Develop Filter drivers to hide files

TheMSsForum.com: The Microsoft Software Forum

Hello,

I am trying to learn about the magic of file system drivers and I
thought that an interesting project would be to develop a filter driver
that would hide specific files. I am guessing that it would be
something as simple as ignoring some requests to seek some files.

would anyone be willing to post some resources that could lead me on my
way? I checked through the Windows DDK and was unable to locate
anything that would be of interested.

Thank you for your time.
Top

RE: Develop Filter drivers to hide files by pavel_a

pavel_a
Thu Sep 07 16:29:02 CDT 2006

"Jon" wrote:
> Hello,
>
> I am trying to learn about the magic of file system drivers and I
> thought that an interesting project would be to develop a filter driver
> that would hide specific files. I am guessing that it would be
> something as simple as ignoring some requests to seek some files.
>
> would anyone be willing to post some resources that could lead me on my
> way? I checked through the Windows DDK and was unable to locate
> anything that would be of interested.

This one is a good for starters
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

Regards,
--PA

Top

Re: Develop Filter drivers to hide files by Don

Don
Thu Sep 07 17:23:41 CDT 2006

Get the Vista WDK Beta it has the IFS kit free as part of the WDK. Take a
look at the mini-filter examples. Also, go to http://www.osronline.com/ and
sign up for NTFSD the file system development newsgroup.


--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply



"Jon" <TheFakeJon@gmail.com> wrote in message
news:1157663415.205422.235230@i42g2000cwa.googlegroups.com...
> Hello,
>
> I am trying to learn about the magic of file system drivers and I
> thought that an interesting project would be to develop a filter driver
> that would hide specific files. I am guessing that it would be
> something as simple as ignoring some requests to seek some files.
>
> would anyone be willing to post some resources that could lead me on my
> way? I checked through the Windows DDK and was unable to locate
> anything that would be of interested.
>
> Thank you for your time.
>


Top

Re: Develop Filter drivers to hide files by anton

anton
Fri Sep 08 07:59:32 CDT 2006

Hi mate

> I am trying to learn about the magic of file system drivers and I
> thought that an interesting project would be to develop a filter driver
> that would hide specific files.

Why do you want to do someting like that???? Are you trying to write a
rootkit????

Anton Bassov

Jon wrote:
> Hello,
>
> I am trying to learn about the magic of file system drivers and I
> thought that an interesting project would be to develop a filter driver
> that would hide specific files. I am guessing that it would be
> something as simple as ignoring some requests to seek some files.
>
> would anyone be willing to post some resources that could lead me on my
> way? I checked through the Windows DDK and was unable to locate
> anything that would be of interested.
>
> Thank you for your time.

Top

Re: Develop Filter drivers to hide files by Uv

Uv
Fri Sep 08 11:04:23 CDT 2006

Jon wrote:
> Hello,
>
> I am trying to learn about the magic of file system drivers and I
> thought that an interesting project would be to develop a filter driver
> that would hide specific files. I am guessing that it would be
> something as simple as ignoring some requests to seek some files.
>
> would anyone be willing to post some resources that could lead me on my
> way? I checked through the Windows DDK and was unable to locate
> anything that would be of interested.
>
> Thank you for your time.

What you are asking closely matches what we refer to as a rootkit.
And so, even though it seems like you're just interested in learning
about fsfd's, no one here will offer you help to do that specific task
you have undertaken.

Why dont you try something else instead - like your own file level
mirroring fsfd?
Whenever a write request comes down to a given file (or a set of
files), mirror that request to two directories. Then using something
like windiff or winmerge to check if you're getting it all.

You'll also have to worry about alternate data streams and other
attributes like the file times.

This project would definitely give you all the initial insight that
you'd want about fsfd's and keep us off your back about the rootkit
issue.

Think about it.
-Uv

Top

Re: Develop Filter drivers to hide files by Jon

Jon
Fri Sep 08 14:25:08 CDT 2006

Thanks for your input. I like your idea Uv, I will do some research
into that.

thanks

Top