Elepheye

What is Elepheye?

Another simple integrity checker for the Windows filesystem, registry and WMI.
It shows, saves and compares various system information about the filesystem, registry and WMI.
It helps you know what files, registry keys or WMI objects are added, removed or changed.

Features

Support security information (Owner, Group, DACL and SACL in SDDL format)
Support NTFS ADS (Alternate Data Stream)
Support NTFS Reparse Points (Junctions and Symbolic Links)
Support NTFS Unicode extended-length path (`\\?\C:\VeryLongPath...')
Support both local and remote registry
Support arbitrary WMI classes
MD5 and SHA1 checksums
Filtering by rule text files
CSV file output
A simple Win32 command-line application written in C++

Download

Binary

name: elepheye-0.2.zip
size: 188256
 md5: 8ecb5215c46cd95086e337cb2713e29d
sha1: 38f55802963afa45c3af3948d256cf6819fafd8e

Source code

name: elepheye-0.2-src.zip
size: 163103
 md5: 64038da5abb41b135f4c2de9b12d2a7a
sha1: 57948f6a7a3dbdd1b8f89e20c5e5b33690f24fe3

Change log

Fixed some messages.
Added `wmi' source type.

Other resources

Usage

Usage:
  elepheye [OPTION ...] SOURCE_TYPE [SOURCE_ARG ...] [COMMAND ...]

OPTION:
  -V
    Print the version and exit.
  -h
    Print this help and exit.
  -w
    Enable warnings.

COMMAND:
  -c SOURCE_TYPE [SOURCE_ARG ...]
    Add the second source for comparing.
  -f FILTER_TYPE [FILTER_ARG ...]
    Add a filter to the last source or filter.

SOURCE_TYPE and SOURCE_ARG:
  csv PATH
    Read records from a CSV file.
  filesystem PATH ...
    Generate records from filesystem entries.
  registry PATH ...
    Generate records from registry entries.
  wmi PATH
    Generate records from a WMI class.

FILTER_TYPE and FILTER_ARG:
  console
    Print records to stdout.
  csv PATH
    Write records to a CSV file.
  rule PATH
    Modify records by a rule text file.

Exit status:
  0: Succeeded
  1: Failed

Examples:
  elepheye filesystem C:\Target -f console
  elepheye filesystem C:\Target -f rule my.txt -f csv out.csv
  elepheye filesystem C:\Target -f rule my.txt -c csv in.csv
  elepheye registry HKEY_LOCAL_MACHINE\Target -f console
  elepheye wmi root\cimv2:Win32_UserAccount -f console

More examples

elepheye filesystem C:\Dir

Find filesystem entries under `C:\Dir', and do nothing.

elepheye filesystem C:\Dir -f console

Print records to stdout.

elepheye filesystem C:\Dir -f rule my.txt -f console

Modify records by a rule text file.

elepheye filesystem C:\Dir -f rule my.txt -f csv out.csv

Write records to a CSV file.

elepheye filesystem C:\Dir -f rule my.txt -c csv in.csv

Compare current records with the old CSV file.

elepheye filesystem C:\Dir -f rule my.txt -f rule my2.txt -c csv in.csv -f rule my3.txt -f rule my4.txt

Add more rules.

elepheye registry HKEY_LOCAL_MACHINE\Key

Change the source to the registry.

elepheye wmi root\cimv2:Win32_LogicalDisk

Change the source to the WMI.

elepheye csv new.csv -c csv old.csv

Compare two CSV files.

elepheye -w filesystem C:\Dir

Enable warnings to print inaccessible information. Run as Administator to get maximum information.

Requirements

Windows 2000 or later

Build requirements

Microsoft Visual C++ 2005 or later

License

MIT License