Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Hide Files

ntaryl
ntaryl
in Programming and Coding

Featured Replies

Posted

Good afternoon

I search around to find informations about api (native api).

I want to know how to hook few api and hide a file from eyes(not attributes )

thanks for the timwe

You mean something like this? (courtesy of y0da)

http://win32assembly.online.fr/files/Invisibility.zip

Why do you want to hide files?

Are you coding the "next gen" of VX? :rolleyes:

Edited by HVC

planning on coding a rootkit then?...

*edit* heh i see hvc also had the same idea

Edited by evlncrn8

  • Author

Thanks guys

There is something in Visual basic 6.0 ?

I dont know asm but i can use some snippets

thanks

heh rootkit in visual basic... now i've heard it all... thankfully it is NOT possible, proper rootkitting requires drivers.. thats ring 0 coding.. so asm or c is your only choice.. and to be frank, noone here will probably help you write a rootkit... its too dangerous... and stupid

"i dont know asm but i can use snippets"... that sent a shiver up my spine, how can you use something you dont understand...? how can you modify / maintain it...

Edited by evlncrn8

lol he still didn't mention that he's going for a rootkit

well, i think the reasons to write a program to 'hide files' usually points to rootkits.. and he hasnt said other wise, so guilty until innocence is proven ;p

Of course, he may also be trying to hide his debugger from basic API anti debug ;)

A good witch hunt never hurt anyone though :P

a good rootkit usually involves Midouri & condoms (or baileys) .. :P

Edited by syk071c

  • Author

Good afternoon

I not want to make rootkit

Just ask

Want to hide a executable or some dll from another eyes

i know ring0 is impossible !!

My question is if take some api and hook it .

thanks

detecting the presence of a file can be done many ways...

GetFileAttributes, CreateFile, FindFirstFile, and so on... perhaps if you actually explain what you're wanting to do we might be able to help... (now that we know you aren't making a rootkit), how are you going to do api hooks in vb though?

If im not mistaken VB supports windows api calls ?

Dont get me wrong, I'm not defending VB, that is like the crappiest programming language ever, but it shouldn't be much harder than with C, given the knowledge how to call windows api functions from within VB, other than that basic stuff you can read up on msdn/win32.hlp....

And of course, how to install a hook, what it has to look like etc.

Want to hide a executable or some dll from another eyes

i know ring0 is impossible !!

My question is if take some api and hook it .

Well, just forget about it. It's not possible to do what you want without ring-0.

Maybe you can hook explorer's IAT and manage to hide your file (by redirecting quite a few APIs), but it's a messy approach.

What if the "other guy" uses Total Commander as a shell (or something similar) ?

Then he will see your keylogger / love collection / whatever... :o

There is however available software, which can do what you want on your computer.

e.g. http://www.softpedia.com/get/Security/Lock...-My-Files.shtml

Or maybe you want to Google for "steganography", if you do not want to hide executables...

Or, perhaps, you want to redefine what "API hooking" is all about... ;)

Cheers

Edited by HVC

  • Author

Thanks guys for the replys

ask if it is ppossible and find more info

thanks

lolz weird topic , glad VB's support is crap else we would be having some "malicious" exe here and there :)

on windows xp you cant see protected systemfiles (like the pagefile and "System Volume Information"-folders) by default. Use GetFileAttributes and SetFileAttributes and add this attribute FILE_ATTRIBUTE_SYSTEM + FILE_ATTRIBUTE_HIDDEN

If im not mistaken VB supports windows api calls

Yep, it does, but you need to declare the functions like in a similar process to GetProcAddress() if I'm not mistaken...

  • 4 weeks later...

Can somebody help me to translate InvisibilityNt.ASM to Delphi/Pascal code?

Edited by 4e4en

Correct me if i'm wrong, but Delphi cannot compile drivers.

Yeah Delphi can compile native executables if proper headers/libs is present ... and the mentioned link do the stuff but kinda limited(only ntoskrnl available i think) !

Thanks StreamLine .

This is the source code of a sample i made b4 wich blocks specific HD Drive ...

it's coded in C++ and u need the DDK to compile the kernel-mode driver

Drive_Controller_Source.rar

How can i know, from which process my hooked function is being called in 0-Ring?

I am useing DDDK.

Edited by 4e4en

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.