December 13th, 2009, 04:26 PM
Hide files - Api hooking vs driver
I need to programatically hide a few files at the user request (a fingerprint scan would be made, but that is out of the scope of the question).
I am more inclined for the API hooking since I believe it is safer (BSOD not possible) and easier to make it compatible with windows xp+. On the other hand, with a driver the files would be more secure. Since they would literally be hidden system wide.
December 13th, 2009, 10:16 PM
Setting the hidden file attribute isn't good enough? What sort of API hooking are you referring to? DLL injection or one of the file system and/or shell hook API's?
What kind of information is in these files?
How much data?
How valuable is it?
You can often hide stuff in plain site in the registry by simply encrypting a blob and using a GUID for a name. You can also use file streams on NTFS. Stick some random binary data in the default stream of a file and put your encrypted stuff in one or more of the other streams.
Note that if this data is of high enough value, there are many ways to get at it even if you write a driver. It's all about costs and benefits in the end.
I no longer wish to be associated with this site.