How to hide files/folders in Windows NTFS file system?

31 07 2008


I still feel nostalgic about the golden era of Windows 95 & 98. During those days, we can lock our important data by using the “Alt+255” trick which make it difficult for other to open and access data. Well, the “Alt+255” trick won’t work in latest windows versions. 😦

Is there any other cool trick to hide data like the previous version of windows?


yes! You can utilize the Alternate Data Streams“( ADS ) of NTFS file system. ADS is the feature by which a single file can have multiple data streams under it. Only a stream aware application can iterate it. For other application, its just a file with single stream under it. Well, lets do some exercises. We’re going to hide the file Secret.avi under file Innocent.txt. Take dos console and execute the commands. I’m assuming that both files are present in your current directory.

Syntax: type <FileToHide> <DestinationFile>:<StreamName>
E.g. C:\>type Secret.avi > Innocent.txt:SecretStream.avi

Now the Secret.avi file is copied as another data stream under Innocent.txt file. Try opening the Innocent.txt. Its just the text file. huh? Well, now execute the following command to get the file back.

Syntax: more < <DestinationFile>:<StreamName> > <RestoreFileName>
C:\> more < Innocent.txt:SecretStream.avi > RestoredSecret.avi

You got the file back!


ADS is one for the favorite feature of virus writers. Trojans and viruses utilize ADS to get hidden from user eyes. Many of us might notice that, even if we delete away some files, after next restart they reappear. Yes! the real virus might be under some innocent file. 😉

Have a look at Wiki too – http://www.wikistc.org/wiki/Alternate_data_streams


Targeted Audience – Advanced.

Advertisements




How to create NTFS File links Programmatically.

21 04 2008


Unix guys don’t need an introduction about file links, because its one of the beginner Unix skills – how to create a file link. But usually in windows arena, file links may be the least discussed one among beginners. In simple words, file links are – one Physical file in disk but with different file names. All the file names points to the same file. There are a number of usages for file links.

  • Hide the master file from a bunch of naughty users.
  • You can assign different access rights for different users by creating file links for the same file.( each link have different permissions.)
  • To keep the filename constant and you can change the mapping to another file.
  • Etc etc… it goes on.


So how can i create a link for a file? You can use the api – CreateHardLink(). See the sample code snippet below.

CreateHardLink( _T(“c:\\masterfile.dat”),    // Source File
                _T(“c:\\LinkToMaster.dat”),  // Link name
                NULL );    // Security attributes


You can use DeleteFile() to delete the created link.


Targeted Audience – Beginners.