Page 1 of 2
Search for files that contain the $ symbol
Posted: 16 Jun 2017 01:26
by balubeto
Hi
In a Windows 10 v1703 Command Prompt window, I noticed that if I write dir "C:\$Windows.~BT" /A:DH /B /S, Windows does not find any files; While if I write dir "C:\?Windows.~BT" /A:DH /B /S, it finds the files.
So, how do I search for the $Windows.~BT directories without using the ? wildcard?
Thanks
Bye
Re: Search for files that contain the $ symbol
Posted: 16 Jun 2017 02:59
by Compo
Why are you searching for it,
(moreso why are you using DIR to search)?
What happens if you check for it's existence another way?
Code: Select all
IF EXIST "C:\$Windows.~BT\" (ECHO Directory exists) ELSE ECHO Directory does not exist
Re: Search for files that contain the $ symbol
Posted: 16 Jun 2017 04:09
by balubeto
Compo wrote:Why are you searching for it,
(moreso why are you using DIR to search)?
What happens if you check for it's existence another way?
Code: Select all
IF EXIST "C:\$Windows.~BT\" (ECHO Directory exists) ELSE ECHO Directory does not exist
I should find a command that searches this hidden directory in all the disk and displays all these directories found with their paths. So, how should I do this?
Thanks
Bye
Re: Search for files that contain the $ symbol
Posted: 16 Jun 2017 05:02
by Compo
My expectation is that you answer my question; until then any further questions will be ignored.
Thanks
Bye
Re: Search for files that contain the $ symbol
Posted: 16 Jun 2017 09:49
by balubeto
Compo wrote:My expectation is that you answer my question; until then any further questions will be ignored.
Thanks
Bye
In other words, I should scan a hard disk to find all the $Windows.~BT hidden directories and display them with their path. So, how should I create this list on the screen?
Thanks
Bye
Re: Search for files that contain the $ symbol
Posted: 16 Jun 2017 12:18
by Compo
Compo wrote:What happens if you check for it's existence another way?
Code: Select all
IF EXIST "C:\$Windows.~BT\" (ECHO Directory exists) ELSE ECHO Directory does not exist
Thanks
Bye
Re: Search for files that contain the $ symbol
Posted: 16 Jun 2017 16:24
by ShadowThief
I don't have a C:\$Windows.~BT folder (because I upgraded to Windows 10 forever ago), but based on my experiments with C:\$GetCurrent and C:\$Recycle.Bin, it sounds like you simply don't have any hidden directories in your target path. Just remove /A:DH from your command.
Re: Search for files that contain the $ symbol
Posted: 16 Jun 2017 20:28
by Hackoo
I don't know if this can be done with the command
Where : To locate and display files in a directory tree
WHERE (Windows 2003 + )
Locate and display files in a directory tree.
The WHERE command is roughly equivalent to the UNIX 'which' command. By default, the search is done in the current directory and in the PATH.
Syntax
WHERE [/r Dir] [/q] [/f] [/t] Pattern ...
WHERE [/q] [/f] [/t] [$ENV:Pattern
key
/r A recursive search, starting with the specified Dir directory.
/q Don’t display the files but return either an exit code of 0 for success
or 1 for failure.
/f Display the output file name in quotation marks.
/t Display the size, time stamp, and date stamp of the file.
pattern The Drive\Directory\file, or set of files to be found.
you can use wildcard characters ( ? * ) and UNC paths.
ENV Path to search where ENV is an existing environment variable containing one or more paths.
By default, WHERE searches the current directory and the paths specified in the PATH environment variable. Optional search paths (in pattern) should not be used in conjunction with /r Dir.
Re: Search for files that contain the $ symbol
Posted: 17 Jun 2017 04:27
by penpen
I'm not fully sure, but i think balubeto doesn't search for files in the typical sense (although he mentioned "files"), because he wrote:
balubeto wrote:dir "C:\?Windows.~BT" /A:DH /B /S, it finds the files.
This command searches for directories only.
Directories are also file objects, so his wording is not wrong in this sense.
If the command "dir "C:\$Windows.~BT" /A:DH /B /S" doesn't find any directories with that name, while " dir "C:\?Windows.~BT" /A:DH /B /S" finds them all only means:
There is no such file within the "C:\$Windows.~BT" directory.
If you want to list all directories on "c:\" then you could use a "for /R" loop (see for help page for that), or you could filter the result of dir:
Code: Select all
@echo off
pushd "C:\"
dir * /A:D /B /S | findstr /E /L "\$Windows.~BT"
popd
To limit the amount of data that is piped, you could search for "?Windows.~BT" files:
Code: Select all
@echo off
pushd "C:\"
dir "?Windows.~BT" /A:D /B /S | findstr /E /L "\$Windows.~BT"
popd
penpen
Re: Search for files that contain the $ symbol
Posted: 17 Jun 2017 10:47
by balubeto
penpen wrote:I'm not fully sure, but i think balubeto doesn't search for files in the typical sense (although he mentioned "files"), because he wrote:
balubeto wrote:dir "C:\?Windows.~BT" /A:DH /B /S, it finds the files.
This command searches for directories only.
Directories are also file objects, so his wording is not wrong in this sense.
If the command "dir "C:\$Windows.~BT" /A:DH /B /S" doesn't find any directories with that name, while " dir "C:\?Windows.~BT" /A:DH /B /S" finds them all only means:
There is no such file within the "C:\$Windows.~BT" directory.
If you want to list all directories on "c:\" then you could use a "for /R" loop (see for help page for that), or you could filter the result of dir:
Code: Select all
@echo off
pushd "C:\"
dir * /A:D /B /S | findstr /E /L "\$Windows.~BT"
popd
To limit the amount of data that is piped, you could search for "?Windows.~BT" files:
Code: Select all
@echo off
pushd "C:\"
dir "?Windows.~BT" /A:D /B /S | findstr /E /L "\$Windows.~BT"
popd
penpen
In the last example, it is possible to use the find command because, unfortunately, the findstr command does not work in Windows PE?
Thanks
Bye
Re: Search for files that contain the $ symbol
Posted: 17 Jun 2017 15:01
by penpen
I'm not familiar with PE, but they should base on xp or later, so you probably only have to search for the right windows version and copy "findstr.exe" to the PE image.
If you have no success with that, then please try if the "for /R" loop works on your PE.
penpen
Re: Search for files that contain the $ symbol
Posted: 18 Jun 2017 01:19
by balubeto
penpen wrote:I'm not familiar with PE, but they should base on xp or later, so you probably only have to search for the right windows version and copy "findstr.exe" to the PE image.
If you have no success with that, then please try if the "for /R" loop works on your PE.
penpen
How do I do this with a For loop?
Thanks
Bye
Re: Search for files that contain the $ symbol
Posted: 18 Jun 2017 05:17
by penpen
This should help you:
Code: Select all
@echo off
for /R "C:\" %%a in (.) do if "%%~nxa" == "$Windows.~BT" echo(%%~fa
goto :eof
Note: You cannot optimze this by using "... %%a in ("$Windows.~BT") ..." or similar, because then you would also list files instead of directories only.
This is (depending on the amount of directories on disk: much) slower, so you better try to include a working "findstr.exe" to your PE image.
penpen
Re: Search for files that contain the $ symbol
Posted: 18 Jun 2017 11:16
by balubeto
penpen wrote:This should help you:
Code: Select all
@echo off
for /R "C:\" %%a in (.) do if "%%~nxa" == "$Windows.~BT" echo(%%~fa
goto :eof
Note: You cannot optimze this by using "... %%a in ("$Windows.~BT") ..." or similar, because then you would also list files instead of directories only.
This is (depending on the amount of directories on disk: much) slower, so you better try to include a working "findstr.exe" to your PE image.
penpen
There is something that does not work because your script analyzes the files content and not their names. Why?
Thanks
Bye
Re: Search for files that contain the $ symbol
Posted: 18 Jun 2017 12:45
by penpen
balubeto wrote:There is something that does not work because your script analyzes the files content and not their names. Why?
Have you tested it, or do you assume that the script analyzes the files content?
Note that the above is a "for /R" loop and no "for /F" loop.
penpen