Alternate Streams in NT....

[WhiteTiger]

A couple questions...

How can you create an alternate stream within a compiled application with VC++

And Can you call upon that application from within the main stream?...

I am working on a theory for something, which could save a lot of people some bad things in the future...it would only work on NTFS file systems, but considering, it should work. ----------------------------------------
Luke WhiteTiger to the rescue!X-)
Oldnewbie: "Luke, you must first learn to use the force...correctly."
Virt2001: "Join the dark side"%-(

 

[Cagliostro]

what do you mean an alternate stream? John Fill

ivfmd@mail.md

 

[WhiteTiger]

An alternate stream, in NTFS, can hide files within a file...

Try this...
Make a VBS file or something, put both it, and a COPY of notepad on your desktop...

Also make a shortcut to notepad on your desktop

and with it, have it run notepad as follows
"c:\(desktop path)\notepad.exe:whatever.vbs"

It will run whatever.vbs with the program...as an alternate stream. I have been reading on alternate streams, and you can embed another program within it (when compiling), and not be able to detect the extra file size, since explorer only reads the size of the main stream. read up on it....

This might be VERY deadly if used in a malicous way...and guess what...not a single virus detector scans the alternate stream of any file...yea, scary eh?...I'm trying to prevent it from happening a first time... ----------------------------------------
Luke WhiteTiger to the rescue!X-)
Oldnewbie: "Luke, you must first learn to use the force...correctly."
Virt2001: "Join the dark side"%-(

 

[WhiteTiger]

So no one can help me out on this?...
HERE WE GO!...heres some little tests for you NT users to run to see exactly how dangerous these Alternate streams are... ----------------------------------------
The Learning process is just a way to get rid of all the stupids in your head.

Now where's that cute kitten? ;-)

 

[WhiteTiger]

Oh, I found some code, but dont know if it would work in VC++

   #include <windows.h>
   #include <stdio.h>

   void main( )
   {
      HANDLE hFile, hStream;
      DWORD dwRet;

      hFile = CreateFile( &quot;testfile&quot;,
                       GENERIC_WRITE,
                    FILE_SHARE_WRITE,
                                NULL,
                         OPEN_ALWAYS,
                                   0,
                                NULL );
      if( hFile == INVALID_HANDLE_VALUE )
         printf( &quot;Cannot open testfile\n&quot; );
      else
          WriteFile( hFile, &quot;This is testfile&quot;, 16, &dwRet, NULL );

      hStream = CreateFile( &quot;testfile:stream&quot;,
                                GENERIC_WRITE,
                             FILE_SHARE_WRITE,
                                         NULL,
                                  OPEN_ALWAYS,
                                            0,
                                         NULL );
      if( hStream == INVALID_HANDLE_VALUE )
         printf( &quot;Cannot open testfile:stream\n&quot; );
      else
         WriteFile(hStream, &quot;This is testfile:stream&quot;, 23, &dwRet, NULL);
   }

----------------------------------------
The Learning process is just a way to get rid of all the stupids in your head.

Now where's that cute kitten? ;-)