是否有可能使用Python编程语言检测是否在 Windows 上创建了新文件?
也许我的问题听起来毫无意义,但我需要这些信息来开发一个程序,可以检测给定的应用程序(可能是病毒或任何其他良性应用程序)是否在我的计算机上创建了新文件。
答案 0 :(得分:0)
检查指定文件夹/驱动器上所有文件的脚本,并检查添加的名称或新文件的更改。
import os
import pickle
from multiprocessing import Process
def scanner(root_dir, output):
temp = set()
#if not os.path.isfile(output): # if output does not exist create it
with open(output, 'a'):
pass
files = os.walk(root_dir) # go through all dirs and sub dirs
for root, dirs, f in files:
if f:
temp.update(f) # add all "f" files to the set
with open(output, 'rb') as data:
if os.path.getsize(output) > 0: # if the file has data, it is not the first run so load and compare
b = pickle.load(data)
print " Deleted files {}".format(b-temp) # if a file name has been changed been deleted
print "Amended or New files {}".format(temp-b) # if a file name has been changed or one added
with open(output, 'wb') as data: # write current files and save to output
pickle.dump(temp, data)
if __name__ == '__main__':
# start process for each drive
p1 = Process(target=scanner, args=("/path1", "data.pickle"))
p1.start()
p2 = Process(target=scanner, args=("/path2", "data1.pickle"))
p2.start()
答案 1 :(得分:-1)
您必须拥有/创建计算机上所有文件的数据库并扫描每个可能的名称(通过char的所有ASCII值然后广告添加或将下一个char增加到合理的长度)以查看它是否如果使用这个,您可以使用比较旧数据库和新数据库来查看更改
修改:这有助于Browse files and subfolders in Python (在C或默认驱动器中搜索所有内容并保存其位置)