Windows中的隐形文件 [英] stealth files in windows
问题描述
亲爱的开发人员!
我必须编写具有非常严格的安全准则的应用程序.有必要对计算机的任何用户完全隐藏文件.
我的应用程序为特定的目标应用程序提供了宏.通常,宏将以加密方式保存在容器文件中(已完成),并且当用户需要时,将对其进行加密并在后台分发.不幸的是,目标应用程序需要一个带有指向宏的路径的字符串,但是如果不给用户提供复制宏的机会,这几乎是不可能的.
到目前为止,我尝试过的操作:
-创建一个MemFile并共享它->失败,未接受任何指针.
-myApp.exe:myMacro.vba->失败,找不到宏.
我还尝试了各种方法来使用标准的东西(例如隐藏的文件夹等)来隐藏文件,但这还不够安全.
宏仅在目标应用程序执行时需要存在,然后必须将其删除.每个用户都已了解有关此应用程序及其用途的信息!但是他应该使用我们的专有技术并且不要复制!
由于时间有限,我应该朝哪个方向走:
-尝试创建本地服务器并使用127.0.0.1?
-尝试创建一个文件驱动程序,我可以在其中从RAM访问宏?
-还有其他想法吗?
非常感谢您提供的任何帮助!
更新:
-用户将接受,因为他想使用宏的功能.
-我无法处理用户的访问权限,因为每个人都可以安装此工具.
-虽然不使用宏,但它们存储在磁盘上,但是存储在具有严格加密(已完成)的特殊容器文件中.只是应该执行一个,它将被加密(使用内存文件),然后我必须将其传递给应用程序. 将其传递给应用程序"是该系统中的唯一弱点,其他方面的工作都还不错.
-要连接该应用程序,我将我的应用程序创建为自动化服务器,并通过另一个应用程序中的宏将其连接.
Dear Developers!
I have to write an application with very strict security guidlines. It is necessary, to hide a file completely from any user of the computer.
My application provides macros for a specific target application. Normaly the macros are saved encrypted in a container file (already done) and when the user need one, it will be encrypted and handed out in the background. The target applcation unfortunatly needs to have a string with a path to the macro, but this is hardly possible without giving the user the chance to copy the macro.
What I tried until now:
- Create a MemFile and share it -> failed, no pointer accepted.
- myApp.exe:myMacro.vba -> failed, macro not found.
Also I tried various methods to hide files using standard things like hidden folders and so on, but it''s all not secure enough.
The macro just needs to exist while it is executet by the target application, then it must be deleted. EVERY USER IS WELL INFORMED ABOUT THIS APPLICATION AND WHAT IT''S DOING! But he should use our Know How and not copy it!
What direction should I go further, because there is limited time:
- try to create a local server and use 127.0.0.1?
- try to create a file driver, where I can access the macro from RAM?
- any other ideas?
Thanks a lot for anything that helps me!
updates:
- The user will accept, because he wants to use the functionality of the macros.
- I can''t handle the access rights of the user, because everybody can install this tool.
- while the macros are not used, they are stored on disc, but in special container files with heavy encryption (already done). just when one should be executed, it will be encrypted (using a memfile) and then I have to pass it to the application. the "pass it to the application" is the only weak point in this system, the other things works pretty fine.
- to connect the application i created my application as an automation server and connect it through a macro from the other application.
推荐答案
在不知道访问级别的情况下很难回答您的用户有.如果用户拥有管理员权限,我认为无法完全隐藏文件.这将适得其反,因为作为管理员,我希望可以访问系统上的所有文件.
因此,您应该:
(a)确保您的用户永远不会获得管理员权限
或
(b)搜索另一种执行宏的方法,例如从临时内存缓冲区中.
也许您可以以加密方式存储宏.然后,将其作为一个小型应用程序外壳,将其加载到内存缓冲区中并从那里执行.
Difficult to answer without knowing what level of access your users have. If a user has administrator right there is in my opinion no way of totally hiding a file from him. That would be counter-productive, because as an administrator I am expected to have access to all files on the system.
So either you should:
(a) Make sure that your users never get administrator rights
or
(b) Search for another way to execute your macros, for example from a temporary memory buffer.
Perhaps you can store the macro in an encrypted way. Then be kind of a small application shell load it into a memory buffer and execute from there.
在C#中,这是NullCoders.com上Iteration中一个有趣的解决方案.
Here''s an interesting solution in c# from Iteration at NullCoders.com.
using System;
using System.Windows.Forms;
using System.IO;
private void GhostFolder(string FolderPath)
{
try
{
//Creates a New DirInfo Instance
DirectoryInfo di = new DirectoryInfo(@FolderPath);
//Create Temp folder path.
string TempPath = di.Parent.FullName + "\\GhostedTempFolder";
//If our temp directory was found, there must of been an error on previous run, so lets delete it.
if (Directory.Exists(TempPath) == true)
{
//Delete all the files
foreach (string Path in Directory.GetFiles(TempPath, "*.*", SearchOption.AllDirectories))
File.Delete(Path);
//Delete Directory
Directory.Delete(TempPath);
}
//Create a new Temp Directory again.
Directory.CreateDirectory(TempPath);
//Trys to delete the current desktop.ini if it exists.
File.Delete(TempPath + "\\desktop.ini");
//Make folder System so blank icon shows.
File.SetAttributes(TempPath, FileAttributes.System);
//Creates Desktop.ini with new Folder Icon.
StreamWriter file = new System.IO.StreamWriter(TempPath + "\\desktop.ini");
file.WriteLine("[.ShellClassInfo]");
file.WriteLine("IconResource=C:\\Windows\\system32\\SHELL32.dll,49");
file.Close();
//Copy all directories
foreach( string folders in Directory.GetDirectories(@FolderPath, "*.*", SearchOption.AllDirectories))
Directory.CreateDirectory(folders.Replace(FolderPath, TempPath));
//Copy all the files
foreach (string files in Directory.GetFiles(@FolderPath, "*.*", SearchOption.AllDirectories))
File.Copy(files, files.Replace(FolderPath,TempPath));
//Creates New Directory Object
DirectoryInfo HiddenFolder = new DirectoryInfo(@TempPath);
//Creates new path thats semi hidden.
string NewName = HiddenFolder.FullName.Replace(HiddenFolder.Name, char.ConvertFromUtf32(160));
//Rename Folder
HiddenFolder.MoveTo(NewName);
//Refresh Folder for Update
HiddenFolder.Refresh();
//Removes Origional Direcotry
Directory.Delete(@FolderPath, true);
//Clean up any garbage.
GC.Collect();
//Display Success Message
MessageBox.Show("Folder was successfully ghosted, may take a few minutes for windows to refresh the cache.", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
catch (Exception ee)
{
MessageBox.Show(ee.Message);
}
}
我决定采用干净但困难的方法.
首先,我阅读了Rajeev Nagar的书"Windows NT文件系统内部知识:开发人员指南"(以及其他几本与Windows调试和驱动程序开发有关的书),然后我仔细研究了"dokan"项目和TryeCrypt,它们都是开源的.
我花了几周的时间来实现自己的驱动程序.这确实是很短的时间,因为不需要实现整个NTFS功能.所有其他应用程序都关闭了包含安装点(用于指示IO-Manager向何处发送请求的连接点的目录)的目录,并且所涉及的应用程序仅需要执行一些操作.
解决方案:
我写了一个文件过滤器驱动程序,它提供了一个接口来回答IO-Manager请求.比必须有一个库,它允许您将IO-Manager请求重定向到用户模式.在用户模式下,我实现了一个文件系统,该文件系统将文件存储在文件类(C ++)中. 对于安全功能,很容易将询问过程的过程号设置为用户模式,因此我能够检查该过程是否被允许继续进行.如果是,我给CreateFile-request一个句柄,否则,我发送错误代码.
整个内容太大了,无法发布为答案,但是我正在为文章编写一个简单的示例.
现在,我完成了该项目,并在即将开发的硬件方面面临新的工作.没有多少人会写Windows内核模式代码,所以我建议每个有足够的神经和兴趣去学习的人! :-)
I decided to go the clean but hard way.
First I read Rajeev Nagar''s book "Windows NT File System Internals : A Developer''s Guide" (and a few other books related to windows debuging and driver developement), then I had a closer look at the "dokan" project and TryeCrypt, which are both open source.
It took me a few weeks to implement my own dirver. This was a realy short time, because it wasn''t necessary to implement the whole NTFS functionality. The directory which contains the mount point (sort of junction point, to tell the IO-Manager where to send requests) is closed for all other applications, and there are just a few operations which the involved applications need.
The solution:
I wrote a file filter driver, which provides an interface to answer IO-Manager requests. Than there must be a library, which allowes you, to redirect the IO-Manager requests to user mode. In user mode I implemented a file system, which stores the files in a file class (C++).
For security functions it''s very easy to get the process number of the asking process into user mode, so I''m able to check if the process is permitted to proceed. If yes, I give the CreateFile-request a handle, if not I send error codes.
The whole thing is too big to post it as answer, but I''m working on a simple example for an article.
Now I finished the project and facing a new job in hardware near developement. There are not much people who have knowledge about writing windows kernel mode code, so I advice everybody who has enough nerves and interest to learn this! :-)
这篇关于Windows中的隐形文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
