Our Experience Education Student Projects Driver To Hide Files and Processes
| Driver To Hide Files and Processes |
 |
 |
 |
| Thursday, 27 November 2008 12:58 |
TaskImplement the driver to hide files and processes on the local PC. Processes should be hidden from the applications that browse Process List (Task manager, Process Explorer etc.) and from the Windows API calls (EnumProcesses, OpenProcess, EnumProcessModules and other Process APIs). Files should be hidden from the file managers (Windows Explorer, Far, Total Commander) and also from the Windows API calls (FindFile, OpenFile and other File APIs). This project was developed by Ivan Romanenko, Junior Software Developer (Network Security Direction) and Sergiy Popenko, Junior Software Developer (Driver Development Direction).
ResultsDuring the project implementation we add some features that were not mentioned in the initial task:
Also we planned to add more interesting features but didn’t have enough time to implement all of them:
A lot of time was spent to create the Universal Subsystem of Interceptions where the implementation of the concrete interception is a kind of plug-in. Due to the limited terms we implemented only two such plug-ins with expanded functionality. But also we developed the interception of functions via System Service Table (SST) that allowed hiding opened ports, registry keys, handles, memory. Tools and TechnologiesWorking with SST, DPC Sync for correct hook installation in the multiple-processor systems. Internal ApriorIT library for driver development in C++, STL (Standard Template Library), MFC (Microsoft Foundation Classes). Patterns: Proxy (Wrapper), Singleton, MVC (Model View Controller), Model (from MFC Document) and some others. Download Project Documentation and SSDT Patching Description. Download Source Files. |
