- github: https://github.com/Shriniwas18K
- PCCOE 2026 BTech CSE(AIML)
- Passionate C++/Java/Python developer
- thanks for guidance from https://youtu.be/9nDYYc_7sKs?feature=shared
- Written Linux Daemon(background running service) while teaching system calls,signals, shell args, blocking I/O operations, dynamic memory management in 200 lines of code.
This report presents a detailed technical analysis of the RolexHound file monitoring system, a Windows-based C application designed for continuous file surveillance and change detection. The system implements real-time monitoring capabilities using Windows API functions and provides graceful shutdown handling through signal processing.
- File Discovery Engine: Utilizes Windows FindFirstFile API for file location
- Attribute Monitoring System: Tracks file metadata changes through WIN32_FIND_DATA structures
- Signal Handler: Implements graceful shutdown via SIGINT handling
- Polling Mechanism: Continuous monitoring with configurable intervals
- Language: C (ANSI C standard)
- Platform: Windows-specific (uses windows.h APIs)
- Architecture: Single-threaded, event-driven polling system
- Memory Management: Dynamic allocation with malloc
- Signal Processing: Custom CTRL+C handler implementation
// Primary data structures used
WIN32_FIND_DATA FileData; // File attribute container
FILETIME OldLastAccessTime; // Previous access timestamp
FILETIME OldLastWriteTime; // Previous write timestamp
HANDLE hSearch; // File search handleThe system implements a sophisticated path parsing mechanism:
- Extracts basename from absolute/relative paths
- Uses strtok() for tokenization with "/" delimiter
- Maintains original argument integrity through string copying
- Polling Interval: 10-second configurable timer
- Change Detection: Compares FILETIME structures (dwLowDateTime, dwHighDateTime)
- Tracked Attributes: Last access time, Last write time
- Custom SIGINT handler with user confirmation
- Process ID display for debugging
- Graceful cleanup with controlled exit codes
- Argument Validation: Ensures proper command-line usage
- Memory Allocation: Dynamic allocation for path string
- Path Extraction: Parses input to extract filename
- Signal Registration: Sets up CTRL+C handler
- File Search: FindFirstFile API call
- Validation: INVALID_HANDLE_VALUE check
- Attribute Comparison: FILETIME structure analysis
- Change Notification: Console output for detected changes
- Sleep Cycle: Configurable delay before next iteration
- Signal Detection: CTRL+C interrupt capture
- User Confirmation: Interactive shutdown confirmation
- Process Cleanup: Graceful process termination
The system leverages several Windows-specific APIs:
- FindFirstFile(): Primary file discovery mechanism
- WIN32_FIND_DATA: Comprehensive file attribute structure
- FILETIME: High-precision timestamp representation
- HANDLE: Windows object reference management
The implementation includes multiple error handling mechanisms:
- Exit Codes: Standardized return values (SUCCESS=0, ERROR=1)
- Argument Validation: Runtime parameter checking
- File Existence Verification: Invalid handle detection
- Signal Recovery: Interrupted operation handling
- Dynamic Allocation: malloc() for path string storage
- String Operations: Safe copying with strcpy()
- Bounds Checking: MAX_PATH constant utilization
- CPU Usage: Minimal during sleep intervals
- Memory Footprint: Small, primarily static allocation
- I/O Operations: Periodic file system queries
- Single File Limitation: Current implementation monitors one file
- Polling Overhead: 10-second intervals balance responsiveness vs. efficiency
- Memory Efficiency: Minimal heap usage with controlled allocation
- Buffer Overflow Risk: Path string allocation without bounds checking
- Signal Race Conditions: Potential handler reentrancy issues
- File Access Permissions: No privilege escalation handling
- Input validation for path arguments
- Safe string manipulation practices
- Controlled signal handler implementation
- Clear Documentation: Comprehensive inline comments
- Structured Design: Logical separation of concerns
- Error Handling: Multiple validation checkpoints
- Platform Optimization: Efficient Windows API usage
- Cross-platform Compatibility: Currently Windows-specific
- Multiple File Support: Single file limitation
- Configuration Management: Hard-coded timing parameters
- Logging System: Console-only output mechanism
- Buffer Safety: Implement bounds checking for string operations
- Configuration File: External parameter management
- Logging Framework: Structured output with timestamps
- Error Recovery: Robust failure handling mechanisms
- Multi-threading: Concurrent file monitoring
- Network Integration: Remote monitoring capabilities
- Cross-platform Support: POSIX-compatible implementation
- Database Integration: Change history persistence
- Response Time: ≤10 seconds (polling interval)
- Accuracy: High (FILETIME precision)
- Reliability: Dependent on system stability
- Efficiency: O(1) per monitoring cycle
- File system performance impact
- CPU utilization during active monitoring
- Memory leak detection over extended periods
The RolexHound file monitoring system demonstrates solid foundational architecture for Windows-based file surveillance. The implementation showcases proficient use of Windows APIs, proper signal handling, and structured error management. While the current scope is limited to single-file monitoring, the codebase provides an excellent foundation for expanded functionality.
The system's strength lies in its simplicity and focused functionality, making it suitable for specific monitoring scenarios where lightweight, efficient file surveillance is required. Future enhancements could significantly expand its utility for enterprise-level applications.
| Aspect | Implementation |
|---|---|
| Language | C (ANSI standard) |
| Platform | Windows (Win32 API) |
| Architecture | Single-threaded polling |
| Memory Model | Dynamic allocation |
| Error Handling | Multi-level validation |
| Signal Processing | Custom SIGINT handler |
| File Operations | Read-only monitoring |
| Performance | Low-overhead design |
Report compiled based on source code analysis of rolexhound.c Technical depth demonstrates comprehensive understanding of systems programming concepts