Results 1 to 10 of 10
  1. #1
    New Lounger
    Join Date
    Mar 2012
    Posts
    19
    Thanks
    0
    Thanked 4 Times in 2 Posts

    Win7 how to display military time and seconds in a DIR command?

    Hardware/Software
    . existing HP notebook with Win7 32bit

    Symptoms
    . to diagnose a virus attack, it helps to know, to the second, when a file
    appears. With only a sorted ADMIN DIR output B 4 the restore, it could
    only log to the minute. Tho I eventually saw the files it created, seconds
    are more accurate in tracking the events THAT AREN'T SUPPRESSED!

    Attempts to address
    . many; ...

    ... DIR; looked in help, tried /t? w/DIRCMD, searched around; nothing.

    ... explorer/prop just said "within x hours", eventually (days/weeks?)
    showing the second. HARDLY USEFUL AT THE TIME!!

    ... powershell.exe looked promising:

    1. Get-ChildItem -Path C:\xxx -Recurse -Include *.pad >c:\DAD\temp\PWR.txt
    Directory: C:\xxx
    Mode LastWriteTime Length Name
    ---- ------------- ------ ----
    -a--- 11/2/2012 7:19 AM 83023306 netdislw.pad
    This infected possible data collection file is apx 99% trailing NULLS (00h).

    ...... unfortunately, when I specify just the root DIR, it gets many
    'denied' msgs, even under ADMIN, & quits B 4 it gives the answer. Perhaps
    there's some limit somewhere that could be increased to allow an answer.
    ...... further, the date doesn't line up (so can't use sort), is not
    military time (sort again) and no seconds, and I really won't know what
    I'm looking for unless/until it happens. Perhaps a script could be
    modified/created somehow to do this and print a fixed-column TOD w/seconds.
    ...... also, if I make some kind of error (ie: looking for *.xyz), it just
    says nothing, even w/no REDIR O/P; no clue on what to fix. Even running as
    ADMIN fails. Perhaps it says nothing because there are no DSNs.

    2. (Get-Item C:\xxx\netdislw.pad).lastwritetime.timeofday
    Days : 0
    Hours : 7
    Minutes : 19
    Seconds : 30
    Milliseconds : 872
    ...... at least HERE it shows the seconds & more, so, if the DSN still
    exists after running rstrui.exe, it could be used. I used this to
    verify my new program (below).


    Solution

    FINALLY addressed it after an all-nighter !!!!!!

    I wrote an MASM assembler program using INT21h/4E&Fh with an IBM
    mainframe/server flavor (a la VSAM) to chain, then swap multiple "active"
    DTA requests per DIR (like RPLs after POINTs), looking for DSNs/DIRs having a
    current date. Using CMSort.exe w/the thousand or so I get daily, I make a
    .txt file, for example, sorted to the descending second, which runs surprisingly
    quick (<1min tho very CPU-intensive w/many PROCMON entries) against the root
    drive:

    2012/12/17 14:57:22 0000015181 CMSORT.BAT C:\DAD\CMSORT\*.*

    There is an architected 2-second max discrepency since the # of seconds
    provided is / 2. However, that's 30x closer than DIR can provide.
    Further, in some instances, for some reason, I'm only provided a CREATE TOD,
    as opposed to the typical TIME-LAST-MODIFIED. Finally, by sorting seconds
    (or any column), I can find any "invalid" (ie: "already infected") values.


    I'd like to hear any other solutions anyone else found for this issue...

  2. #2
    New Lounger
    Join Date
    Mar 2012
    Posts
    19
    Thanks
    0
    Thanked 4 Times in 2 Posts

    DSNTODAY system now available

    For anyone interested, my program is available here:

    http://users.foxvalley.net/~qcd/index4.htm

    If your platform is x86 and supports the Win32 API,
    download the .zip file to a DIRectory and extract it,
    then either double-click the .BAT file using Explorer,
    or use cmd.exe (the .BAT has the doc). In about a minute
    or so, the console window should PAUSE with this message:
    date&time 32bit Good: DSNTODAY=0,CMSort=N/A ...
    but the .log file in your extracted DIR now shows all the
    "non-System" files updated today on your C: drive in
    "alphabetical" order. The first run may have to perform
    disk I/O, but still should run in less than a minute.
    This "N/A" failure is just until the .BAT file knows about
    CMSort, when the file can be sorted by descending date&time.
    You can also change the last statement and "remove the rem"
    and just leave the PAUSE at the end, to see any other type
    of failure other than described above (I've had a few).

    This is kinda what I was expecting PowerShell to do.
    An issue with a DIR /o-d is that it doesn't span directories.
    I set this up to AUTOMATICALLY and SILENTLY run at intervals
    with Task Scheduler, showing files&DIRs updated today;
    you can decide whether to append or over-write the log file
    whenever and however you decide to run it.

    Perhaps businesses that offer guests Internet access would
    find this beneficial for both, or for parents monitoring what
    their children surf to, or for anyone that got infected to
    easily find the bogus file(s) and when they were implanted,
    or to find ANY files that have a logically-bogus date&time.

    Have fun...

    NOTE: CMSort.exe can be downloaded from here:
    http://www.chmaas.handshake.de/delph...ort/cmsort.htm

  3. #3
    New Lounger
    Join Date
    Mar 2012
    Posts
    19
    Thanks
    0
    Thanked 4 Times in 2 Posts

    watch for any recently implanted executables

    I added an option to watch for any executable files that were recently implanted,
    based on the PATHEXT Environment Variable, plus a few more. This means that, for
    example, if a file, such as a .dll, a .lnk, a .exe, or more, is CREATED by a trojan,
    even if its' attributes are System and/or Hidden, I'll now see them within 5 minutes
    (the minimum time allowed by Windows Task Scheduler), and the sort places them at
    the top. This now replaces what I used to do manually every day using multiple
    sorted ADMIN DIR outputs for monitoring executables, while the regular run monitors
    any other files that are UPDATED.

  4. #4
    New Lounger
    Join Date
    Mar 2012
    Posts
    19
    Thanks
    0
    Thanked 4 Times in 2 Posts
    I added an external monitor that will beep within 5 minutes whenever an executable
    is detected with the current date. This way, even when surfing under the GUEST LID,
    I can use audio cues to keep track of my system...

  5. #5
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,414
    Thanks
    33
    Thanked 195 Times in 175 Posts
    I find the simplest way to display the 24-hour clock in times is to live in a country/locale where this time format is the default for Windows computer displays!
    BATcher

    Time prevents everything happening all at once...

  6. #6
    5 Star Lounger petesmst's Avatar
    Join Date
    Dec 2009
    Location
    Cape Town, South Africa
    Posts
    790
    Thanks
    38
    Thanked 43 Times in 33 Posts
    @BATcher: What an excellent and concise response/recommendation!! (Made my day!)
    (My Setup: Custom built: 4.00GHz Intel Core i7-6700K CPU; MSI Z170A Gaming Carbon Motherboard (Military Class III); Win 10 Pro (64 bit)-(UEFI-booted); 16GB RAM; 512GB SAMSUNG SD850 PRO SSD; 120GB SAMSUNG 840 SSD; Seagate 2TB Barracuda SATA6G HDD; 2 X GeForceGTX 1070 8GB Graphics Card (SLI); Office 2013 Prof (32-bit); MS Project 2013 (32-bit); Acronis TI 2017 Premium, Norton Internet Security, VMWare Workstation12 Pro). WD My Book 3 1TB USB External Backup Drive). Samsung 24" Curved HD Monitor.

  7. #7
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,414
    Thanks
    33
    Thanked 195 Times in 175 Posts
    Thank you - it was intended to be amusing, but was absolutely no help at all to the OP...
    BATcher

    Time prevents everything happening all at once...

  8. #8
    5 Star Lounger petesmst's Avatar
    Join Date
    Dec 2009
    Location
    Cape Town, South Africa
    Posts
    790
    Thanks
    38
    Thanked 43 Times in 33 Posts
    @BATcher: You succeeded admirably!
    (My Setup: Custom built: 4.00GHz Intel Core i7-6700K CPU; MSI Z170A Gaming Carbon Motherboard (Military Class III); Win 10 Pro (64 bit)-(UEFI-booted); 16GB RAM; 512GB SAMSUNG SD850 PRO SSD; 120GB SAMSUNG 840 SSD; Seagate 2TB Barracuda SATA6G HDD; 2 X GeForceGTX 1070 8GB Graphics Card (SLI); Office 2013 Prof (32-bit); MS Project 2013 (32-bit); Acronis TI 2017 Premium, Norton Internet Security, VMWare Workstation12 Pro). WD My Book 3 1TB USB External Backup Drive). Samsung 24" Curved HD Monitor.

  9. #9
    New Lounger
    Join Date
    Mar 2012
    Posts
    19
    Thanks
    0
    Thanked 4 Times in 2 Posts
    Are you just joking? I tried changing the time zone a long time ago, and tho
    the time actually changes in DIR's output, the format does NOT. I had also
    tried Region and Language (ie: UK, Germany, Poland, Singapore), add'l settings,
    and played with various Date and Time formats; again, the actual time changed
    (some were military time as you indicated), but not the format: DIR stubbornly
    remains the same.

    Is there a way to actually get DIR to show seconds or not? It seems to only
    show the Short time, which does NOT show seconds. If I can somehow tell DIR to use
    the Long time, then perhaps seconds would finally show...

  10. #10
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,414
    Thanks
    33
    Thanked 195 Times in 175 Posts
    No, DIR does not give seconds in the File Modified time which it produces on screen, only hh:mm format (here in the UK). As far as I remember (which isn't far!), this hasn't been changed since the days of PC-DOS / MS-DOS. It was a design decision, I assume.

    There will undoubtedly be free and paid-for third-party utilities available which would display hh:mm:ss, but I don't use any of them so can't suggest any.
    BATcher

    Time prevents everything happening all at once...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •