One,
1. Open either NTFS partition CMD command prompt, type echo abcde >> a.txt: b.txt, then the current directory named a.txt will generate a file, but the file size is
0 bytes after open nor anything, just enter the command: notepad a.txt: b.txt to see the written abcde
2. At the top of the command, a.txt may not exist, it can be saved to a file, the file format does not matter, either .txt or .jpg | .exe | .asp will do;
b.txt can arbitrarily specify a file name and extension. (You can hide any text information in any file, as long as no leakage after colon virtual file name (ie b.txt),
others will not see the hidden information)
3. The files contain hidden information can continue to hide other content, compared to the previous example, we can still use the command echo 12345 >> a.txt: c.txt a.txt to create a new
stream of information hidden files, use the command notepad a.txt: c.txt open will find this information 12345, and abcde still exists in a.txt: b.txt are unaffected.
-------------------------------------------------- -------------------------------------------------- ------------------------- gorgeous asymmetrical division line
Second, hidden files
1. similar to the above, type the command format for the file name + suffix >> arbitrary files: Any file name + the original file suffix,
such as: type 1.jpg >> 2.abc:1.jpg
is to write content 1.jpg 2.abc:1.jpg into this stream file, 2.abc can easily change, 1.jpg may be casual, but easy to remember or choose to be with hidden files, it is best to use normal file, so more concealed.
2. Open the hidden files Note that if you use the system comes directly enter the program name on it, such as opening a drawing tool 2.abc:1.jpg is mspaint 2.abc:1.jpg
using third-party software to open the case the full path is required, for example ACDSee9 opening 2.abc:1.jpg is ACDsee9.exe letter: /2.abc: 1.jpg
Note: By the same token, other documents can also hide this, according to the suffix find the corresponding procedures simply open the line, but also multiple files as hidden as hidden information.
Drawing tools: mspaint
executable exe: start
Third, the hidden Trojan
Muma.exe the stream file: 1. Similarly with hidden files, type muma.exe >> 2.jpg: muma.exe, write to the muma.exe 2.jpg
when the open: start streaming file absolute path, the examples are: start c: /2.jpg: muma.exe;
or will be prompted parameters are incorrect.
-------------------------------------------------- -------------------------------------------------- ------------------------- gorgeous asymmetrical dividing line
Note:
1. stream file can not be directly transmitted over the network, you must use the WinRAR compression hook on the Advanced Options "to save the file stream data" to do so.
2. Make a good stream file with the original file size is the same, only contains the size of hidden files after compression, indicating NTFS file streams will still take up disk space.
3. stream file can only be run on an NTFS partition and storage (compressed "to save the file stream data" are stored to FAT32, but the file decompression file is still missing data flow), once placed in other file systems, even reseating, NTFS data streams will be lost.
Reproduced in: https: //my.oschina.net/dake/blog/196651