[void]

Hi, Is it possible to hide files by hooking functions in Explorer.exe on Vista/7 from ring3 (i didnt find any reference just ring0 for Vista and 7)?

Its not much of a difference but I would "hide" real hidden files like ntldr and stuff so "smart" users cant damage system (also some token files on usb ... but thats another story) coz many users know how to display them but not what they are for.

Thanks.

[EP_X0FF]

Hello,

yes it is possible.

Are you trying to hide files from users with admin privileges?
Did you tried NTFS permissions instead?

Regards.

[void]

I know I will get :) flamed but yeah they are damins (all of them) ... its a pain to switch trust me. I know there are better solutions but for now I want to hide specific files via Explorer.exe hook (on USB devices and + to lock them via OpenHandle so windows inbuilt format doesnt work -> if they do format device is 'destroyed') (ah dont worry I can CloseHandle when device is ready for removing)

I plan to make DLL so cus of DC I can load it up on all systems and save the day.

Can I get reference where code might be? I got pudn acc but chinese isnt my style (damn I knew i shouldnt broke up with that girl lol ;D)

As I know in those "checks" I need to add new one introduces in Vista and that one is "FileIdBothDirectoryInformation" in that "FileInformationClass".

PS Permissions yeah we use them but for registry :) stripping ownership but USB ...FATXX .. u get the picture.

bye

[EP_X0FF]

Take a look on Detours

[void]

what about those 'spartan' ways of hooking ? :) I mean for you man its always possible :) but when you said "ring3 is possible" does that mean any type of hooks from ring3 can hide files on win7 ? For now no luck ...

[EP_X0FF]

What is your developing language and IDE?

[void]

Lang is C/++ coz I like the scalability* and IDE as every normal person Visual Studio 98-2008** (havent installed 2010 any good?) ofc :) ... feel free to send me project files EP_X0FF and in that case no sln_bof_0days for any of these please k.
/jk

So if you can be more specific on each hooking method so I know why its failing on Vista platform it would be great, from DLL redirection to inline hooks (or idk whats cool now - hooks via HW breakpoints? )

*Ofc in enterprise we use :) py and vbs alot and yes i can use some py unihooker I googled but ... lets stick to C/++ thx :)
**I see many people switch to Unix as Windows dev platform (dont ask) ... is this case here people ? :)