WinNinja File Hiding Code

Project:
WinNinja

Description:
This is a code example from WinNinja, showing how to hide files by hooking the NtQueryDirectoryFile API.

Notes:

• You will need to provide your own hooking library. I'm not posting mine (yet?).
• You will need to provide your own "ShouldHideFile" function (and obviously your own "ToLower" if you want to convert the string to lower-case).
• This is designed as a BASE, not a full implementation. Hence my next point.
• There are quite a few potential holes and stability issues in the code. I have purposefully left these in for the public version, and removed the comments documenting them. This has been done to try and stop people copy-pasting this into their malware without knowing what they're doing.
• In order to further stop the copy-pasters using this without understanding it, I have removed entirely the section of code commented with "REMOVED". This is because the implementation of it should prove easy to anyone who knows what they're doing, but difficult to anyone who doesn't.
• There are still other things you need to hook if you want to hide files entirely. It's up to you to figure out what.
• You will obviously need to provide your own custom structures, information class enums, status codes, etc. They're not hard to find in a lot of open source projects, however you need to keep in mind their licences (normally GPL). So if you want to use this in public closed-source software I suggest you reverse the Windows kernel and get them yourself.

Anyway, if you're not a moron this should provide a quick and dirty starting point for you.

As always, comments and constructive criticisms are appreciated. Also, if you notice any of the holes and want to help out the other readers you're free to post them in the comments. I just didn't want to post them myself because I thought it would be more fun to see how many you guys can find.

This may not appear anywhere else without permission, but may be linked to.

Releases:

NtQueryDirectoryFile_Hook-v20091101a