Alternative data streams in NTFS or how to hide notepad


Support for alternative data streams (AltDS) was added to NTFS for compatibility with the Macintosh HFS file system, which used a resource stream to store icons and other file information. Using AltDS is hidden from the user and not accessible by conventional means. Explorer and other applications work with a standard stream and cannot read data from alternative ones. Using AltDS, you can easily hide data that cannot be detected by standard system checks. This article will provide basic information about the operation and definition of AltDS.

Creating AltDS

Creating AltDS is very easy. To do this, use the command line. First, create a base file to which we will attach our threads.
C:\>echo Just a plan text file>sample.txt

C:\>type sample.txt
Just a plan text file


Next, we will use the colon as the operator to indicate that we will use AltDS:
C:\\>echo You can't see me>sample.txt:secret.txt

You can use the following commands to view the contents:
C:\ more < sample.txt:secret.txt

C:\ notepad sample.txt:secret.txt

If everything works well, you will see the text: You can't see me, and when you open it from the explorer, this text will not be visible. AltDS can also be attached not only to the file, but also to the folder. To do this, create a folder and attach some text to it:
C:\>md stuff
C:\>cd stuff
C:\stuff>echo Hide stuff in stuff>:hide.txt
Volume in drive C has no label.
Volume Serial Number is 40CC-B506Directory of C:\stuff
09/28/2004 10:19 AM <dir>.
09/28/2004 10:19 AM </dir><dir>…
0 File(s) 0 bytes2 Dir(s) 12,253,208,576 bytes free
C:\stuff>notepad :hide.txt

Now you know how to use Notepad to view and edit the attached AltDS, as well as how to attach it to files and folders.

Hiding and launching applications

Hiding applications using AltDS is as easy as hiding test files. First, create the base file again:
C:\WINDOWS>echo Test>test.txt

Next, we put our application into the stream, for example, I used notepad.exe:
C:\WINDOWS>type notepad.exe>test.txt:note.exe

Now make sure that in our file everything is also text:
C:\WINDOWS>type test.txt

And now for the fun part, let's launch our hidden application:
C:\WINDOWS>start .\test.txt:note.exe

Since this article is not a complete translation of the article taken from here , it is framed as a simple topic. Additional tricks can be found at the specified link.

Utilities for working with AltDS (the list is taken from the article at the link above):

LADS - List Alternate Data Streams by Frank Heyne
Streams.exe from SysInternals:
ScanADS command line tool:
www.kodeit. org / products / scanads / default.htm
ADS Spy GUI Scanner:
Crucial ADS GUI Scanner:
ADS Detector for Explorer: /csharp/CsADSDetectorArticle.asp
Windows ports of Unix tools like CAT:
UPD2: Software Work with Streams