how to handle the warnings in a find statement

Aldebaran has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks,

The context for this question is that I think I had something that tried to get onto my windows 10 laptop by means of my android phone. I'd been warned that an app had malware, and I should go to google play to get it fixed. I decided to factory reset the phone instead, but I was losing power, and without thinking about it, hooked it up to my computer. 2 ms-dos windows appeared and then disappeared. Oops.

So I wrote a script that finds the newest files in my User namespace and then scrutinized anything new. It was a much different listing back then, with so much appdata that I had to filter it. I cleared out all kinds of stuff for varying reasons, and what remains is pretty close to what they give you for an identity with windows 10. I want to show the terminal output first. It's verbose, so I'm gonna throw it between readmore tags and suggest reading it last or not at all if output makes you grumpy.

C:\Users\Fred>perl virus4.pl >>text1.txt
Use of uninitialized value $access_age in numeric gt (>) at virus4.pl 
+line 29.
Use of uninitialized value $access_age in printf at virus4.pl line 31.
Can't opendir(C:/Users/Fred/AppData/Local/Application Data): Invalid a
+rgument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/AppData/Local/ElevatedDiagnostics): Invali
+d argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/AppData/Local/History): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/AppData/Local/Microsoft/Windows/INetCache/
+Content.IE5): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/AppData/Local/Microsoft/Windows/INetCache/
+Low/Content.IE5): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/AppData/Local/Microsoft/Windows/Temporary 
+Internet Files): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/AppData/Local/Temp/msdtadmin): Invalid arg
+ument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/AppData/Local/Temporary Internet Files): I
+nvalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/AppData/LocalLow/Oracle/Java/jre1.8.0_91/j
+ava_sp): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/Application Data): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/Cookies): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/Documents/My Music): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/Documents/My Pictures): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/Documents/My Videos): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/Local Settings): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/My Documents): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/NetHood): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/PrintHood): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/Recent): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/SendTo): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/Start Menu): Invalid argument
 at virus4.pl line 18.
Can't opendir(C:/Users/Fred/Templates): Invalid argument
 at virus4.pl line 18.

C:\Users\Fred>dir
 Volume in drive C is Windows8_OS
 Volume Serial Number is 3052-CD20

 Directory of C:\Users\Fred

12/18/2016  10:54 PM    <DIR>          .
12/18/2016  10:54 PM    <DIR>          ..
11/05/2016  09:28 PM    <DIR>          .android
07/27/2015  10:35 PM    <DIR>          .gem
11/27/2016  04:15 PM    <DIR>          .gimp-2.8
10/14/2016  04:38 PM               153 .gitconfig
06/08/2016  07:05 PM    <DIR>          .LSC
06/01/2016  09:07 PM    <DIR>          .oracle_jre_usage
05/02/2015  12:44 AM                 0 .perlcriticrc
06/08/2016  07:05 PM    <DIR>          .QtWebEngineProcess
07/01/2016  02:17 AM    <DIR>          .ssh
04/28/2015  11:10 PM    <DIR>          .thumbnails
12/15/2016  10:41 PM    <DIR>          Contacts
12/16/2016  12:14 AM    <DIR>          Desktop
12/16/2016  06:55 PM    <DIR>          Documents
12/16/2016  06:55 PM    <DIR>          Downloads
12/15/2016  10:41 PM    <DIR>          Favorites
12/15/2016  10:41 PM    <DIR>          Links
12/15/2016  10:41 PM    <DIR>          Music
12/15/2016  03:58 PM    <DIR>          OneDrive
06/15/2016  12:57 PM    <DIR>          perl5
12/15/2016  10:41 PM    <DIR>          Pictures
12/15/2016  10:41 PM    <DIR>          Saved Games
12/15/2016  10:41 PM    <DIR>          Searches
12/18/2016  10:58 PM               293 text1.txt
06/21/2015  06:09 PM    <DIR>          Tracing
12/15/2016  10:41 PM    <DIR>          Videos
12/15/2016  11:24 PM               523 virus1.pl
12/15/2016  11:29 PM               519 virus2.pl
12/16/2016  09:16 PM               484 virus3.pl
12/18/2016  10:36 PM               543 virus4.pl
               7 File(s)          2,515 bytes
              24 Dir(s)  42,966,175,744 bytes free

C:\Users\Fred>type text1.txt
C:/Users/Fred
Fred: M age in days: 0.0000

C:/Users/Fred/NTUSER.DAT
NTUSER.DAT: M age in days: 0.0026

C:/Users/Fred/text1.txt
text1.txt: M age in days: 0.0000

C:/Users/Fred/virus4.pl
virus4.pl: M age in days: 0.0122

C:/Users/Fred/Pictures/2016-12/z
z: M age in days: 0.0986


C:\Users\Fred>type virus4.pl
#!/usr/bin/perl
use warnings;
use strict;

use File::Find;
use Cwd;

=pod

=head1 DESCRIPTION

returns files within a hard-coded M time

=cut

my $current = cwd;

find( \&pm_beneath, $current, );


sub pm_beneath {
   use File::Basename;

my $file=$File::Find::name;
   my $days = .1; #hard-coded
   my $basename = basename($file);
   return if $file =~ /.*AppData.*/;
   my $access_age = -M $basename;
   return if ($access_age > $days);
   print "$file\n";
   printf "$basename: M age in days: %.4f\n\n",  $access_age;
}

__END__



C:\Users\Fred>
[download]

Now I'd like to pick that apart and ask some questions. The script is a simple find routine:

use File::Find;
use Cwd;
my $current = cwd;

find( \&pm_beneath, $current, );

sub pm_beneath {
  use File::Basename;

  my $file     = $File::Find::name;
  my $days     = .1;                  #hard-coded
  my $basename = basename($file);
  return if $file =~ /.*AppData.*/;
  my $access_age = -M $basename;
  return if ( $access_age > $days );
  print "$file\n";
  printf "$basename: M age in days: %.4f\n\n", $access_age;
}
[download]

The first thing I'd like to do is clear the warnings. A typical warning looks like this:

Can't opendir(C:/Users/Fred/AppData/Local/Microsoft/Windows/Temporary 
+Internet Files): Invalid argument
 at virus4.pl line 18.
[download]

I don't understand how this even made it past the return statement, but that aside, I'm to believe that I have an invalid argument in my find statement. I can only speculate what it might be. It could be my OS saying, "it's none of your business." Let's look at another example:

Can't opendir(C:/Users/Fred/Documents/My Pictures): Invalid argument
 at virus4.pl line 18.
[download]

This one confuses me more, because, in my output, it shows the only directory I created in My Pictures in this time frame:

C:/Users/Fred/Pictures/2016-12/z
z: M age in days: 0.0986
[download]

My first question how to handle the warnings in a way that leaves no quarter for a trojan.

I learned a few things about my system. Am I correct to think that these are the drivers for my android phone?

C:\Users\Fred>cd .android

C:\Users\Fred\.android>dir
 Volume in drive C is Windows8_OS
 Volume Serial Number is 3052-CD20

 Directory of C:\Users\Fred\.android

11/05/2016  09:28 PM    <DIR>          .
11/05/2016  09:28 PM    <DIR>          ..
11/05/2016  09:26 PM             1,704 adbkey
11/05/2016  09:26 PM               716 adbkey.pub
01/04/2012  04:06 PM               354 adb_usb.ini
11/05/2016  09:28 PM               137 androidwin.cfg
11/05/2016  09:26 PM    <DIR>          avd
11/05/2016  09:26 PM               114 ddms.cfg
               5 File(s)          3,025 bytes
               3 Dir(s)  42,990,264,320 bytes free

C:\Users\Fred\.android>
[download]

Can anyone speculate why I have this hidden file with nothing in it?

05/02/2015 12:44 AM 0 .perlcriticrc

Finally, as I post a program to fight software attackers, I have this ginormous sense of re-inventing the wheel. What perl tools already exist?

Thank you for your comment, and happy holidays,

Comment on how to handle the warnings in a find statement Select or Download Code

Replies are listed 'Best First'.
Re: how to handle the warnings in a find statement by Corion (Patriarch) on Dec 19, 2016 at 10:17 UTC
The "invalid argument" errors are errors from Windows telling you that your current (non-admin) account does not have the proper permissions to access the directory. The `.android` directory doesn't seem to contain drivers for your Android phone but the Android Debugging Bridge (`adb`) credentials. Whether you installed them or something else I don't know.	[reply] [d/l] [select]
Re^2: how to handle the warnings in a find statement by Aldebaran (Curate) on Dec 19, 2016 at 11:46 UTC
Alright, yeah, I installed the debugging bridge. I really had to fight to get the drivers installed on for this windows 10 target platform. I just checked my control panel, and windows thinks I'm an administrator. The files I'm looking through belong to me: that's what makes them different from the attacking files. There's a lot of things that dos windows can't do that they used to, and the architecture of windows has been a series of demotions for DOS. Is that why windows doesn't want me to look at my own files?	[reply]
Re^3: how to handle the warnings in a find statement by huck (Prior) on Dec 19, 2016 at 11:54 UTC
Being an administrator and running with elevated permissions are not the same thing More about these "magic dirs", can be found here under junctions https://msdn.microsoft.com/en-us/library/windows/desktop/aa365006(v=vs.85).aspx and here https://msdn.microsoft.com/en-us/library/windows/desktop/aa365503(v=vs.85).aspx It seems file::find sees them as a normal direcory, and doesnt have the permissions to "reparse" them. edited to add: see also readlinkL under http://search.cpan.org/~rboisvert/Win32-LongPath-1.03/lib/Win32/LongPath.pm and Re: Trouble with File::Find::Rule	[reply]
Re^4: how to handle the warnings in a find statement by Aldebaran (Curate) on Dec 20, 2016 at 09:12 UTC
Re^5: how to handle the warnings in a find statement by huck (Prior) on Dec 20, 2016 at 09:55 UTC
Some notes below your chosen depth have not been shown here
Re: how to handle the warnings in a find statement by huck (Prior) on Dec 19, 2016 at 10:50 UTC
First off, C:/Users/Fred/Pictures/2016-12/z is not under C:/Users/Fred/Documents/My Pictures , right? Second notice that your "dos" dir command did not list C:/Users/Fred/Templates, yet the errors from find suggest find was able to see it. I suspect this is a function of a class of "magic dirs" that microsoft has invented, these are not really dirs, they are pointers,(think of ln -s ... under unix). and like a softlink in unix the object of these pointers may not even exist. I would think that perl/find would be able to understand this by now, except if you are not "current". Please run these `perl -v perl -MFile::Find -wE "say $File::Find::VERSION;"` [download]	[reply] [d/l]
Re^2: how to handle the warnings in a find statement by Aldebaran (Curate) on Dec 19, 2016 at 11:21 UTC
That's a negative, that is you surmise correctly regarding where Pictures is and isn't. I have to wonder out loud whether the reason that these photos are downloaded here is that the importing software lacked permission to save to My Pictures. I noticed Templates showing on the dos listing but not in my explorer window. Windows explorer is awful on windows 10, but our Washington friends make up for it with the internet browser, Edge, which is pretty good. (Opinions are mine alone.) Here's the output you wanted: C:\Users\Fred>perl -v This is perl 5, version 24, subversion 0 (v5.24.0) built for MSWin32-x +64-multi-thread Copyright 1987-2016, Larry Wall Perl may be copied only under the terms of either the Artistic License + or the GNU General Public License, which may be found in the Perl 5 source ki +t. Complete documentation for Perl, including FAQ lists, should be found +on this system using "man perl" or "perldoc perl". If you have access to + the Internet, point your browser at http://www.perl.org/, the Perl Home Pa +ge. C:\Users\Fred>perl -MFile::Find -wE "say $File::Find::VERSION;" 1.34 C:\Users\Fred> [download]	[reply] [d/l]
Re^3: how to handle the warnings in a find statement by huck (Prior) on Dec 19, 2016 at 12:15 UTC
See my reply above about junction points, and realize C:/Users/Fred/Documents/My Pictures is a junction point to C:/Users/Fred/Pictures	[reply]


Perl-Sensitive Sunglasses
	PerlMonks