Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to: batch file to compare file times and dates


  • Please log in to reply
33 replies to this topic

#1 ray5450

ray5450

  • Members
  • 455 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 11 May 2013 - 06:29 PM

I am trying to use a batch file to compare times and dates of files.  Here is what I tried so far:

 

Given--files in "testfolder" are a mix of files of dates from 1999 to the present.

 

FOR /R c:\testfolder %%F IN (*) DO @IF "%%~tF" GTR "04/14/1999 02:45 PM" ECHO "%%~tF" >>c:\test.txt

The results of this line, lists all the files to "test.txt".

 

If I try:

FOR /R c:\testfolder %%F IN (*) DO @IF "%%~tF" GTR "04/14/2013 02:45 PM" ECHO "%%~tF" >>c:\test.txt

...I would expect only files newer than 04/14/2013 02:45 PM, but what happens instead, is that all the files are again listed to "test.txt".  It appears that the IF condition is being ignored.  I do not receive any error message.

 

What do I need to get this to work as expected?

 

Thanks.


Edited by ray5450, 12 May 2013 - 12:22 PM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:34 AM

Posted 11 May 2013 - 06:47 PM

Batch script cannot compare dates. GTR will try to compare the items as strings (e.g. if the left is lexicographically greater than the right).

I believe DIR has a means to do this; and PEV and VFIND (neither of which come with Windows) definitely do.
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 ray5450

ray5450
  • Topic Starter

  • Members
  • 455 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 12 May 2013 - 12:18 PM

It appears that DIR can display or sort by date and time, but if there is no way to compare them, such as something lke GTR, then that won't work either...is that correct?

 

Thanks.


Edited by ray5450, 12 May 2013 - 12:29 PM.


#4 ray5450

ray5450
  • Topic Starter

  • Members
  • 455 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 16 May 2013 - 02:35 PM

Please, confirm?



#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:34 AM

Posted 16 May 2013 - 03:41 PM

I believe so.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 ray5450

ray5450
  • Topic Starter

  • Members
  • 455 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 17 May 2013 - 12:29 AM

I did not find much about PEV, but I have tried VFIND, but I cannot get it to exclude more than one file type. If I try:

vfind -d+2013-04-14:14:45:00 -t!d -r d:\!*.abc d:\!*.xyz > c:\test.txt

...it appears to process the whole line twice and gets the sam results as:
vfind -d+2013-04-14:14:45:00 -t!d -r d:\!*.abc > c:\test.txt
vfind -d+2013-04-14:14:45:00 -t!d -r d:\!*.xyz > c:\test.txt

 

test.txt ends up with 2 sets of everything except what is excluded each time.  For example, the whole contents of test.txt ends up as:

file1.one

file2.two

file3.xyz

file1.one

file2.two

file4.abc

Is there a way to exclude more than one file type in one sweep so everything else is not duplicated?

 

Thanks.



#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:34 AM

Posted 17 May 2013 - 03:36 PM

I don't know of a way to do it with vfind. You can do it with pevFind through. Something like this should do the trick:

pev -d+2013-04-14:14:45:00 -tf -r d:\* AND NOT { *.xyz OR *.abc } > c:\test.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 ray5450

ray5450
  • Topic Starter

  • Members
  • 455 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 19 May 2013 - 05:42 PM

Thanks.  I think it will work.  However, the next step in my project has run into a problem with line breaks after quotes.

"abc xyz" ^     is being processes as 2 items:  1.  abc xyz, and 2.  ^

It appears that ^ no longer is treated as a line break after a quote.

Do you know how to solve this?  Thanks.



#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:34 AM

Posted 19 May 2013 - 09:23 PM

^ has never been treated as a line break after a quote. ^ means "the character after the ^ shall not be interpreted as a batch script metacharacter."
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 ray5450

ray5450
  • Topic Starter

  • Members
  • 455 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 20 May 2013 - 12:04 AM

Yes, I definitely did find that it was not treated as a line break after a quote.

 

Is there a way to indicate a line break after a quote, using Notepad?

 

Thanks.

 

(I really appreciate your help)



#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:34 AM

Posted 20 May 2013 - 11:43 AM

Not that I know of. You can emit a line break using echo. though.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 ray5450

ray5450
  • Topic Starter

  • Members
  • 455 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 21 May 2013 - 12:49 AM

(I need to edit this later and repost it)


Edited by ray5450, 21 May 2013 - 01:40 AM.


#13 ray5450

ray5450
  • Topic Starter

  • Members
  • 455 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 22 May 2013 - 01:04 AM

(The Edit option has disappeared and I was not able to edit my above post.  I suppose it could be deleted.)

 

Anyway,  I right clicked for properties of a file to view date "Created" as May ‎09, ‎2013.  The above pev command would not process this file.  There is also a date "Modified" as ‎August ‎21, ‎2012.  pev must be using the date modified.  Is there a way to use the date created instead?  Thanks.



#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:34 AM

Posted 22 May 2013 - 11:58 AM

Yes: https://bitbucket.org/BillyONeal/pevfind

 -d[c|m|a][:][+|-|!|=] Date after / before / not / equals
  Default is modified, but c will use created and a will use access date.
  
  -d[c|m|a][:][G|L] Date more than x days ago or less than x days ago.
  Default is days (D) but supported suffixes are S(econds), MM(inutes), H(ours), D(ays), W(eeks), M(onths), Y(ears)
  At this point leap years aren't handled correctly but I don't think that's a
  major problem. When calculating this date, pevFind will use the UTC time and subtract
  the specified length from it. It will then pivot on that date as greater than or less than.
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 ray5450

ray5450
  • Topic Starter

  • Members
  • 455 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 22 May 2013 - 02:26 PM

Okay.  If I use either c or m, it does not process files that were created on a different date than modified (or vice-versa).

If I use both c and m, it gives an error.

If I use c, then a separate command with m, it outputs a lot of duplicates that do have the same create and modify dates.

 

Is there a command or utility that will find by date and time of both modified and created?

 

Thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users