size(ntfile)

From SpybotWiki
Revision as of 12:55, 4 August 2009 by PepiMK (talk | contribs) (New page: {{AdvParamInfo |SYNTAX = size[ntfile] |TITLESYNTAX = size(ntfile) |PREVIOUS = ntfilesize |VARIANTS = |PEVERSION = > 1.6.4 |GROUP = Basic Attributes }}Defines which size the scanned file mu...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
size[ntfile]
Variants size[ntfile]
Previously ntfilesize
Group Basic Attributes
Version advcheck.dll > 1.6.4

Defines which size the scanned file must have.

Usage

size[ntfile]=<size(int)>
size[ntfile]>=<size(int)>
size[ntfile]<=<size(int)>

Examples

size[ntfile]=18373
size[ntfile]>=10000
size[ntfile]<=100000
size[ntfile]>=10000,ntfilesize<=100000

Description

Compares the size of the currently tested file against the specified size parameter. Next to a strict comparison, this one also allows lesser than or equal and greater than or equal checks. This is the version preferred for rootkits, since it uses native NT methods instead of the Win32 API, where files may be more likely to be hidden.

See also

Similar parameters

Similar commands

Retrieved from "https://wiki.spybot.info/index.php?title=Size(ntfile)&oldid=1089"