Hide exectables using ADS (alternate data streams)

Question

Hide exectables using ADS (alternate data streams)

I heard that alternative NTFS data streams can be used to hide the execution of executable files.
e.g. supporse I have an exe called hiddenProgram.exe on windows xp using calls cmd.exeor system(char*)in c,

type hiddenProgram.exe > c:\windows\system32\svchost.exe:hiddenProgram.exe

start c:\windows\system32\svchost.exe:hiddenProgram.exe

starts svchost and at the same time hiddenProgram.exe
but hiddenProgam.exe does not appear in the Windows task manager! Unfortunately, svchost appears as svchost: hiddenProgram

Qn how can I guarantee that hiddenProgram.exe is completely hidden in the task manager.

+3

c ++ c filesystems ntfs

Dr deo Mar 30 '10 at 18:28

source share

2 answers

. .

, 64- , Microsoft, Win64 .

+2

MSalters 31 . '10 11:07

Brian R. Bondy · Accepted Answer · 2010-03-30T18:32:48+0000

NTFS , . , , , (ADS).

svchost hiddenProgram.exe

, , : svchost:hiddenProgram

, hiddenProgram.exe

. . . @joveha.

Hide exectables using ADS (alternate data streams)

More articles: