1

Was reading about ADS(Alternate data streams) in windows, so came across this thing. Working on Windows XP to test the following.

I created a file with name - sample.txt with the content - "hello there" Created another file with name - second.txt with content - "I am hidden"

At command prompt did the following:-

type second.txt > sample.txt:newfile.txt

It executes successfully

Now, if i type this:-

notepad sample.txt:newfile.txt

Notepad opens newfile.txt with the content - "I am hidden"

Till here, its normal

Now, I tried to hide an exe file,lets say - notepad.exe behind a txt sample like this:-- (i have copied notepad.exe in the same folder)

type notepad.exe > sample.txt:newexe.exe

Above command runs successfully.

Question is, now how can i run that exe file which is now behind text file. My guess is I need some form of interpreter (like notepad.exe in the first example) to make my exe run. Does exe files require some sort of interpreter to run(like text files need some editor)?? I know, exe files can be run directly, but here in this case thats not working. Even tried:--

start second.txt:newexe.exe

but it doesnt work. Help will be greatly appreciated, as I dont know much about windows internals.

Xearinox
  • 3,224
  • 2
  • 24
  • 38
bugs99
  • 31
  • 1
  • 4

2 Answers2

2

Sensibly, Windows will not allow this and will throw an Access Denied if you try to execute it, similarly there is no easy way to copy a binary stream.

With administrative privs you can mklink blah.exe sample.txt:newexe.exe which would create a symlink to the executable ADS, executable via blah.exe.

Alex K.
  • 171,639
  • 30
  • 264
  • 288
  • Ok, that's a nice workaround. But my whole objective is to make the existence of exe file unknown to somebody(unless if someone checks the size of file or folder). Symbolic link will be still visible isnt it?(even after selecting show hidden files options) – bugs99 Jul 25 '12 at 11:43
  • Sound Dodgy. *"But my whole objective is to make the existence of exe file unknown to somebody"* -- its Microsoft's whole objective to not allow you to do precisely that without 3rd party executable tools. – Alex K. Jul 25 '12 at 11:52
  • 1
    thanks for that input, i was assuming if i can hide my txt file that way, maybe i will be able to do the same for exe file as well. – bugs99 Jul 25 '12 at 12:32
0

Under Windows XP you must give the full qualified name of the ADS to start (in this case I have 'hidden' depends.exe in dbgview.exe):

enter image description here

mox
  • 6,084
  • 2
  • 23
  • 35
  • The image above shows that Depends.exe is running. Actually Depends.exe has been placed behind another exe file (dbgview.exe) but you can, using the sample provided, do the same with a text file. Then the hidden Depends.exe (which has the test.exe ADS name) is started using full qualified name: start c:\temp\dbgview.exe:test.exe – mox Aug 10 '12 at 06:08
  • 1
    @ThomasW: correct, full path does not work on Windows7! The question mentioned Windows XP and I explicitly stated how to run ADS on Windows XP. – mox Jan 09 '14 at 08:41