ntaryl Posted February 25, 2008 Posted February 25, 2008 Good afternoon I search around to find informations about api (native api).I want to know how to hook few api and hide a file from eyes(not attributes )thanks for the timwe
HVC Posted February 25, 2008 Posted February 25, 2008 (edited) You mean something like this? (courtesy of y0da) http://win32assembly.online.fr/files/Invisibility.zip Why do you want to hide files? Are you coding the "next gen" of VX? Edited February 25, 2008 by HVC
evlncrn8 Posted February 25, 2008 Posted February 25, 2008 (edited) planning on coding a rootkit then?...*edit* heh i see hvc also had the same idea Edited February 25, 2008 by evlncrn8
ntaryl Posted February 26, 2008 Author Posted February 26, 2008 Thanks guys There is something in Visual basic 6.0 ?I dont know asm but i can use some snippets thanks
evlncrn8 Posted February 27, 2008 Posted February 27, 2008 (edited) heh rootkit in visual basic... now i've heard it all... thankfully it is NOT possible, proper rootkitting requires drivers.. thats ring 0 coding.. so asm or c is your only choice.. and to be frank, noone here will probably help you write a rootkit... its too dangerous... and stupid"i dont know asm but i can use snippets"... that sent a shiver up my spine, how can you use something you dont understand...? how can you modify / maintain it... Edited February 27, 2008 by evlncrn8
Ufo-Pu55y Posted February 27, 2008 Posted February 27, 2008 lol he still didn't mention that he's going for a rootkit
evlncrn8 Posted February 27, 2008 Posted February 27, 2008 well, i think the reasons to write a program to 'hide files' usually points to rootkits.. and he hasnt said other wise, so guilty until innocence is proven ;p
Loki Posted February 27, 2008 Posted February 27, 2008 Of course, he may also be trying to hide his debugger from basic API anti debug A good witch hunt never hurt anyone though
syk071c Posted February 27, 2008 Posted February 27, 2008 (edited) a good rootkit usually involves Midouri & condoms (or baileys) .. Edited February 27, 2008 by syk071c
ntaryl Posted February 27, 2008 Author Posted February 27, 2008 Good afternoon I not want to make rootkit Just ask Want to hide a executable or some dll from another eyes i know ring0 is impossible !!My question is if take some api and hook it .thanks
evlncrn8 Posted February 27, 2008 Posted February 27, 2008 detecting the presence of a file can be done many ways...GetFileAttributes, CreateFile, FindFirstFile, and so on... perhaps if you actually explain what you're wanting to do we might be able to help... (now that we know you aren't making a rootkit), how are you going to do api hooks in vb though?
Killboy Posted February 27, 2008 Posted February 27, 2008 If im not mistaken VB supports windows api calls ?Dont get me wrong, I'm not defending VB, that is like the crappiest programming language ever, but it shouldn't be much harder than with C, given the knowledge how to call windows api functions from within VB, other than that basic stuff you can read up on msdn/win32.hlp....And of course, how to install a hook, what it has to look like etc.
HVC Posted February 27, 2008 Posted February 27, 2008 (edited) Want to hide a executable or some dll from another eyes i know ring0 is impossible !! My question is if take some api and hook it . Well, just forget about it. It's not possible to do what you want without ring-0. Maybe you can hook explorer's IAT and manage to hide your file (by redirecting quite a few APIs), but it's a messy approach. What if the "other guy" uses Total Commander as a shell (or something similar) ? Then he will see your keylogger / love collection / whatever... There is however available software, which can do what you want on your computer. e.g. http://www.softpedia.com/get/Security/Lock...-My-Files.shtml Or maybe you want to Google for "steganography", if you do not want to hide executables... Or, perhaps, you want to redefine what "API hooking" is all about... Cheers Edited February 27, 2008 by HVC
ntaryl Posted February 27, 2008 Author Posted February 27, 2008 Thanks guys for the replys ask if it is ppossible and find more info thanks
starzboy Posted February 27, 2008 Posted February 27, 2008 lolz weird topic , glad VB's support is crap else we would be having some "malicious" exe here and there
diablo2oo2 Posted February 27, 2008 Posted February 27, 2008 on windows xp you cant see protected systemfiles (like the pagefile and "System Volume Information"-folders) by default. Use GetFileAttributes and SetFileAttributes and add this attribute FILE_ATTRIBUTE_SYSTEM + FILE_ATTRIBUTE_HIDDEN
mudlord Posted February 27, 2008 Posted February 27, 2008 If im not mistaken VB supports windows api callsYep, it does, but you need to declare the functions like in a similar process to GetProcAddress() if I'm not mistaken...
4e4en Posted March 21, 2008 Posted March 21, 2008 (edited) Can somebody help me to translate InvisibilityNt.ASM to Delphi/Pascal code? Edited March 21, 2008 by 4e4en
HVC Posted March 21, 2008 Posted March 21, 2008 Correct me if i'm wrong, but Delphi cannot compile drivers.
StreamLine Posted March 21, 2008 Posted March 21, 2008 delphi can compile drivers http://w-shadow.com/blog/2006/10/12/writin...vers-in-delphi/
GamingMasteR Posted March 21, 2008 Posted March 21, 2008 Yeah Delphi can compile native executables if proper headers/libs is present ... and the mentioned link do the stuff but kinda limited(only ntoskrnl available i think) !Thanks StreamLine .
GamingMasteR Posted March 21, 2008 Posted March 21, 2008 This is the source code of a sample i made b4 wich blocks specific HD Drive ...it's coded in C++ and u need the DDK to compile the kernel-mode driverDrive_Controller_Source.rar
4e4en Posted March 24, 2008 Posted March 24, 2008 (edited) How can i know, from which process my hooked function is being called in 0-Ring?I am useing DDDK. Edited March 24, 2008 by 4e4en
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now