Tags:




NTFS folder timestamp metadata
September 11, 2008 4:10 PM   RSS feed for this thread Subscribe

In NTFS if you have a file at the bottom of a directory tree like c:\a\b\c\d\file.txt and the file is modified (thereby changing the time/date stamp on the file) is there some way of detecting that by looking at information (err metadata?) in the folder node itself - in other words does NTFS flag a folder as containing items that have changed. Because right now it seems like the timestamp for d\ is fixed at the time it was first created and does not change when its contents change. We want to write a program that will let us know that we should look in some folder because it knows something changed in there. we want to have to avoid drilling down and looking at the files because there are jazillions of them.

Oh and it needs to be agentless - no tripwire
posted by Barrows to computers & internet (6 comments total)
The ReadDirectoryChangesW function has a bWatchSubtree flag that specifies that you want to look for changes in an entire directory tree.
posted by zsazsa at 4:23 PM on September 11, 2008


NTFS does propagate modification dates up the tree, unless it has been configured not to do so (there's a registry key for it, which some people set because it speeds up their computer very slightly). I don't know enough about Windows programming to know how you have to go about using this feature programmatically, though.
posted by kindall at 5:25 PM on September 11, 2008


The .NET framework also has this capability in System.IO.FileSystemWatcher.
posted by phrayzee at 8:17 PM on September 11, 2008


Because right now it seems like the timestamp for d\ is fixed at the time it was first created and does not change when its contents change.

That appears to be correct. If you look at the documentation for WIN32_FILE_ATTRIBUTE_DATA it says this about ftLastWriteTime:

A FILETIME structure.

For a file, the structure specifies when the file is last written to.

For a directory, the structure specifies when the directory is created.

If the underlying file system does not support last write time, this member is zero (0).

The best way to do this is to use ReadDirectoryChangesW as zsazsa says, or use the .NET routine as phrayzee points out. I'd go with the latter, but that's because I never use C/C++ in Windows anymore unless I have to.

If you were on OS X I'd suggest using the Metadata Framework (aka, Spotlight). Don't know if Windows has something similar.
posted by sbutler at 8:39 PM on September 11, 2008


And, to cover all the language bases, there's JNotify for Java, which wraps ReadDirectoryChangesW on Windows and inotify on Linux.
posted by zsazsa at 10:47 PM on September 11, 2008


The directory timestamp actually updates when a change is made to the directory rather than an object inside it, which makes watching directory timestamps the wrong approach to what you want to do. Windows has a function that does exactly what you want, and zsazsa has linked to it. Use that.
posted by flabdablet at 1:16 AM on September 12, 2008


« Older Hey guys. I love the wallpaper...   |   For a 23 year-old male, what c... Newer »
This thread is closed to new comments.