Category : Pascal Source Code
Archive   : FILECRC.ZIP
Filename : FILECRC.DOC

 
Output of file : FILECRC.DOC contained in archive : FILECRC.ZIP


FILECRC

30 May 1988
Ted H. Emigh


FILECRC is a program to help detect when files have been
corrupted. FILECRC creates a list of all the files on the
default drive along with creation date, file size, and a CRC
(cyclic redundancy check) for each file. When FILECRC is run at
a later time, it creates a new list. COMPARE compares this new
list to the old list. For any file, it is possible that:

1) The file is completely unchanged from the previous time.
The file name (and directory entry) are the same at the two
times, and it has not been modified. Files of this sort are
counted.

2) The file has been modified in the normal manner, so that the
directory entry has a new time of creation. Files of this
sort are counted and their names are put in the file
FILES$$$.UPD.

3) The file has been deleted in the time since the first time
FILECRC was run. Files of this sort are counted and their
names are put in the file FILES$$$.DEL.

4) A new file has appeared that was not on the disk at the time
of the previous run of FILECRC. Files of this sort are
counted, and a list is placed in the file FILES$$$.NEW.
While it is usual to find new files on the disk, this gives
an easy way to keep track of what files are new, and where
they are located. This is important when using public
domain programs to make sure they are not creating new files
without you knowing about it. If a file is moved from one
directory to another, then it will appear on both lists
FILES$$$.DEL and FILES$$$.NEW.

5) The directory entry for a file is the same for both of the
times the program was run, but the file was modified in some
way. This should not occur in normal practice, so the
program writes a message to the terminal, and a list of
these files is placed in the file FILES$$$.MOD. This can
occur when you use NORTON UTILITIES, or other such programs
to modify the disk directly, bypassing the normal DOS
handling of the files. It also can happen when programs
'run wild' (this is what prompted me to write this program
in the first place).

6) In addition, there are several files that are so important
to your computer that you need to know if they are changed
in any way. I call these sensitive files, and if any are
changed, you are alerted. Their names can be found in the
file FILECRC.OUT.

Running the program prior to each backup will assure you
that you are not backing up files that have been corrupted.
Also, in program development, running the program before and
after a test run of your program can assure you that your program
has not messed up the disk.


RUNNING FILECRC

There are four files associated with FILECRC:
FILECRC.COM -- Calculates CRCs for all files on the default disk.
COMPARE.COM -- Compares CRCs from successive runs of FILECRC.
SENSITIV -- A list of all the sensitive files.
CRC.BAT -- A batch file for running FILECRC and COMPARE.

FILECRC

FILECRC is run without command line parameters. It will
create CHECK$$$.NEW (or CHECK$$$.CRC if the file does not exist
in the default directory), which is a list of all the files on
the default disk in all directories, along with their attribute,
date and time of creation, size, and CRC. FILECRC displays the
directory names as it goes through them. If you wish to compare
the files to a previous run of FILECRC, you need to run COMPARE.

COMPARE [NEWLIST.FIL [OLDLIST.FIL]]

Compare will compare the files in CHECK$$$.NEW with those in
CHECK$$$.CRC, noting any differences. When COMPARE is finished,
the old file list now will be called CHECK$$$.OLD, and the newly
created one will be called CHECK$$$.CRC. If NEWLIST.FIL is
given, this will be used instead of CHECK$$$.NEW, and, if given,
OLDLIST.FIL will be used instead of CHECK$$$.CRC. For example,
COMPARE CHECK
will check the file CHECK with CHECK$$$.CRC. If any command line
files are given, then CHECK$$$.CRC will not be renamed.

SENSITIV is a file which contains the names of all the files
which you consider to be sensitive (up to 30 files, in the
distributed version). Compare will alert you of ANY changes in
the files listed in SENSITIV. They must be in the specific
format:
DRIVE:\PATH\FILENAME
with one file per line, all in capitals. (The format of SENSITIV
is NOT the same as for CHECK$$$.CRC). My SENSITIV file looks
like:

C:\AUTOEXEC.BAT
C:\COMMAND.COM
C:\CONFIG.SYS
C:\IBMBIO.COM
C:\IBMDOS.COM
C:\BIN\BOOT\NANSI.SYS
C:\BIN\BOOT\FASTDISK.SYS
C:\BIN\BOOT\RCD.SYS
C:\USR\LOCAL\BIN\WATCH
C:\USR\BIN\SEARCH
C:\USR\LOCAL\BIN\TIMEPARK
C:\USR\BIN\HGC
C:\BIN\MODE
C:\USR\BIN\SUPERSPL
C:\USR\LOCAL\BIN\FMARK

You should include in this list all files which you consider
particularly important, and which ANY change may compromise your
computer. I include all my files that are used at boot time, as
well as any TSR (Terminate and Stay Resident) programs that I
use.


Several files are created by COMPARE:

1) FILES$$$.NEW A list of the names of the newly created
files.
2) FILES$$$.DEL A list of the names of the deleted files.
3) FILES$$$.UPD A list of the names of files that were
updated in the "normal" DOS manner.
4) FILES$$$.MOD A list of the names of files that have been
modified in a "NON DOS" manner.
5) FILECRC.OUT A file containing the output of COMPARE --
This lists all the changes in the SENSITIVE files and all
files modified in a "NON DOS" manner, as well as summary
statistics.


USING FILECRC TO PROTECT AGAINST VIRUSES

If you plan to use FILECRC to help in the detection of
damage done by viruses, you need to make sure you start with a
clean disk. Erase all the files on the disk (de-installing any
commercial software you may have), FORMAT the disk and put on
clean system files from your DOS distribution disks. Copy all
the DOS files you use from the distribution disk and reboot the
system. Reinstall all your commercial or "safe" software from
the original distribution disks. Run FILECRC and COMPARE a
couple of times during the process.
To "check out" a new piece of software, run FILECRC and
COMPARE; then run your new software; finally, run FILECRC and
COMPARE again. Look at ALL the FILES$$$ lists, to make sure the
software is not changing files it shouldn't be touching. Run
FILECRC and COMPARE periodically and look at the FILES$$$.UPD
list.

Notice: Due to a "feature" in Turbo Pascal 3.0, each file
being checked is opened for reading and writing, even though the
program only reads the file. This will set off alarms on some
virus detection programs. In addition, the file attributes are
changed, then restored. This may also set off some alarms.

Remember that FILECRC and COMPARE are useful only if run
often. If you plan to make changes to files listed in SENSITIV,
then run FILECRC/COMPARE before changing them. Then change the
files. Finally, run FILECRC/COMPARE again to "register" their
new CRCs.

To help to protect against viruses aimed specifically at
this program -- you will need to change the value of POLY in
FILECRC.PAS and COMPARE.PAS. If you know what CRC is computed to
check for viruses, you can make your virus modify the file and
maintain the same CRC. If everyone uses their own CRC, then a
virus aimed at this program will not work.


PROGRAMMING NOTES


FILECRC is written in Pascal and compiled with Turbo Pascal,
Version 3.0 for MSDOS. It has been tested on an IBM PC/AT using
DOS 3.10. This program is not meant to represent the epitome of
programming skill, but it works. Any improvements and
suggestions are welcome, particularly if you can improve the
speed. On my PC/AT with some 860 files occupying 16.5MB the
program takes about 5-1/4 minutes to complete. I am convinced
that FILECRC.COM cannot be improved significantly on speed (take
that as a challenge, if you wish), but COMPARE.COM is relatively
inefficient (but then of the 5-1/4 minutes, about 5 minutes are
spent in FILECRC.COM). Programming notes in the programs are
sparse, but I specifically set separate routines for handling
each of the file comparison types in COMPARE (use the procedures
file_new, file_deleted, file_updated, file_OK, and bad_CRC if you
would like to do something special for each file comparison
type). The procedure sensitive checks to see if changed files
are in the sensitive list.

FILECRC will work with any number of files or directories.
As written, COMPARE has a maximum of 200 directories and 1750
files with any number of files within any particular directory.
The maximum length of the directory name string is 64 characters.
I have used the program on subdirectories up to 10 levels deep
without any problems. These values for the number of directories
and the number of files uses up just about as much memory as
TURBO Pascal allows, so an increase in these numbers would
necessitate a redesign of the program.

To increase speed, check for ^C is only done once per directory.
Special thanks go to David Dantowitz of Digital Equipment
Corporation (Dantowitz%[email protected]) for providing the CRC
routines (generate_table_256 and crc_string_256) and the routines
for getting a directory (get_DTA, set_DTA, find_first, and
find_next). Of course, he takes no responsibility for the way I
used his code.


Ted H. Emigh
Department of Genetics
North Carolina State University
Box 7614
Raleigh, NC 27695-7614

[email protected]
[email protected]
[email protected]

Contact me at one of the above addresses if you would like to get
a "clean" copy.