Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
Reorganizes ROOTKIT the material(6)
  Add date: 07/17/2008   Publishing date: 07/17/2008   Hits: 22
Total 10 pages, Current page:6, Jump to page:
 

FileDirectoryInformation
FileFullDirectoryInformation
FileBothDirectoryInformation
FileNamesInformation

Must read in FileInformation the FileDirecoryInformation record structure:

typedef struct _FILE_DIRECTORY_INFORMATION {
  ULONG NextEntryOffset;
  ULONG Unknown;
  LARGE_INTEGER CreationTime;
  LARGE_INTEGER LastAccessTime;
  LARGE_INTEGER LastWriteTime;
  LARGE_INTEGER ChangeTime;
  LARGE_INTEGER EndOfFile;
  LARGE_INTEGER AllocationSize;
  ULONG FileAttributes;
  ULONG FileNameLength;
  WCHAR FileName[1];
} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;


FileFullDirectoryInformation:

typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
  ULONG NextEntryOffset;
  ULONG Unknown;
  LARGE_INTEGER CreationTime;
  LARGE_INTEGER LastAccessTime;
  LARGE_INTEGER LastWriteTime;
  LARGE_INTEGER ChangeTime;
  LARGE_INTEGER EndOfFile;
  LARGE_INTEGER AllocationSize;
  ULONG FileAttributes;
  ULONG FileNameLength;
  ULONG EaInformationLength;
  WCHAR FileName[1];
} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION;


FileBothDirectoryInformation:

typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {
  ULONG NextEntryOffset;
  ULONG Unknown;
  LARGE_INTEGER CreationTime;
  LARGE_INTEGER LastAccessTime;
  LARGE_INTEGER LastWriteTime;
  LARGE_INTEGER ChangeTime;
  LARGE_INTEGER EndOfFile;
  LARGE_INTEGER AllocationSize;
  ULONG FileAttributes;
  ULONG FileNameLength;
  ULONG EaInformationLength;
  UCHAR AlternateNameLength;
  WCHAR AlternateName[12];
  WCHAR FileName[1];
} FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION;


FileNamesInformation:

typedef struct _FILE_NAMES_INFORMATION {
  ULONG NextEntryOffset;
  ULONG Unknown;
  ULONG FileNameLength;
  WCHAR FileName[1];
} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;

This function reads in these structures in FileInformation a tabulation. To us has 3 variables in these structure type is important.
NextEntryOffset is this tabulation mean terms offset address. The first item in address FileInformation+0 place, therefore the second item in the address is FileInformation+ first item of NextEntryOffset. Last item of NextEntryOffset is 0.
FileName is the document full name.
FileNameLength is the filename length.
If we want to hide a document, we need to inform these 4 types separately, to each type's return recording we need with us to plan hides document comparison name. If we planned that hides the first record, we may the following structure forward motion, the motion length for the first structure length, like this cause the first record to rewrite. If we want to hide other any, only needs a very easy change record the NextEntryOffset value line. If we must hide the last record to change its NextEntryOffset 0, otherwise the NextEntryOffset value should want that record which and the preceding NextEntryOffset value sum for us hides. Then revises the preceding record the Unknown variable value, it is the index which next time searches. Before record which, must hide a record's Unknown variable's value changes that record Unkown variable value which we must hide then.

 
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * 10 * Next>>
Prev:Vista deals with the network military judge and the ARP deceit attack Next:The SQL script pours into uncommon method summary

Comment:

Category: Home > hacker course
Home