Jump to content

HideIt

spudw2k

By spudw2k,
in AutoIt General Help and Support

 Share

Recommended Posts

spudw2k Universalist

spudw2k

Posted
Posted (edited)

Code is Below on Post #7

Ok, this is pretty cool if I say so myself. I had no need for such a tool, but now that I got one it may prove useful. This tool takes advantage of Alternate Data Streams in Windows XP. I'm pretty sure it'll work with 2000 to 2003, but I don't have Vista to test on; but anyways, back to the good stuff. What is unique about ADStreams is that you can hide information without altering the size of the file. Alternate Data Streams can only exist on NTFS Filesystems (Destination File Only). Here is an article describing ADS.

*This tool/script uses/requires streams.exe by Sysinternals.

Functions:

  • Hide file(s) within another file without altering integrity.
  • Browse and open hidden streams.
  • Delete streams from file.
Posted ImagePosted Image

Hiding large files takes a while. Looking on how to optimize before releasing code. Fell free to ask questions or comment.

Code is Below on Post #7

Edited by spudw2k
Spoiler

Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of CardsHideItICUIcon FreezerIpod EjectorJunos Configuration ExplorerLink DownloaderMD5 Folder EnumeratorPassGen ◊ Ping ToolQuick NICRead OCRRemoteITSchTasksGuiSpyCamSystem Scan Report ToolSystem UpTimeTransparency Machine VMWare ESX Builder
Misc Code Snippets: ADODB ExampleCheckHover ◊ Detect SafeModeDynEnumArrayGetNetStatData ◊ HashArrayIsBetweenDates Local AdminsMake ChoiceRecursive File ListRemove Sizebox StyleRetrieve PNPDeviceIDRetrieve SysListView32 ContentsSet IE Homepage Tickle Expired PasswordTranspose Array
Projects: Drive Space Usage GUI ◊ LEDkITPlasma_kIt ◊ Scan Engine BuilderSpeeDBurnerSubnetCalc
Cool Stuff: AutoItObject UDF Extract Icon From ProcGuiCtrlFontRotateHex Edit FuncsRun binaryService_UDF

 

Link to comment
Share on other sites
spudw2k Universalist

spudw2k

Posted
  • Author
Posted

(snip)

there is a easy way:

open up cmd type this

copy /b filetohidein.jpg + filetohide.zip newfile.jpg

and then open newfile.jpg with winrar :)

That's neat, but it alters the file. ADS does not.
Spoiler

Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of CardsHideItICUIcon FreezerIpod EjectorJunos Configuration ExplorerLink DownloaderMD5 Folder EnumeratorPassGen ◊ Ping ToolQuick NICRead OCRRemoteITSchTasksGuiSpyCamSystem Scan Report ToolSystem UpTimeTransparency Machine VMWare ESX Builder
Misc Code Snippets: ADODB ExampleCheckHover ◊ Detect SafeModeDynEnumArrayGetNetStatData ◊ HashArrayIsBetweenDates Local AdminsMake ChoiceRecursive File ListRemove Sizebox StyleRetrieve PNPDeviceIDRetrieve SysListView32 ContentsSet IE Homepage Tickle Expired PasswordTranspose Array
Projects: Drive Space Usage GUI ◊ LEDkITPlasma_kIt ◊ Scan Engine BuilderSpeeDBurnerSubnetCalc
Cool Stuff: AutoItObject UDF Extract Icon From ProcGuiCtrlFontRotateHex Edit FuncsRun binaryService_UDF

 

Link to comment
Share on other sites
spudw2k Universalist

spudw2k

Posted
  • Author
Posted (edited)

Alright, alright. here's the code. ---Please move back into Examples.

*Requires streams.exe by Sysinternals.

edit: Updated code for v3.2.12.1 and added method from YourSpace

edit: Checked code against v3.3.0.0 and added Drag GUI code.

Previous downloads: 40

HideIt.au3

Edited by spudw2k
Spoiler

Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of CardsHideItICUIcon FreezerIpod EjectorJunos Configuration ExplorerLink DownloaderMD5 Folder EnumeratorPassGen ◊ Ping ToolQuick NICRead OCRRemoteITSchTasksGuiSpyCamSystem Scan Report ToolSystem UpTimeTransparency Machine VMWare ESX Builder
Misc Code Snippets: ADODB ExampleCheckHover ◊ Detect SafeModeDynEnumArrayGetNetStatData ◊ HashArrayIsBetweenDates Local AdminsMake ChoiceRecursive File ListRemove Sizebox StyleRetrieve PNPDeviceIDRetrieve SysListView32 ContentsSet IE Homepage Tickle Expired PasswordTranspose Array
Projects: Drive Space Usage GUI ◊ LEDkITPlasma_kIt ◊ Scan Engine BuilderSpeeDBurnerSubnetCalc
Cool Stuff: AutoItObject UDF Extract Icon From ProcGuiCtrlFontRotateHex Edit FuncsRun binaryService_UDF

 

Link to comment
Share on other sites
  • 1 year later...
  • 3 months later...
TurionAltec Universalist

TurionAltec

Posted
Posted

Because filefindfirst and filefindnext can't provide the following functionality?

Func GetADStreams($filenamepath)
    RunWait(@comspec & " /c " & @tempdir & "\streams.exe " & chr(34) & $filenamepath & chr(34) & " > " & @Tempdir & "\streams.log","",@SW_HIDE)

*snip*
Func CleanFile($filepath)
    RunWait(@comspec & " /c " & @tempdir & "\streams.exe -d " & chr(34) & $filepath & chr(34),"",@SW_HIDE)
EndFunc

What I'm wondering is why we're calling @comspec for these two functions and passing the results to an intermediate text file instead of using Stdout, but I digress.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...