Jump to content
Tuts 4 You

Hide Files


ntaryl

Recommended Posts

Posted

Good afternoon

I search around to find informations about api (native api).

I want to know how to hook few api and hide a file from eyes(not attributes )

thanks for the timwe

Posted (edited)

planning on coding a rootkit then?...

*edit* heh i see hvc also had the same idea

Edited by evlncrn8
Posted

Thanks guys

There is something in Visual basic 6.0 ?

I dont know asm but i can use some snippets

thanks

Posted (edited)

heh rootkit in visual basic... now i've heard it all... thankfully it is NOT possible, proper rootkitting requires drivers.. thats ring 0 coding.. so asm or c is your only choice.. and to be frank, noone here will probably help you write a rootkit... its too dangerous... and stupid

"i dont know asm but i can use snippets"... that sent a shiver up my spine, how can you use something you dont understand...? how can you modify / maintain it...

Edited by evlncrn8
Posted

lol he still didn't mention that he's going for a rootkit

Posted

well, i think the reasons to write a program to 'hide files' usually points to rootkits.. and he hasnt said other wise, so guilty until innocence is proven ;p

Posted

Of course, he may also be trying to hide his debugger from basic API anti debug ;)

A good witch hunt never hurt anyone though :P

Posted (edited)

a good rootkit usually involves Midouri & condoms (or baileys) .. :P

Edited by syk071c
Posted

Good afternoon

I not want to make rootkit

Just ask

Want to hide a executable or some dll from another eyes

i know ring0 is impossible !!

My question is if take some api and hook it .

thanks

Posted

detecting the presence of a file can be done many ways...

GetFileAttributes, CreateFile, FindFirstFile, and so on... perhaps if you actually explain what you're wanting to do we might be able to help... (now that we know you aren't making a rootkit), how are you going to do api hooks in vb though?

Posted

If im not mistaken VB supports windows api calls ?

Dont get me wrong, I'm not defending VB, that is like the crappiest programming language ever, but it shouldn't be much harder than with C, given the knowledge how to call windows api functions from within VB, other than that basic stuff you can read up on msdn/win32.hlp....

And of course, how to install a hook, what it has to look like etc.

Posted (edited)
Want to hide a executable or some dll from another eyes

i know ring0 is impossible !!

My question is if take some api and hook it .

Well, just forget about it. It's not possible to do what you want without ring-0.

Maybe you can hook explorer's IAT and manage to hide your file (by redirecting quite a few APIs), but it's a messy approach.

What if the "other guy" uses Total Commander as a shell (or something similar) ?

Then he will see your keylogger / love collection / whatever... :o

There is however available software, which can do what you want on your computer.

e.g. http://www.softpedia.com/get/Security/Lock...-My-Files.shtml

Or maybe you want to Google for "steganography", if you do not want to hide executables...

Or, perhaps, you want to redefine what "API hooking" is all about... ;)

Cheers

Edited by HVC
Posted

Thanks guys for the replys

ask if it is ppossible and find more info

thanks

Posted

lolz weird topic , glad VB's support is crap else we would be having some "malicious" exe here and there :)

Posted

on windows xp you cant see protected systemfiles (like the pagefile and "System Volume Information"-folders) by default. Use GetFileAttributes and SetFileAttributes and add this attribute FILE_ATTRIBUTE_SYSTEM + FILE_ATTRIBUTE_HIDDEN

Posted
If im not mistaken VB supports windows api calls

Yep, it does, but you need to declare the functions like in a similar process to GetProcAddress() if I'm not mistaken...

  • 4 weeks later...
Posted (edited)

Can somebody help me to translate InvisibilityNt.ASM to Delphi/Pascal code?

Edited by 4e4en
Posted

Correct me if i'm wrong, but Delphi cannot compile drivers.

GamingMasteR
Posted

Yeah Delphi can compile native executables if proper headers/libs is present ... and the mentioned link do the stuff but kinda limited(only ntoskrnl available i think) !

Thanks StreamLine .

Posted (edited)

How can i know, from which process my hooked function is being called in 0-Ring?

I am useing DDDK.

Edited by 4e4en

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...