Skip to content

0mWindyBug/FileHide

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
FileHide
FileHide
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

FileHide Minifilter Driver

FileHide is a minifiter driver that allows you to hide your files or directories

Tested on Windows 10 21H2 and 22H2

Usage:

modify the TARGET_FILE(file/directory name only) and TARGET_FOLDER(parent directory of the file to hide) in 'main.h'

How it works

programs like explorer use functions like NtQueryDirectoryFile to obtain information about directories and their contents

the corresponding sent IRP is IRP_MJ_DIRECTORY_CONTROL with MinorFunction of IRP_MN_QUERY

we register both pre and post filters for IRP_MJ_DIRECTORY_CONTROL

the pre filter is responsible to reduce overhead by filtering out uninteresting directory controls and returning FLT_PREOP_SUCCESS_NO_CALLBACK

the post filter , which is invoked only for directory queries we care about , is responsible for parsing the query results buffer structure and removing the file we wish to hide

Demo

before loading FileHide

FileHide_Before

after loading FileHide

FileHide_After

About

filter driver to hide files and directories

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages