-
Notifications
You must be signed in to change notification settings - Fork 82
/
Copy pathhidefile.c
86 lines (66 loc) · 2.94 KB
/
hidefile.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#include <windows.h>
#include <stdio.h>
#include "hidefile.h"
#include "beacon.h"
BOOL CreateHiddenDir(WCHAR *directory) {
DWORD attrib;
attrib = KERNEL32$GetFileAttributesW(directory);
if(attrib == INVALID_FILE_ATTRIBUTES) {
BeaconPrintf(CALLBACK_ERROR, "Failed to get file attribute information from directory with error code: %ld. Is the path and directory name correct?\n", KERNEL32$GetLastError());
return FALSE;
}
attrib |= FILE_ATTRIBUTE_HIDDEN;
attrib |= FILE_ATTRIBUTE_SYSTEM;
if(KERNEL32$SetFileAttributesW(directory, attrib) == 0) {
BeaconPrintf(CALLBACK_ERROR, "Failed to set new attribute information on the directory with error code: %ld\n", KERNEL32$GetLastError());
return FALSE;
}
return TRUE;
}
BOOL CreateHiddenFile(WCHAR *file) {
HANDLE hFile;
FILE_BASIC_INFORMATION fileInfo;
IO_STATUS_BLOCK ioStatusBlock;
NtQueryInformationFile_t pNtQueryInformationFile = (NtQueryInformationFile_t)GetProcAddress(GetModuleHandle("ntdll.dll"), "NtQueryInformationFile");
if(pNtQueryInformationFile == NULL) return 0;
NtSetInformationFile_t pNtSetInformationFile = (NtSetInformationFile_t)GetProcAddress(GetModuleHandle("ntdll.dll"), "NtSetInformationFile");
if(pNtSetInformationFile == NULL) return 0;
hFile = KERNEL32$CreateFileW(file, GENERIC_READ | GENERIC_WRITE | FILE_WRITE_ATTRIBUTES, 0, NULL, OPEN_EXISTING, 0, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
BeaconPrintf(CALLBACK_ERROR, "Could not open file with error code: %ld\n", KERNEL32$GetLastError());
return FALSE;
}
if (pNtQueryInformationFile(hFile, &ioStatusBlock, &fileInfo, sizeof(FILE_BASIC_INFORMATION), FileBasicInformation) < 0) {
BeaconPrintf(CALLBACK_ERROR, "Failed to get file attribute information with error code: %ld\n", KERNEL32$GetLastError());
KERNEL32$CloseHandle(hFile);
return FALSE;
}
fileInfo.FileAttributes |= FILE_ATTRIBUTE_HIDDEN;
fileInfo.FileAttributes |= FILE_ATTRIBUTE_SYSTEM;
if (pNtSetInformationFile(hFile, &ioStatusBlock, &fileInfo, sizeof(FILE_BASIC_INFORMATION), FileBasicInformation) < 0) {
BeaconPrintf(CALLBACK_ERROR, "Failed to set new attribute information on the file with error code: %ld\n", KERNEL32$GetLastError());
KERNEL32$CloseHandle(hFile);
return FALSE;
}
KERNEL32$CloseHandle(hFile);
return TRUE;
}
int go(char *args, int len) {
CHAR *option;
WCHAR *path;
BOOL res = FALSE;
datap parser;
BeaconDataParse(&parser, args, len);
option = BeaconDataExtract(&parser, NULL);
path = BeaconDataExtract(&parser, NULL);
if (MSVCRT$strcmp(option, "dir") == 0) {
res = CreateHiddenDir(path);
if (res) BeaconPrintf(CALLBACK_OUTPUT, "[+] Successfully modified directory attributes to systemfile + hidden.\n");
}
else if (MSVCRT$strcmp(option, "file") == 0) {
res = CreateHiddenFile(path);
if (res) BeaconPrintf(CALLBACK_OUTPUT, "[+] Successfully modified file attributes to systemfile + hidden.\n");
}
else BeaconPrintf(CALLBACK_ERROR, "Please specify one of the following options: dir | file\n");
return 0;
}