Hide Files

[ntaryl]

Good afternoon

I search around to find informations about api (native api).

I want to know how to hook few api and hide a file from eyes(not attributes )

thanks for the timwe

[HVC]

You mean something like this? (courtesy of y0da)

http://win32assembly.online.fr/files/Invisibility.zip

Why do you want to hide files?

Are you coding the "next gen" of VX?

Edited February 25, 2008 by HVC

[evlncrn8]

planning on coding a rootkit then?...

*edit* heh i see hvc also had the same idea

Edited February 25, 2008 by evlncrn8

[ntaryl]

Thanks guys

There is something in Visual basic 6.0 ?

I dont know asm but i can use some snippets

thanks

[evlncrn8]

heh rootkit in visual basic... now i've heard it all... thankfully it is NOT possible, proper rootkitting requires drivers.. thats ring 0 coding.. so asm or c is your only choice.. and to be frank, noone here will probably help you write a rootkit... its too dangerous... and stupid

"i dont know asm but i can use snippets"... that sent a shiver up my spine, how can you use something you dont understand...? how can you modify / maintain it...

Edited February 27, 2008 by evlncrn8

[Ufo-Pu55y]

lol he still didn't mention that he's going for a rootkit

[evlncrn8]

well, i think the reasons to write a program to 'hide files' usually points to rootkits.. and he hasnt said other wise, so guilty until innocence is proven ;p

[Loki]

Of course, he may also be trying to hide his debugger from basic API anti debug

A good witch hunt never hurt anyone though

[syk071c]

a good rootkit usually involves Midouri & condoms (or baileys) ..

Edited February 27, 2008 by syk071c

[ntaryl]

Good afternoon

I not want to make rootkit

Just ask

Want to hide a executable or some dll from another eyes

i know ring0 is impossible !!

My question is if take some api and hook it .

thanks

[evlncrn8]

detecting the presence of a file can be done many ways...

GetFileAttributes, CreateFile, FindFirstFile, and so on... perhaps if you actually explain what you're wanting to do we might be able to help... (now that we know you aren't making a rootkit), how are you going to do api hooks in vb though?

[Killboy]

If im not mistaken VB supports windows api calls ?

Dont get me wrong, I'm not defending VB, that is like the crappiest programming language ever, but it shouldn't be much harder than with C, given the knowledge how to call windows api functions from within VB, other than that basic stuff you can read up on msdn/win32.hlp....

And of course, how to install a hook, what it has to look like etc.

[HVC]

Want to hide a executable or some dll from another eyes

i know ring0 is impossible !!

My question is if take some api and hook it .

Well, just forget about it. It's not possible to do what you want without ring-0.

Maybe you can hook explorer's IAT and manage to hide your file (by redirecting quite a few APIs), but it's a messy approach.

What if the "other guy" uses Total Commander as a shell (or something similar) ?

Then he will see your keylogger / love collection / whatever...

There is however available software, which can do what you want on your computer.

e.g. http://www.softpedia.com/get/Security/Lock...-My-Files.shtml

Or maybe you want to Google for "steganography", if you do not want to hide executables...

Or, perhaps, you want to redefine what "API hooking" is all about...

Cheers

Edited February 27, 2008 by HVC

[ntaryl]

Thanks guys for the replys

ask if it is ppossible and find more info

thanks

[starzboy]

lolz weird topic , glad VB's support is crap else we would be having some "malicious" exe here and there

[diablo2oo2]

on windows xp you cant see protected systemfiles (like the pagefile and "System Volume Information"-folders) by default. Use GetFileAttributes and SetFileAttributes and add this attribute FILE_ATTRIBUTE_SYSTEM + FILE_ATTRIBUTE_HIDDEN

[mudlord]

If im not mistaken VB supports windows api calls

Yep, it does, but you need to declare the functions like in a similar process to GetProcAddress() if I'm not mistaken...

[4e4en]

Can somebody help me to translate InvisibilityNt.ASM to Delphi/Pascal code?

Edited March 21, 2008 by 4e4en

[HVC]

Correct me if i'm wrong, but Delphi cannot compile drivers.

[StreamLine]

delphi can compile drivers

http://w-shadow.com/blog/2006/10/12/writin...vers-in-delphi/

[GamingMasteR]

Yeah Delphi can compile native executables if proper headers/libs is present ... and the mentioned link do the stuff but kinda limited(only ntoskrnl available i think) !

Thanks StreamLine .

[GamingMasteR]

This is the source code of a sample i made b4 wich blocks specific HD Drive ...

it's coded in C++ and u need the DDK to compile the kernel-mode driver

Drive_Controller_Source.rar

[4e4en]

How can i know, from which process my hooked function is being called in 0-Ring?

I am useing DDDK.

Edited March 24, 2008 by 4e4en