My buddy Mark has told me a bit about hiding programs from detection, etc. He blogged this article that walks you through the entire process, including using Alternative Data Streams (ADS) to stuff your code into an existing EXE. I don't mean to inject the DLL, but physically store your code in another EXE, so you can't see it, even from explorer!

Only bummer - ADS only works in NTFS.

Anyway - here's the article. I'll leave it up to Marchello to implement :)

CodeGuru: Keyboard Spy: Implementation and Counter Measures

Posted 5:17 PM    |    0 comments    |    Permalink