hi, another question: ive seen some progs which hide files from the filesystem. how to do that in win32asm?
Posted on 2000-11-25 13:07:00 by [SaFc0n]
This is only theory... But one way a file(s) could be hidden is by patching the FindFirstFileA, FindFirstFileW, FindNextFileA & FindNextFileW DLL functions exported by kernel32.dll. You could write code that intercepts these DLL functions and refuses to return the filename(s) that you desire to hide. Not really sure how to do it though, other than patching the actual DLL file, which I get the feeling it wouldn't be the best idea in town. The way commercial programs would do it is via the usage of low level device drivers (ie: VxDs or WDMs). Due to their low level nature, this has got to be the best way to hide files. The only problem is that so far, I don't think anybody's made a WDM in asm available yet. ---------------------------- Team2k PC Development Team: http://ppilot.homepage.com
Posted on 2000-11-26 04:10:00 by Al Leitch
that's not a bad idea, but i asked someone else in mirc and he told me, that ive just to set all attribs of a file you see in the OS. the trick is, to set the volume (directory), and all the other too. he told me that windows would ignore showing that files, cause it only knows directorys with no other attribs set. i didnt try it yet and dont know if it really works, but nevertheless thnx for your help. cya
Posted on 2000-11-26 06:48:00 by [SaFc0n]
I don't think that changing the file attributes will be effective unless the user is pretty naive. All one has to do is check an option in Explorer to get it to show all files, including hidden ones (I suppose this requires admin privileges to be system-wide under NT). I have this option set on my Win2000 machine. Patching system dll's is difficult and dangerous. How about just hiding a file inside another one?
Posted on 2001-02-16 18:37:00 by Xmas