Home > Reverse Engineering, Windows > File Hiding

File Hiding

February 9th, 2009
Goto comments Leave a comment

I’ve just implemented the first beta of the file hiding feature for my rootkit. As usual, I’ve attached a screenshot:

Usermode Rootkit File Stealth

As you can see, any files with the prefix “__PJB_F” are hidden from view. I’ve implemented it by hooking NtQueryDirectoryFile. Tested and working on both Vista and XP with only minor bugs (which should be smoothed out soon). Once I’ve smoothed out most of the bugs in the project I’m hoping to release portions of the source so if you’re waiting on that then stay tuned, I’ll have more information in the near future.

P.S. WoW related post incoming in the next few days probably.

Cypher Reverse Engineering, Windows , ,

  1. Bert
    February 9th, 2009 at 01:09 | #1
    Reply | Quote

    yay wow, hope its the morph

  2. ramey
    February 9th, 2009 at 02:04 | #2
    Reply | Quote

    gj

  3. Cypher
    February 9th, 2009 at 02:09 | #3
    Reply | Quote
  4. Cypher
    February 9th, 2009 at 02:10 | #4
    Reply | Quote

    @ramey
    Thanks.

    Registry next!

  5. Bert
    February 9th, 2009 at 04:36 | #5
    Reply | Quote
  6. Cypher
    February 9th, 2009 at 05:17 | #6
    Reply | Quote

    Well. Why don’t you tell me what you don’t understand so maybe I can help?

  7. Bert
    February 9th, 2009 at 07:10 | #7
    Reply | Quote

    “If you don’t, please consult the WoW Memory Editing forums on MMOwned, there is more than enough information there on the topic.”
    mmowned is down and i dont have any experience at stuff like this :/

  8. Cypher
    February 9th, 2009 at 07:30 | #8
    Reply | Quote

    @Bert
    MMOwned will be back up soon, be patient. Also, doesn’t matter if you don’t have any experience, nothing stopping you from starting and learning.

  9. ramey
    February 10th, 2009 at 02:51 | #9
    Reply | Quote

    @Bert
    There you go MMOwned back up

  1. No trackbacks yet.