Introduction
I often like to scan my computer for unwanted software but with Windows being so large these days, it's no easy task but if you scan all the .Exe files to extract the company name for the file, then you soon start to see the questionable files that may warrant further investigation.
Bits You Need To Know
Microsoft had to do a bit of a fudge when it came to the windows/system32 folder so that old 32 bit applications that hardcoded DLL names into the code would still continue to work on 64 bit machine and developers need to keep in mind that files are not always where you think they are and the Windows/System32 folder is a good example of this but you can make sure you are looking at the right folder by using "SysNative
" in your code as I have shown in the code below.
Using the Code
string Company = FileHelper.GetCompany(@"c:\Windows\system32\cmd.exe");
Shown below is the full source code needed to do the job in a static
class.
using System;
using System.IO;
using System.Diagnostics;
using System.Text;
public static class FileHelper
{
public static string GetCompany(string ExecutablePath)
{
ExecutablePath = ExecutablePath.Replace("\"", "");
if (ExecutablePath.ToLower() == "windows" || ExecutablePath.Length == 0) return "";
if (!File.Exists(ExecutablePath))
{
if (ExecutablePath.ToLower().IndexOf("\\windows\\system32\\") > -1)
{
ExecutablePath = ExecutablePath.ToLower().Replace
("\\windows\\system32\\", "\\Windows\\Sysnative\\");
if (!File.Exists(ExecutablePath)) return "File Not Found";
}
else return "File Not Found";
}
try
{
string CopyRight = "";
FileVersionInfo versionInfo = FileVersionInfo.GetVersionInfo(ExecutablePath);
if (versionInfo == null) return "Error";
if (versionInfo.CompanyName == null) return "WARNING no company name";
string Company = versionInfo.CompanyName.Replace(",", "-");
if (versionInfo.LegalTrademarks != null) CopyRight = versionInfo.LegalCopyright;
if (Company.ToLower() == "microsoft corporation") Company = "Microsoft";
if (Company.ToLower() == "intel corporation") Company = "Intel";
if (Company == "Microsoft" &&
!versionInfo.OriginalFilename.ToLower().EndsWith(".mui"))
{
if (versionInfo.LegalCopyright.ToLower()
!= "copyright microsoft corporation" &&
versionInfo.LegalCopyright.ToLower().Replace(" ",
" ").Replace("corp.",
"corporation.").Trim().IndexOf
("microsoft corporation. all rights reserved.") == -1 &&
versionInfo.LegalCopyright.ToLower().Replace(" ",
" ").Trim().IndexOf("copyright © microsoft") == -1)
Company = "WARNING
(" + Company + ") Unusual copyright notice";
else if (!versionInfo.ProductVersion.EndsWith
(versionInfo.ProductPrivatePart.ToString()) ||
versionInfo.ProductVersion.Length == 0)
Company = "WARNING
(" + Company + ") Unusual product version";
return Company.Trim().Replace
("\t", "").Replace(",", "-");
}
if (Company.Trim() == "")
{
if (versionInfo.LegalCopyright.Length == 0)
Company = "WARNING no company name
or Copyright notice";
else
Company = "WARNING no company name";
}
else if (CopyRight.Trim().Length == 0)
Company = "WARNING (" + Company.Replace
("\t", "") + ") No Copyright notice";
return Company.Replace("\t", "").Replace(",", "-");
}
catch (Exception Ex) { return "Error"; }
}
}
Points of Interest
This code will work best if the application using the code has administrator rights, but bear in mind that even with admin rights turned on, Windows will still lock your code out from large parts of the file system so remember to use a try /catch
in your code of check the folders permissions first.
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.