NTFS folder timestamp metadata
September 11, 2008 4:10 PM Subscribe
In NTFS if you have a file at the bottom of a directory tree like c:\a\b\c\d\file.txt and the file is modified (thereby changing the time/date stamp on the file) is there some way of detecting that by looking at information (err metadata?) in the folder node itself - in other words does NTFS flag a folder as containing items that have changed. Because right now it seems like the timestamp for d\ is fixed at the time it was first created and does not change when its contents change.
We want to write a program that will let us know that we should look in some folder because it knows something changed in there. we want to have to avoid drilling down and looking at the files because there are jazillions of them.
Oh and it needs to be agentless - no tripwire
Oh and it needs to be agentless - no tripwire
NTFS does propagate modification dates up the tree, unless it has been configured not to do so (there's a registry key for it, which some people set because it speeds up their computer very slightly). I don't know enough about Windows programming to know how you have to go about using this feature programmatically, though.
posted by kindall at 5:25 PM on September 11, 2008
posted by kindall at 5:25 PM on September 11, 2008
The .NET framework also has this capability in System.IO.FileSystemWatcher.
posted by phrayzee at 8:17 PM on September 11, 2008
posted by phrayzee at 8:17 PM on September 11, 2008
Because right now it seems like the timestamp for d\ is fixed at the time it was first created and does not change when its contents change.
That appears to be correct. If you look at the documentation for WIN32_FILE_ATTRIBUTE_DATA it says this about ftLastWriteTime:
A FILETIME structure.
For a file, the structure specifies when the file is last written to.
For a directory, the structure specifies when the directory is created.
If the underlying file system does not support last write time, this member is zero (0).
The best way to do this is to use ReadDirectoryChangesW as zsazsa says, or use the .NET routine as phrayzee points out. I'd go with the latter, but that's because I never use C/C++ in Windows anymore unless I have to.
If you were on OS X I'd suggest using the Metadata Framework (aka, Spotlight). Don't know if Windows has something similar.
posted by sbutler at 8:39 PM on September 11, 2008
That appears to be correct. If you look at the documentation for WIN32_FILE_ATTRIBUTE_DATA it says this about ftLastWriteTime:
A FILETIME structure.
For a file, the structure specifies when the file is last written to.
For a directory, the structure specifies when the directory is created.
If the underlying file system does not support last write time, this member is zero (0).
The best way to do this is to use ReadDirectoryChangesW as zsazsa says, or use the .NET routine as phrayzee points out. I'd go with the latter, but that's because I never use C/C++ in Windows anymore unless I have to.
If you were on OS X I'd suggest using the Metadata Framework (aka, Spotlight). Don't know if Windows has something similar.
posted by sbutler at 8:39 PM on September 11, 2008
And, to cover all the language bases, there's JNotify for Java, which wraps ReadDirectoryChangesW on Windows and inotify on Linux.
posted by zsazsa at 10:47 PM on September 11, 2008
posted by zsazsa at 10:47 PM on September 11, 2008
The directory timestamp actually updates when a change is made to the directory rather than an object inside it, which makes watching directory timestamps the wrong approach to what you want to do. Windows has a function that does exactly what you want, and zsazsa has linked to it. Use that.
posted by flabdablet at 1:16 AM on September 12, 2008
posted by flabdablet at 1:16 AM on September 12, 2008
« Older How do i go about downloading every wallpaper from... | Answer this and help me stay fashionable. Newer »
This thread is closed to new comments.
posted by zsazsa at 4:23 PM on September 11, 2008