAT
C:\IO.SYS
C:\WINDOWS\RUNDLL32.EXE
The time taken to verify the above is less than 200ms on my 600MHz system.
Obviously, many files can bring us grief during a boot but I've simply included those which I've seen mentioned on forums, at MSKB and some I reckoned myself.
System.ini and Win.ini are not carved in stone so we will be alerted on innocuous alterations. I can live with that after seeing a member of another forum find that she had a corrupted System.ini and all copys in the rb0nn.cab files were also corrupted.
Can anyone think of any other files to include in this 'critical' list.
Thanks in anticpation
deltarho
