Finding hidden files

[jj2007]

Just made scandisk of a USB stick and found to my surprise 17 hidden files in the scandisk report ::)

So I hacked together a little proggie that lists all hidden files for a given folder and its subfolders. That can be an entire drive, too - just drag either the drive icon or the folder over the exe. Here is the source:

include \masm32\MasmBasic\MasmBasic.inc      ; download
  Init
  GfCallback cbGetFiles
  .if CL$(?)
      Let esi=Utf8$(wCL$())
      .if Asc(Right$(esi))!="\"
            Let esi=esi+"\"
      .endif
      Let esi=esi+"*"
  .else
      Let esi=CurDir$()+"*"
  .endif
  PrintLine "Searching [", esi, "] for hidden files"
  GetFiles esi
  PrintLine Str$("\n%i hidden files found in ", eax), esi
  SortFiles
  For_ ecx=0 To eax-1      ; print the results
      PrintLine Str$(GfSize(ecx)), Tb$, GfDate$(ecx), Spc2$, GfTime$(ecx), Tb$, Files$(ecx)
  Next
  Inkey "--- hit any key ---"
  Exit
cbGetFiles:
      test edx, 127      ; file or folder counter
      .if Zero?
            Print "*"      ; console mode progress bar ;-)
      .endif
      xor ecx, ecx
      test [ebx.WIN32_FIND_DATAW].dwFileAttributes, FILE_ATTRIBUTE_HIDDEN
      .if Zero?
            sub ecx, 111      ; exclude all non-hidden files
      .endif
      ret
EndOfCode

Typical output:
22 hidden files found in \Masm32\*
475805  09.11.2016  02:11:08    \Masm32\RichMasm\Help\WIN32.GID
8628    25.10.2016  12:04:02    \Masm32\RichMasm\Help\opcodes.GID
8628    18.10.2016  15:03:13    \Masm32\RichMasm\Help\fphelp.GID
234232  03.09.2016  11:54:55    \Masm32\help\xhelp\win32.GID
8628    27.06.2016  09:17:22    \Masm32\RichMasm\Help\hlhelp.GID
16826   27.06.2016  09:17:14    \Masm32\RichMasm\Help\masmlib.GID

Full project is attached, with an option to see the saved files in your text editor - important if you want to see Unicode file names properly; the console can handle e.g. Russian if the Lucida font is set, but Asian fonts are notoriously difficult to display.

[Magnum]

Code Select Expand

A hidden Windows 95 configuration file, ending with a .gid extension, used by the Windows Help system. The first time you open a Windows help file, the Help system analyzes the file and creates an associated GID file that helps speed up access to help file topics. You can delete a GID file without harming your system, but Windows will automatically recreate the file next time you open the corresponding help file.

I saw gid files with XP.

[hutch--]

Do you settings correctly and you can view all hidden files. As Andy has said, GID files have been with us as long as Winhelp format help files.

[jj2007]

Do you settings correctly and you can view all hidden files.

Sure. Show me the setting that displays only the hidden files 8)

Code Select Expand

Searching [C:\Program Files\*] for hidden files
*********************************************************************************************************
*********************************************************************************************************
*********************************************************************************************************
*********************************************
10 hidden files found in C:\Program Files\*
89      14.10.2011  05:09:29    C:\Program Files\Microsoft Games\Chess\desktop.ini
95      14.10.2011  05:09:29    C:\Program Files\Microsoft Games\Mahjong\desktop.ini
645     14.07.2009  07:32:31    C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini
108     14.07.2009  06:57:12    C:\Program Files\Microsoft Games\Purble Place\desktop.ini
119     14.07.2009  06:57:12    C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini
92      14.07.2009  06:57:12    C:\Program Files\Microsoft Games\Hearts\desktop.ini
101     14.07.2009  06:55:01    C:\Program Files\Microsoft Games\Solitaire\desktop.ini
98      14.07.2009  06:55:00    C:\Program Files\Microsoft Games\FreeCell\desktop.ini
174     14.07.2009  06:54:24    C:\Program Files\desktop.ini
398848  14.07.2009  03:39:53    C:\Program Files\Windows Mail\WinMail.exe

That was the tiny 64-bit folder. Here is the 32-bit result:
61 hidden files found in C:\Program Files (x86)\* (among a total of 153009 files)

[sinsi]

>Sure. Show me the setting that displays only the hidden files 8)

dir/ah-d/s

[jj2007]

Right, you could do it from a DOS prompt :icon14:

When Hutch wrote "settings", I read "Explorer settings". Anyway, it's just a demo how to pick files programmatically from a GetFiles stream.

[sinsi]

Settings

[jj2007]

Sinsi, I've seen that dialog before, occasionally. Point is that you can't tell it "show me only the suspect files", let alone "highlight the 0.04% hidden files among my 153009 files in C:\Program Files (x86)".

That is why I added GfCallback to the GetFiles command, so that a coder can programmatically decide if a file, for whatever reason (e.g. GfSize, GfAgexxx), should be included in the Files$() array.

[sinsi]

Suspect? In what way?

[anunitu]

I think JJ may be referring to perhaps "Dropped" files as in a File dropper "infected file" perhaps from spyware or even adwarIs that what you meant JJ?

[jj2007]

Is that what you meant JJ?

Indeed. There is no good reason imho why a file should hide somewhere at level 6 of C:\Program Files 8)