Alternative data streams in NTFS or how to hide notepad

Introduction


Support for alternative data streams (AltDS) was added to NTFS for compatibility with the Macintosh HFS file system, which used a resource stream to store icons and other file information. Using AltDS is hidden from the user and not accessible by conventional means. Explorer and other applications work with a standard stream and cannot read data from alternative ones. Using AltDS, you can easily hide data that cannot be detected by standard system checks. This article will provide basic information about the operation and definition of AltDS.

Creating AltDS


Creating AltDS is very easy. To do this, use the command line. First, create a base file to which we will attach our threads.
C:\>echo Just a plan text file>sample.txt

C:\>type sample.txt
Just a plan text file

C:\\>

Next, we will use the colon as the operator to indicate that we will use AltDS:
C:\\>echo You can't see me>sample.txt:secret.txt

You can use the following commands to view the contents:
C:\ more < sample.txt:secret.txt

or
C:\ notepad sample.txt:secret.txt

If everything works well, you will see the text: You can't see me, and when you open it from the explorer, this text will not be visible. AltDS can also be attached not only to the file, but also to the folder. To do this, create a folder and attach some text to it:
C:\>md stuff
C:\>cd stuff
C:\stuff>echo Hide stuff in stuff>:hide.txt
C:\stuff>dir
Volume in drive C has no label.
Volume Serial Number is 40CC-B506Directory of C:\stuff
09/28/2004 10:19 AM <dir>.
09/28/2004 10:19 AM </dir><dir>…
0 File(s) 0 bytes2 Dir(s) 12,253,208,576 bytes free
C:\stuff>notepad :hide.txt

Now you know how to use Notepad to view and edit the attached AltDS, as well as how to attach it to files and folders.

Hiding and launching applications


Hiding applications using AltDS is as easy as hiding test files. First, create the base file again:
C:\WINDOWS>echo Test>test.txt

Next, we put our application into the stream, for example, I used notepad.exe:
C:\WINDOWS>type notepad.exe>test.txt:note.exe

Now make sure that in our file everything is also text:
C:\WINDOWS>type test.txt
Test

And now for the fun part, let's launch our hidden application:
C:\WINDOWS>start .\test.txt:note.exe
C:\WINDOWS>

Since this article is not a complete translation of the article taken from here , it is framed as a simple topic. Additional tricks can be found at the specified link.

UPD:
Utilities for working with AltDS (the list is taken from the article at the link above):


LADS - List Alternate Data Streams by Frank Heyne
www.heysoft.de/Frames/f_sw_la_en.htm
Streams.exe from SysInternals:
www.sysinternals.com/ntw2k/source/misc.shtml#streams
ScanADS command line tool:
www.kodeit. org / products / scanads / default.htm
ADS Spy GUI Scanner:
www.spywareinfo.com/~merijn/downloads.html
Crucial ADS GUI Scanner:
www.crucialsecurity.com/downloads.html
ADS Detector for Explorer:
www.codeproject.com /csharp/CsADSDetectorArticle.asp
Windows ports of Unix tools like CAT:
unxutils.sourceforge.net
UPD2: Software Work with Streams