Hi Biterider,

I will look into it and see what I can figure out though no guarantee it will be done soon. I think I should add a way for a plugin to add to the treeview and listview. The plugin interface provides handles to both but it is a clumsy way of doing it. I will look into that as well.
Posted on 2006-04-13 07:04:15 by donkey
I have added file encryption and the ability to zip folders to WinExplorer. To use the folder zip function right click on a folder in the treeview and select "zip folder", you can choose to retain the folder structure and/or recurse the folder to include all sub folders. For the encryption, right click on a file in the listview choose "encrypt/decrypt" and follow the prompts, keys can be of any length but a 64 bit hash is generated from them so the key strength is still only 64 bit. BLF is the default file extension for encrypted files. The algorithm used is BlowFish, I wanted RC6 but could not negotiate a free license with RSA so I had to drop the idea. The encryption algorithm needs some work but is not bad for low end encryption needs, it would be better to have a dynamic key but I was too lazy to write the code. At any rate it is available at my website...

www.assembler.ca
Posted on 2006-06-11 02:13:30 by donkey

Hi Donkey
Sorry, Iíll try it again  :sad:
What I mean is if it is possible to see on the right pane the ADSs attached to a file, perhaps in a different color or whatever and that the user can delete them as if they were usual files.

Biterider


Hi Biterider,

I am working on the ADS problem but for the life of me I can't get NtQueryInformationFile to work. I can open the proper access token and the file then I want the FileStreamInformation but all it returns is 0C000000Dh which I think is "the parameter is incorrect" but I can't figure out what's wrong with it. At any rate I am still plugging away at it and hope to add ADS support very soon. I have decided on a field in the listview that will show the number of streams in the file, if this is not fast enough then perhaps a menu item to examine a file for ADS.

Donkey

Posted on 2006-06-12 21:03:04 by donkey
A wild guess: are the struct you use of proper size and alignment?
Posted on 2006-06-13 04:49:15 by f0dder
Hi f0dder,

Yeah, the IO_STATUS_BLOCK is aligned on a 16 byte boundary and the FILE_STREAM_INFORMATION is 16KB allocated with GlobalAlloc so it should be fine. The FILE_STREAM_INFORMATION buffer will automatically grow if needed.

Donkey
Posted on 2006-06-13 19:45:43 by donkey
Hi All,

Well, some testing has shown that the bad parameter error is a bit of a misnomer. If you attempt to check on a FAT32 drive thats the only error you ever get. So I have uploaded a new version of WinExplorer that will display alternate data streams in a file using the right click menu. I did not write the code to open them yet but in some future version I will get around to it. The function is loaded dynamically so there should be no compatibility problems with 9x.

NOTE: the ::$DATA stream is the default stream so don't freak out if you see it, it's always supposed to be there :)

Edgar

PS if you need an ADS file to test with you can get one here...

http://www.diamondcs.com.au/index.php?page=archive&id=ntfs-streams
Posted on 2006-06-19 21:40:06 by donkey
I should note that I also added an option to the options dialog (ALT-O) that allows you to turn on or off displaying the number of ADS streams in the listview, it's fairly fast but it does impact load times so it was made into an option. If enabled you can view the number of streams in the rightmost column of the listview.

Donkey
Attachments:
Posted on 2006-06-20 00:13:33 by donkey
I have added the ability to open the alternate data streams in WinExplorers hex viewer, that should be pretty safe as from what I can gather they are used for nothing but malware so any direct actions could be dangerous. Just double click the stream you want to view in the ADS listbox.
Posted on 2006-06-20 00:45:03 by donkey
Hi Donkey
That's perfect, exactly what's needed.

Biterider
Posted on 2006-06-20 01:29:04 by Biterider
Hi Biterider,

No probs man. But download it again, I had to fix a little bug just now. Apparently Microsoft does not follow its own guidelines and put bad data in the pointer to the next item of the link list so I had to put in some bounds checks to make sure that everything was valid. It is only a problem when you use the summary info with explorer.exe but it will crash on reading the folder so it's a bit of a pain.

Donkey
Posted on 2006-06-20 01:38:52 by donkey
Done... Thanks.
Posted on 2006-06-20 01:44:42 by Biterider
I've just been trying out the streams capability on winexplorer, and it seems to work up to a point - if the file has more than two streams, it never displays the streams dialog, but sits in an endless loop, which needs the program to be killed by the task manager.  The other problem I found, if you enable the ADS option in the options dialog, and look at an NTFS formatted network drive, it also does the same sort of thing, becomes incredibly unresponsive, doesn't display all it should and again needs to be killed.  The directories I was looking at only contained files with one stream each - the main part of the file, but one said that it had -1 streams!

I can let you have a network trace of the 3 file streams if you can't reproduce it.

Otherwise quite a nice little toy!

Nick
Posted on 2006-06-20 04:13:35 by Nick
I will have to check a file with more than 2 streams, I only did tests on ones with 2 streams. For the -1 streams thats a poser, the nStreams variable is set to 0 on entry and is only ever incremented (inc D) so I am not sure how it is possible to get that result.

Donkey
Posted on 2006-06-20 07:04:41 by donkey
OK,

I had a bit of time this morning so I created a multiple stream file (I tested 4 streams) this is how I created the test file...

From the command prompt on an NTFS drive...

D:>echo stream1>test.txt

D:>echo stream2>test.txt:stream2

D:>echo stream3>test.txt:stream3

D:>echo stream4>test.txt:stream4

This will create a file with 1 main stream and 3 alternate data streams and allowed me to find the bug in the streams algorithm. I have uploaded a new version of WinExplorer with the stream information section corrected. I was not able to recreate the -1 streams problem and since AFAIK it is not possible to email files with streams I will have to leave that one.

Donkey

I also added the ability to remove an ADS from a file and updated the streams dialog
Posted on 2006-06-24 08:26:58 by donkey
After looking over my code I now realize why the -1 appears and though I could recreate it if I wanted to, I believe it is actually a good thing to have. It will appear if WinExplorer was not able to gain access to the file (ie through CreateFile). This can be used as a signal that the streams were not able to be examined and therefore I am tempted to leave it in. This should close the book on Alternate Data Streams unless someone finds more bugz.
Posted on 2006-06-24 09:26:10 by donkey
Well, thanks to my movers being delayed I have another day to do some programming. I have enhanced the streams dialog to include file size and an indicator if the stream data appears to be an executable file. Since the only way I can forsee a stream can actually be dangerous is if it is executable this will help in making a decision to delete the stream or not. New upload to my website...

www.assembler.ca
Posted on 2006-07-01 13:54:17 by donkey
I should check that out. I'm getting really angry with explorer, since it seems to take way too much resources and such, and seems to cause some of my games to slow down (I'm running a P3 866 MHz, with 384 MB ram, so I've got little processing power and ram to give out to things like explorer)

PS: .ca, canada kicks ass :P
Posted on 2006-07-01 14:06:29 by Bobbias