How to hide files/folders in Windows NTFS file system?

31 07 2008


I still feel nostalgic about the golden era of Windows 95 & 98. During those days, we can lock our important data by using the “Alt+255” trick which make it difficult for other to open and access data. Well, the “Alt+255” trick won’t work in latest windows versions. 😦

Is there any other cool trick to hide data like the previous version of windows?


yes! You can utilize the Alternate Data Streams“( ADS ) of NTFS file system. ADS is the feature by which a single file can have multiple data streams under it. Only a stream aware application can iterate it. For other application, its just a file with single stream under it. Well, lets do some exercises. We’re going to hide the file Secret.avi under file Innocent.txt. Take dos console and execute the commands. I’m assuming that both files are present in your current directory.

Syntax: type <FileToHide> <DestinationFile>:<StreamName>
E.g. C:\>type Secret.avi > Innocent.txt:SecretStream.avi

Now the Secret.avi file is copied as another data stream under Innocent.txt file. Try opening the Innocent.txt. Its just the text file. huh? Well, now execute the following command to get the file back.

Syntax: more < <DestinationFile>:<StreamName> > <RestoreFileName>
C:\> more < Innocent.txt:SecretStream.avi > RestoredSecret.avi

You got the file back!


ADS is one for the favorite feature of virus writers. Trojans and viruses utilize ADS to get hidden from user eyes. Many of us might notice that, even if we delete away some files, after next restart they reappear. Yes! the real virus might be under some innocent file. 😉

Have a look at Wiki too – http://www.wikistc.org/wiki/Alternate_data_streams


Targeted Audience – Advanced.

Advertisements




How to add user to system programmatically?

29 07 2008


I still remember, during my first computer course( DOS, Windows 3.1 and BASIC) the machine login names provided were like this – s1,s2… etc. I think they’ve used some kind of scripts to generate login for whole 50 students. if they create all users manually, it might take a lot of time.

Well, now I’m grown up and just thought about those old days – How they might added the users by script? Can i do the same in my modern windows box programmatically?


You can use the api – NetUserAdd(). See the code snippet.

#include "Lm.h"
...
// New User information.
USER_INFO_1 UserInfo;
UserInfo.usri1_name = L"WeSeeTips";       // User Name
UserInfo.usri1_password = L"ThatsSecret"; // Password.

UserInfo.usri1_priv = USER_PRIV_USER; // Normal User.
UserInfo.usri1_flags = UF_SCRIPT;

UserInfo.usri1_home_dir = 0;    // Home Directory.
UserInfo.usri1_comment = 0;     // User comment.
UserInfo.usri1_script_path = 0; // Path of script.

// Add the new user.
DWORD Error = 0;
NetUserAdd( 0,  // Local machine.
            1,  // User info level.
            (BYTE*)&UserInfo, // User info.
            &Error ); // Error code.


Well, don’t forget to add Netapi32.lib to project settings.


Targeted Audience – Intermediate.





How to handle system power change notifications?

27 07 2008


Today i was watching one movie a in HP QuickPlay application. In the mean while, the playback suddenly stopped and it showed a messagebox that the battery is running out.

At that moment i noticed that i didn’t connected the power cord. But how did the application identified the battery is critical?


When the power status changes the system broadcast the message – WM_POWERBROADCAST. Just handle the message and you’ll get notified about power related events. Have a look at the code snippet.

For handling the message, modify the message map as follows.

BEGIN_MESSAGE_MAP(CDialogDlg, CDialog)
...
ON_MESSAGE( WM_POWERBROADCAST, OnPowerBroadcast )
END_MESSAGE_MAP()

Now add function – LRESULT OnPowerBroadcast( WPARAM wParam, LPARAM lParam ) to your dialog class with body as follows.

// Handle Power Event Notifications.
LRESULT CDialogDlg::OnPowerBroadcast( WPARAM wParam,
                                      LPARAM lParam )
{
    // Check whether the battery is low.
    if( PBT_APMBATTERYLOW == wParam )
    {
        // Yes. So shut down the operations.
    }
    return TRUE;
}

There are a lot more notification other than PBT_APMBATTERYLOW that you can check. They are –

  • PBT_APMBATTERYLOW – Battery power is low.
  • PBT_APMOEMEVENT – OEM-defined event occurred.
  • PBT_APMPOWERSTATUSCHANGE – Power status has changed.
  • PBT_APMQUERYSUSPEND – Request for permission to suspend.
  • PBT_APMQUERYSUSPENDFAILED – Suspension request denied.
  • PBT_APMRESUMEAUTOMATIC – Operation resuming automatically after event.
  • PBT_APMRESUMECRITICAL – Operation resuming after critical suspension.
  • PBT_APMRESUMESUSPEND – Operation resuming after suspension.
  • PBT_APMSUSPEND – System is suspending operation.


Well, don’t ask me – “Which movie you was keenly watching?” 😉


Targeted Audience – Beginners.





Accessing empty vector will always throw exception?

23 07 2008


Vectors are cool! if we access out of array, they will throw unhandled exception. I used to get a lot. 🙂

But are you sure that you’re vector always throw exception if you access out of array?


Answer is NO. Well have a look at the code snippet. At first we access an empty vector which throws an exception. Then we insert some values and then clear the vector to make it empty. Then if we access the empty vector, it won’t throw exception! Have a look at it.

// This class is just to access the protected members
// of vector.
class IntVector : vector<int>
{
    friend void CheckVector();
};

void CheckVector()
{
    IntVector IntArray;

    try
    {
        // Try to access element which result in exception.
        int Value = IntArray[ 0 ];
    }
    catch( ... )
    {
        // It will reach here since we're trying
        // to access an empty vector.
    }

    // Now add one value and clear the vector.
    IntArray.push_back( 10 );
    IntArray.clear();

    try
    {
        // Now try to access element. You can access it
        // eventhough the vector is empty.
        int Value = IntArray[ 0 ];
    }
    catch( ... )
    {
        // It will not reach here.
    }

    // Check the size of memory allocation inside vector.
    int InternalSize = _msize( IntArray._First );
    int VectorSize = IntArray.size();

Well, the reason is optimization. While clearing the vector, for optimization it won’t removes the allocated memory. It just sets the size as 0. So if you access the data by using array operator, you’ll get old value.


The morel is always check the size of array before accessing it. Well the behavior is observed in Visual Studio 6.0. Different IDEs and platforms may show different behavior. Take care!


Targeted Audience – Intermediate.





How to get Kernel time usage and User time usage of process?

21 07 2008


Every process spend its time in kernel space as well as in user space. You can watch it by using perfmon.exe. Have a look at the screenshot.

But how to get the Kernel time and user time of a particular process?


You can use the api – GetProcessTimes(). See the code snippet below,

FILETIME CreationTime = { 0 };
FILETIME ExitTime     = { 0 };
FILETIME KernelTime   = { 0 };
FILETIME UserTime     = { 0 };

// Get Process times.
GetProcessTimes( GetCurrentProcess(),
                 &CreationTime,
                 &ExitTime,
                 &KernelTime,
                 &UserTime );

// Format time to readable form.
SYSTEMTIME SystemTime = { 0 };
FileTimeToSystemTime( &KernelTime, & SystemTime );

// Kernel Time in HH:MM:SS:mmm.
CString csKernelTime;
csKernelTime.Format( _T("Kernel Time - %02d:%02d:%02d:%04d"),
                     SystemTime.wHour,
                     SystemTime.wMinute,
                     SystemTime.wSecond,
                     SystemTime.wMilliseconds );

// Format user time to readable form.
FileTimeToSystemTime( &UserTime, & SystemTime );

// Kernel Time in HH:MM:SS:mmm.
CString csUserTime;
csUserTime.Format( _T("User Time - %02d:%02d:%02d:%04d"),
                   SystemTime.wHour,
                   SystemTime.wMinute,
                   SystemTime.wSecond,
                   SystemTime.wMilliseconds );


You can also get the process creation time and process exit time by using the same api.


Targeted Audience – Beginners.





How to generate GUID Programmatically?

20 07 2008


Guids are like humans… because are unique. 🙂 In several instance we have to generate unique strings or ids and Guids are perfect match for those situations. Well, how can you generate guid programmatically?


You can use the function – CoCreateGuid(). See the code snippet below.

// Initialize COM.
::CoInitialize( 0 );

// Generate GUID.
GUID Guid = { 0 };
::CoCreateGuid( &Guid );


Well, don’t forget to uninitialize COM by calling CoUninitialize().


Targeted Audience – Beginners.





How to swap the mouse buttons Programmatically?

18 07 2008


In our world, 87 percentage of population is right handed. Left handedness is so uncommon that the left handed population is about 13% only. But Microsoft have already taken care about the whole world, where you can choose the mouse to be left handed or right handed. See the mouse control panel screenshot.

But how can you do it programmatically?


Well, you can use the api – SwapMouseButton(). If you pass TRUE, then the mouse buttons will get swapped for a left handed person. If you pass FALSE, then the mouse buttons will be reset back for right hand use. See the code snippet.

// Swap mouse buttons for left hand use
SwapMouseButton( TRUE );

// Reset mouse buttons for right hand use
SwapMouseButton( FALSE );


Do you know that left handed guys can think in multi threaded where right hand guys can think only sequentially. have a look at Wiki. Its interesting. 😉


Targeted Audience – Beginners