Jump to content
Tuts 4 You

Hide Files

ntaryl

By ntaryl
in Programming and Coding

Recommended Posts

ntaryl

ntaryl

Posted
Posted

Good afternoon

I search around to find informations about api (native api).

I want to know how to hook few api and hide a file from eyes(not attributes )

thanks for the timwe

evlncrn8

evlncrn8

Posted
Posted (edited)

planning on coding a rootkit then?...

*edit* heh i see hvc also had the same idea

Edited by evlncrn8
ntaryl

ntaryl

Posted
  • Author
Posted

Thanks guys

There is something in Visual basic 6.0 ?

I dont know asm but i can use some snippets

thanks

evlncrn8

evlncrn8

Posted
Posted (edited)

heh rootkit in visual basic... now i've heard it all... thankfully it is NOT possible, proper rootkitting requires drivers.. thats ring 0 coding.. so asm or c is your only choice.. and to be frank, noone here will probably help you write a rootkit... its too dangerous... and stupid

"i dont know asm but i can use snippets"... that sent a shiver up my spine, how can you use something you dont understand...? how can you modify / maintain it...

Edited by evlncrn8
Ufo-Pu55y

Ufo-Pu55y

Posted
Posted

lol he still didn't mention that he's going for a rootkit

evlncrn8

evlncrn8

Posted
Posted

well, i think the reasons to write a program to 'hide files' usually points to rootkits.. and he hasnt said other wise, so guilty until innocence is proven ;p

Loki

Loki

Posted
Posted

Of course, he may also be trying to hide his debugger from basic API anti debug ;)

A good witch hunt never hurt anyone though :P

syk071c

syk071c

Posted
Posted (edited)

a good rootkit usually involves Midouri & condoms (or baileys) .. :P

Edited by syk071c
ntaryl

ntaryl

Posted
  • Author
Posted

Good afternoon

I not want to make rootkit

Just ask

Want to hide a executable or some dll from another eyes

i know ring0 is impossible !!

My question is if take some api and hook it .

thanks

evlncrn8

evlncrn8

Posted
Posted

detecting the presence of a file can be done many ways...

GetFileAttributes, CreateFile, FindFirstFile, and so on... perhaps if you actually explain what you're wanting to do we might be able to help... (now that we know you aren't making a rootkit), how are you going to do api hooks in vb though?

Killboy

Killboy

Posted
Posted

If im not mistaken VB supports windows api calls ?

Dont get me wrong, I'm not defending VB, that is like the crappiest programming language ever, but it shouldn't be much harder than with C, given the knowledge how to call windows api functions from within VB, other than that basic stuff you can read up on msdn/win32.hlp....

And of course, how to install a hook, what it has to look like etc.

HVC

HVC

Posted
Posted (edited)
Want to hide a executable or some dll from another eyes

i know ring0 is impossible !!

My question is if take some api and hook it .

Well, just forget about it. It's not possible to do what you want without ring-0.

Maybe you can hook explorer's IAT and manage to hide your file (by redirecting quite a few APIs), but it's a messy approach.

What if the "other guy" uses Total Commander as a shell (or something similar) ?

Then he will see your keylogger / love collection / whatever... :o

There is however available software, which can do what you want on your computer.

e.g. http://www.softpedia.com/get/Security/Lock...-My-Files.shtml

Or maybe you want to Google for "steganography", if you do not want to hide executables...

Or, perhaps, you want to redefine what "API hooking" is all about... ;)

Cheers

Edited by HVC
ntaryl

ntaryl

Posted
  • Author
Posted

Thanks guys for the replys

ask if it is ppossible and find more info

thanks

starzboy

starzboy

Posted
Posted

lolz weird topic , glad VB's support is crap else we would be having some "malicious" exe here and there :)

diablo2oo2

diablo2oo2

Posted
Posted

on windows xp you cant see protected systemfiles (like the pagefile and "System Volume Information"-folders) by default. Use GetFileAttributes and SetFileAttributes and add this attribute FILE_ATTRIBUTE_SYSTEM + FILE_ATTRIBUTE_HIDDEN

mudlord

mudlord

Posted
Posted
If im not mistaken VB supports windows api calls

Yep, it does, but you need to declare the functions like in a similar process to GetProcAddress() if I'm not mistaken...

  • 4 weeks later...
4e4en

4e4en

Posted
Posted (edited)

Can somebody help me to translate InvisibilityNt.ASM to Delphi/Pascal code?

Edited by 4e4en
HVC

HVC

Posted
Posted

Correct me if i'm wrong, but Delphi cannot compile drivers.

GamingMasteR

GamingMasteR

Posted
Posted

Yeah Delphi can compile native executables if proper headers/libs is present ... and the mentioned link do the stuff but kinda limited(only ntoskrnl available i think) !

Thanks StreamLine .

4e4en

4e4en

Posted
Posted (edited)

How can i know, from which process my hooked function is being called in 0-Ring?

I am useing DDDK.

Edited by 4e4en

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...