Stop Microsoft
All Things Microsoft => Microsoft Software => Topic started by: <IsraeliTerrorist> on 13 December 2001, 05:53
-
quote:
I) A "really hidden" file/folder is one that cannot be seen in Windows Explorer after enabling it to view all files...
Could one give an example of such a file/folder?
quote:
The UICLSID line cloaks the folder in both DOS and Explorer. The CLSID line disables the "FIND" utility from searching through the folder. (Additionally, it gives a folder the appearance of the "History" folder.)
How can the folder be cloaked yet have the appearance of the "'History' folder?"
System folders are quite visible in Windows Explorer and in DOS when the appropriate settings or methods are used. For example, in Windows Explorer (in Win Me) go to the "Tools" menu and click on "Folders options...". View the "View" tab and uncheck the option "Hide protected operating system files (Recommended)."
Additionally, in DOS one can also view such folders quite easily. Such information has seemingly been excluded from the featured article, however. At the command prompt, type:
dir c:\ /s /ads
...to view all system directories on the C drive. Alternatively, one can replace the "s" in "/ads" with an R or H to view read-only files or hidden files, respectively. The process can be repeated once inside a system directory by typing:
dir /s /ads
...where the "s" can be replaced as needed as well.
-
Um, sorry, that will not work. The "really" hidden folders CANNOT be viewed under DOS without first patching command.com. (Going into the code and stop whatever mechinism is hiding the files.)
An example of such folders would be
C:\windows\tempor~1\content.ie5
and
C:\windows\history\history.ie5
Without knowing the names of these files, you will never find them. These files also have subdirectories in them, which makes them particularly interesting. Go take a look.
While you're at it, copy the index.dat file out of this folder and prepare to be astonished. I realize that not many people know about these folders. There isn't anything very *evil* about them, because I guess they do have some practical use. But just try and delete them, and watch them pop back up after you restart windows. When you're ready to know more go here:
http://crackice.cjb.net (http://crackice.cjb.net)
My website will give you a little more insight into these folders.
{Oh, and you CAN find the content.ie5 folder using Explorer. The only problem is that it will look like the folder is empty. THAT IS A LIE!}
-
Oh, I apoligize, the first DIR command you've listed doesn't work. The second one did if you first go into the parent folder where the secret directory is stored. This is still a bit misleading though.
Sorry. ;)
-
quote:
Originally posted by ChakanTGM:
Um, sorry, that will not work. The "really" hidden folders CANNOT be viewed under DOS without first patching command.com. (Going into the code and stop whatever mechinism is hiding the files.)
An example of such folders would be
C:\windows\tempor~1\content.ie5
Without doing *any* research on this subject and rather than booting into Windows on my dual boot machine I just looked at the Windows partition from my Linux side. Under "/c/windows/Temp*/Content.IE5" I see directories that I believe are IE browser cache directories, similar to the cache directories you will find in Netscape or on a Squid proxy. I believe they are the files/directories you will see if you right click on the IE icon, then "properties", then "settings" then "view files". The index.dat file would be an index to these files and would be where the list you see in the IE settings come from (in Linux do a "strings index.dat | more" and compare). So they are special folders and files that are in my guess built for speed (hash DB etc). There is nothing wrong with this in my opinion, as much as I would like to find something to slam MS with. Nothing any of the other OSs aren't doing... e.g. /proc filesystem, "loop" devices etc...
If you can't find the files in the Win partition from the Linux side then they aren't really files at all. They are probably a data file that when viewed with a special program or driver may contain what can be displayed as files/directories through that driver/program.
For instance, take a CD ISO image file on a Linux hard drive. In that form it is just a file, an image of an ISO file system. Now if you mount that file using a "loop" device you can use it as a real filesystem and make it appear as part of your current filesystem.
Am I off on this, or do you have examples other than IE cache or history?
-
quote:
Originally posted by ChakanTGM:
Oh, I apoligize, the first DIR command you've listed doesn't work. The second one did if you first go into the parent folder where the secret directory is stored. This is still a bit misleading though.
Sorry. ;)
And did you try looking at and changing the attributes of the directory/files using the "attrib" command? I'm taking another guess that these may have hidden/system attributes and that doing an "attrib | more" would see these directories, and if you did an "attrib -r -h -s tempor~1.ie5" you will be able to see it with a normal "dir" command and be able to cd into it.
This is not rocket science and not sinister.... I'll surely be happy to be wrong... let me know.
-
All I can say is, restart your computer in Windows and test your hypothesis. They don't call them "REALLY HIDDEN FILES" for nothing.
{If you don't want to do that, then here's the answer: You will not see these files the way you've described.}
If you would like to research this, go to the homepage of this website and look for "Microsoft's Really Hidden Files" by theRIDDLER.
Or go to Hackers.com and ask him about these files yourself.
I think it's nice that you mention Linux can go into these files without a hitch.
-
Oh, and VoidMain, you can rest assured that Microsoft has done everything possible to hinder anyone's tampering with these files. An attrib command may or may not work the first time around. But if it does, you will have to do it repeatedly.
These files are recreated, using the same attributes, everytime you start up Windows.
I know this for a fact.
The reason these files are such a big nusance is simply the index.dat files which are contained in them.
They store every single website you have ever been to since you've had Internet Explorer. This is because when you clear the cache, these files aren't cleared. And they are even preserved when the folders that contain them are recreated.
Think about this.
-
quote:
Originally posted by ChakanTGM:
Oh, and VoidMain, you can rest assured that Microsoft has done everything possible to hinder anyone's tampering with these files. An attrib command may or may not work the first time around. But if it does, you will have to do it repeatedly.
Well, I can understand why these "special" files/directories are recreated when they are critical to the operation of their OS and or browser. I *am* surprised though that Microsoft actually "thought ahead" and checked for the existance of files/directories critical to the operation of OS actually existed, let alone recreate them if they don't. My guess is that the dat file not being cleared when the cache is cleared is an incompetent programmer oversight.
As to why they are hidden? Microsoft really thinks the people that use their OS are stupid (and most of them are, technically). Another thought is on multiuser setups of MS they probably want to make it harder for users to see where the other users of the machine have been browsing (course firewall/proxy logs take care of this (http://smile.gif) .
Again, this is the IE cache, I would expect it to be recreated when the system is rebooted if it does not exist just like Netscape does, just like Squid Proxy server does, etc etc... Why they have hidden it in the way they have I'm not convinced it's an evil plot.. Please prove me wrong...
-
Oh and I'm not going to reboot into Windows just to check this but do you have more than one logon user on your Win* box? Remember that if you clear the Cache for your current logged on user it will not clear every other user's cache that has ever logged on. I believe on Win9x/me machines all users that log on use the /c/windows/Temp*/Content.IE5 for their browser cache. You have probably logged on previously as a different user.... just guessing. Am I wrong again"?
And one more thing.. I don't have a single "*.microsoft.com" URL in my dat file (I block it at my firewall/proxy along with boatloads of others, I love censorship!).
[ December 13, 2001: Message edited by: VoidMain ]
-
Ah, VoidMain, you are falling into the very same trap that I fell into. These files, in fact, ARE NOT CRITICAL TO THE OPERATION OF INTERNET EXPLORER OR WINDOWS!
How do I know this? Because I'm a Cracker and a Reverser.
'So what?' you're probably saying.
Well I haven't really announced it yet, but I've permenently eliminated these files. Not only that, but I've also stopped Internet Explorer from caching ANY FILES FROM THE INTERNET.
'But how?', you may ask.
"Because I'm cool like that", is what I tell everyone.
But in all seriousness, I haven't had any problems with Windows or IE since. I've even decided to make a program to do this for you automatically.
'What are you talking about?'
Go to http://crackice.cjb.net (http://crackice.cjb.net) and see.
{10 minutes later}
'Holy Shit! Where can I get This?!'
Now calm down, VoidMain. Something like this needs to be copyrighted. I'll be taking care of that for the next few days. In the meantime, why don't you count down the number of days until I screw IE and Microsoft for the sake of all humanity.
By the way, those files are for record keeping purposes. Having a disk cache does not significantly speed up the Internet. Deleting the disk cache leaves risidual information on where you've been on the web. And Richard Simmons is gay.
That is all.
-
quote:
Originally posted by ChakanTGM:
Oh, and VoidMain, you can rest assured that Microsoft has done everything possible to hinder anyone's tampering with these files. An attrib command may or may not work the first time around. But if it does, you will have to do it repeatedly.
And I think I might know why they autorecreate these directories and don't want anyone to see them (God I hate to defend MS). I think if you have an old machine with Win95 on it you will see that the cache is not so hidden, and if you delete it it will not recreate the cache on startup. This will cause many errors/problems and it takes a little work to recreate this (there are instructions in microsofts KB). I recall this being a fairly common problem/annoyance on our cororate desktops... I think this was a way to more easily resolve the problem and cut down on support issues. Sound possible?
-
Ooops! Got to go. I'll see if I can get back to ya'll tommarrow.
peaceout
-
By the way, my program doesn't cause problems (not since the unreleased BETA). That is what makes it so freaking cool!
Just to give you some perspective: It took me over three weeks total to do this. Usually I'm able to crack something in about 5-10 minutes. But Windows has so many hidden APIs and shit, it's hard to understand what it does sometimes.
I'm going to create a full report on these hidden files, because I strongly believe that they are malicious. I have evidence. I've just been keeping on the low.
You take care now.
-
quote:
Originally posted by ChakanTGM:
Now calm down, VoidMain. Something like this needs to be copyrighted. I'll be taking care of that for the next few days. In the meantime, why don't you count down the number of days until I screw IE and Microsoft for the sake of all humanity.
Well, I applaud your work in prying into the evil empire but you sound just like the evil empire with the above statement. Sounds like to you want a job there.
I would rather see you put your efforts into helping people get rid of MS altogether.. Write Linux code... I don't use MS so I don't need a patch.
-
Now there is nothing wrong with capitalism, VoidMain. I need money just as much as the next guy.
As far as working at MS is concerned, I wouldn't do it for the life of me. I'm an independant person. I adhere to nobody.
Writing Linux code is something I'm interested in. I also use Linux about as much as I use Windows. I will do this when I get the chance, thanks for asking.
Well, I REALLY have to go now VoidMain. Keep your eyes open.
-
Hey ChakanTGM,
Your program sounds rather interesting in the fact that you say it stops IE from replacing those files.
However there is another way.
Go in under dos and delete the "hidden files" from the history folder first. You will have to use attrib and in order to that. Then go to Temporary Internet Files (C:\windows\tempor~1) and using attrib and dir change the attributes and remove EVERY FILE and FOLDER under the Temporary Internet Files folder. Then lastly delete the Temporary Internet Files folder.
Now when you reboot to windows don't use IE (or any browser based on the IE engine) to surf the net. Use only Mozilla based browsers and those files will not return.
I do that every time Windows crashes on me and I have to reinstall. Just crashed again a few days ago but this time I am expecting a set of Mandrake Linux disks tomorrow so I did not worry about it. I am hoping to permanently remove Windows soon.
Later
Centurian
-
quote:
And I think I might know why they autorecreate these directories and don't want anyone to see them (God I hate to defend MS). I think if you have an old machine
with Win95 on it you will see that the cache is not so hidden, and if you delete it it will not recreate the cache on startup. This will cause many errors/problems and it
takes a little work to recreate this (there are instructions in microsofts KB)
There is *nothing* evil about these "really hidden files". It's just more Macro$uck incompetence in action: security through obscurity. (And we all know what an effective strategy that is :-D )They just couldn't put those files in, let's say, a protected, priviledged account (Root would be a nice, catchy name for it) requiring, like, its *own* password that would lock out all other users? Seems I've heard of something like that somewhere. Not only that, but these files *never* go away! I've had the same rig for six years, and up till a month ago, it ran Win 95. Now why in the hell would I want to know what web sites I visited six years ago? And yet there they were! Didn't anyone suggest to His Gatesness an auto-expire feature?(!) Deleting those damn things took a little over 12 minutes. And I freed up almost 50 MB of disk space. That is rediculous! Once they were gone, I had no problems whatsoever. In fact, Win 95 seemed to run considerably faster than before. Then I got Mandrake and parted company with His Gatesness for good. I can't say I miss him.
-
To view the "Really Hidden Files," I just use my Gear Pro version 5. Its a CD writing software, and I can see EVERY file on my hard drive.
Have fun guys.
-
I seriously doubt that these files are necessary to the operation of Windows/IE in any way shape or form, but I'm equally skeptical of them being malicious. I'm not very concerned about them in the first place, since I only use IE for, shall we say, web browsing situations where I want to be discreet . . . as in, not have certain URLs autocomplete when I'm trying to show my mother something on my computer. (-; (And I could care less if Macrohard things I'm a pervert, although I did make the mistake of using my current main e-mail account in IE somewhere, and ever since I've been getting quite a slew of rather lewd junk mail in my inbox. Oh well, gotta be a wee bit more careful, I suppose.)
In any case, this is one more reason I can't wait to get back to using a Macintosh! Only one month left to wait, woohoo!
-
quote:
Um, sorry, that will not work. The "really" hidden folders CANNOT be viewed under DOS without first patching command.com. (Going into the code and stop whatever mechinism is hiding the files.)
An example of such folders would be
C:\windows\tempor~1\content.ie5
and
C:\windows\history\history.ie5
Without knowing the names of these files, you will never find them. These files also have subdirectories in them, which makes them particularly interesting. Go take a look.
Are the following "really hidden files" (or directories rather) as you said they were? These images were captured in Real Mode DOS using Screen Thief.
(http://www27.brinkster.com/sys7/screen01.gif)
(http://www27.brinkster.com/sys7/screen02.gif)
(http://www27.brinkster.com/sys7/screen03.gif)
-
quote:
Um, sorry, that will not work. The "really" hidden folders CANNOT be viewed under DOS without first patching command.com. (Going into the code and stop whatever mechinism is hiding the files.)
I'd like to point out that I made no modifications to command.com.
-
I hate these arguments. Nobody really takes the time to read anymore. They just spew.
This discussion would not exist if "IsraeliTerrorist" (fantastic name), wouldn't have (intentionally?) missed my earlier note that the information doesn't apply whote-heartedly to ME, 2K, or XP. One more time for the ones who need it spoon-fed: This article was written for 9x systems. I mentioned that in the article, and I even mentioned in the very thread that was created to answer the frequently asked.
Listen.
- There is no "Hide protected operating system files" option in 9x. When you enable Windows Explorer to "view all files" on a 9x box it will not display the corresponding index.dats.
- The dir/a/s is not a problem with NTFS -- it is a problem with 9x. Retry your tests with any 9x system.
- Like ChakanTGM already mentioned, the index.dat is not needed to make Windows operate. It's the database file that references your Internet Explorer cache/history/cookies. (Again, mentioned in the tutorial.) And it's not so much that the index.dats get automatically re-created on every single boot. What people should be thinking about is why Windows makes sure they are hidden on every single boot
--the riddler
[ December 18, 2001: Message edited by: The Riddler ]
-
quote:
Originally posted by jtpenrod:
There is *nothing* evil about these "really hidden files". It's just more Macro$uck incompetence in action: security through obscurity. (And we all know what an effective strategy that is :-D )They just couldn't put those files in, let's say, a protected, priviledged account (Root would be a nice, catchy name for it) requiring, like, its *own* password that would lock out all other users? Seems I've heard of something like that somewhere. Not only that, but these files *never* go away! I've had the same rig for six years, and up till a month ago, it ran Win 95. Now why in the hell would I want to know what web sites I visited six years ago? And yet there they were! Didn't anyone suggest to His Gatesness an auto-expire feature?(!) Deleting those damn things took a little over 12 minutes. And I freed up almost 50 MB of disk space. That is rediculous! Once they were gone, I had no problems whatsoever. In fact, Win 95 seemed to run considerably faster than before. Then I got Mandrake and parted company with His Gatesness for good. I can't say I miss him.
Your problem is youre a noob. You are upset that you werent told to periodically empty your cache/ temporary internet files, and instead of realizing this, you attack the maker's of the product. 12 minutes to clear a 50MB file? YOu need to upgrade your computer as well as your mind.
[ June 13, 2003: Message edited by: Emiko ]
-
Hey, at least he is free from his gateness. Thses files always have uses. The index.dat file, for instance, makes it easier to track the websites sex offenders visit. But on the other hand, what if microsoft is sending information on the wbesites I visit, to oh, say, 3rd party partners. It's an invasion of privacy if these files are making it to redmond. Oh, by the way, even if you do clear your cache files, the files in the content.ie5 folder will stay there. It takes a little bit more to kill those files. And you have to wonder, "why are they keeping these files?" Because gates is a d-bag, thats why!
-
Just thought I'd ask, but do you realise that this topic is more than two years old? I have good reasons to think that the original poster of this story is very unlikely to get your answers.
-
just wandering if there is any way to delete these files from XP, since there's no MS-DOS
-
Doesn't matter, all the MS-DOS commands still work. But if you try to run Duke Nukem 3D, it kinda fails...
-
Not quite. In Windows NT, command.com has been replaced by cmd, which is not the same. Therefore, it is possible that some commands have been crippled, like in Explorer, to keep users from seeing "really hidden" files.
Consider that Windows XP has been crippled to keep users from deleting system files, in order to keep them from uninstalling Explorer or WMP manually.
-
Running command still works in XP.
Personally I dont suffer from any of the paranoia so many seem to relish and indulge in, concerning hidden files, I really am not worried about the sites I browse to getting sent to MS for some global takeover machine or whatever the hell people are so worried about.
-
Well, me neither; but then, that's nothing compared to the restrictions planned by Microscoff in their NGSCB, or "Palladium" project. They will actually prevent you from running software if the binary is not certified (and certification comes with a cost, which means bye-bye freeware for Windoze).
Oh, and "command" in XP is, in fact, cmd. It's easy to check: go in the commandline and type something like "BillGatesIsAPrat". If you get "Bad command or file name", it's command. If it's a long answer like "This command is not recognised by the system blah blah blah", then it's cmd.
-
quote:
They will actually prevent you from running software if the binary is not certified
Though the MS site says the opposite.
-
quote:
Your problem is youre a noob. You are upset that you werent told to periodically empty your cache/ temporary internet files, and instead of realizing this, you attack the maker's of the product. 12 minutes to clear a 50MB file? YOu need to upgrade your computer as well as your mind.
All I have to say is: take a look at the date that I made that post: December 14, 2001. So I ain't no noob no more (http://tongue.gif) Furthermore, emptying the cache/Internet files doesn't work. These files that we're talking about aren't accessible from the GUI. You have to go to the command line otherwise you won't get them at all. As for the length of time it took to clear those files, at that time I had a Dell OptiPlex GSa with a P II (232MHz), and that's how long it took, 12minutes. Its HD finally rolled over and died and I got a newer, faster system.
And I'm still MS free. (http://tongue.gif) :D
_______________________________________
Live Free or Die: Linux
(http://www.otakupc.com/etsig/dolphin.gif)
"There: now you'll never have to look at those dirty Windows anymore"
--Daffy Duck
-
Okay folks here's something you might find interesting. After reading about the paranoia concerning the "really hidden files" I did some investigating and found some interesting things out. This is all relating to Windows XP, if you have another OS you'll have to try some variants of this information.
1.) The command "dir /a:" will display ALL files in a given directory, hidden folders, system folders, hidden files, system files etc. Notice that there is nothing after the colon.
2.) Turning on the Do not hide files option and the Show operating system files option will also display ALL files and folders in exploder.
3.) Internet Exploder caches the web sites that you have visited and Temporary Files size must be set to an integer between 1 and whatever, not to 0. (to be explained later)
4.) The index.dat files are your enemy, they keep the info from the web sites you have been visiting and the parameters for all the Internet searches you have been doing. In Windows XP, they are located both in [Drive Letter}:\Documents and Settings\%username%\Local Settings\Temporary Internet Files\Content.IE5
and ...\Local Settings\History\History.IE5
and ...\%username%\Temp\Temporary Internet Files\Content.IE5
and ...\%username%\Temp\History\History.IE5
Now here's the action part.
1.) Go into Safe Mode Command Prompt Only
2.) Choose the user whose profile you want to safeguard
3.) Goto the above directories and delete the index.dat from each of them
4.) Create a text file called index.dat with whatever info you want
5.) "attrib +r index.dat" - sounds easy huh?
6.) Remember to make an index.dat file for each one you del
7.) Use "dir /a:" to view the "hidden directories under both the Content.IE5 and History.IE5 directories.
8.) Edit the desktop.ini files in the "Temporary Internet Files" and "History" directories to remove all lines but the first line
9.) Now you can goto the exploder gui and navigate to the directories, view the contents and delete all directories under the "Content.IE5" and "History.IE5" directories
10.) Restart the system and go into the Internet Exploder
11.) Check out the Tools->Internet Options-> Settings button. It should read 0 at this point.
12.) These steps do not disable cookies so that is a similar but seperate process
I have noticed that Internet Exploder is a little slower than before this process, but it will not write to the index.dat files after this process, and if it is writing ANY files to the hard drive they are the most hidden files you will ever get. You must do this for each user as well.
DOS Nav Hint in XP - For those familiar with Linux when typing in the names for the really long or weird named directories, just type in the first few characters of the name then hit the TAB key, the shell will fill in the rest of the DIR or FILE name for you. Works great for the really long file and dir names.