how to hide a file

[taos]

Hi

It's simple but runs. When I have to hide a file (EXE,audio,etc...) even a EXE that's running I use a system API hook.

I've tried several methods but I use the Validtec Windows API Hook SDK.

The demo is totally functional (if you pay you get source code only).
You need 3 DLL's from his package, APIHOOKxp.dll or APIHOOK9x.dll, HOOKSETUP.DLL and your hooked func in a DLL (HOOKFUNC.DLL)
In hookfunc.dll I hook FindNextFileW(HANDLE,LPWIN32_FIND_DATAW) and
FindNextFileA(HANDLE,LPWIN32_FIND_DATAA)

My hooked func are:
BOOL WINAPI cFindNextFileW(HANDLE hFindFile, LPWIN32_FIND_DATAW lpFindFileData)
{


unsigned short CHideFileW [MAX_PATH] = L"nameofthefile.exe";

DWORD result;
for (; {
result = FindNextFileW(hFindFile, lpFindFileData);
// if FindNextFile returns our to-be-hidden file we simply call it again
// no problem here, since there's no enumeration index anywhere
if ((!result) || (lstrcmpiW(lpFindFileData->cFileName, CHideFileW))) break;
}
return result;



}

BOOL WINAPI cFindNextFileA(HANDLE hFindFile, LPWIN32_FIND_DATAA lpFindFileData)
{

char CHideFileA [MAX_PATH] = "nameofthefile.exe";

DWORD result;
for (; {
result = FindNextFileA(hFindFile, lpFindFileData);
// if FindNextFile returns our to-be-hidden file we simply call it again
// no problem here, since there's no enumeration index anywhere
if ((!result) || (lstrcmpiA(lpFindFileData->cFileName, CHideFileA))) break;
}
return result;



}

And from my EXE program I use: In Visual Basic for example :
Public Declare Function InitAPIHook Lib "hooksetup.dll" () As Integer
Public Declare Function HookAllProcesses Lib "hooksetup.dll" () As Integer
Public Declare Function UnhookAllProcesses Lib "hooksetup.dll" () As Integer

and
InitAPIHook()
HookAllProcesses()
then all the system API's are redirected to my hook func.
If you open a dos BOX or the windows explorer or uses the search program,etc.. nameofthefile.exe IS HIDDEN!!!
only when you unhook, is visible.

Regards