Introduction

AltDS support was added to NTFS for compatibility with Macintosh’s HFS file system, which used a stream of resources to store icons and other file information. Using AltDS is hidden from the user and not available by conventional means. Explorer and other applications work with standard stream and cannot read data from alternative ones. With AltDS, you can easily hide data that cannot be detected by standard system checks. This article will provide basic information about the operation and definition of AltDS.

Create AltDS

Creating AltDS is very easy. To do this, use the command line. To begin with, we will create a base file to which we will attach our streams.

C: \> echo Just a plan text file> sample.txt

C: \> type sample.txt
Just a plan text file

C: \\>

Next we use the colon as an operator to indicate that we will use AltDS:

C: \\> echo You can't see me> sample.txt: secret.txt

You can use the following commands to view the content:

C: \ more <sample.txt: secret.txt

or

C: \ notepad sample.txt: secret.txt

If everything works well, then you will see the text: You can't see me, and when opening from Explorer, this text will not be visible. AltDS can also be attached not only to the file, but also to the folder. To do this, create a folder and attach some text to it:

C: \> md stuff
C: \> cd stuff
C: \ stuff> echo Hide stuff in stuff>: hide.txt
C: \ stuff> dir
Volume in drive C has no label.
Volume Serial Number is 40CC-B506Directory of C: \ stuff
09/28/2004 10:19 AM <dir>.
09/28/2004 10:19 AM </ dir> <dir> ...
0 File (s) 0 bytes2 Dir (s) 12,253,208,576 bytes free
C: \ stuff> notepad: hide.txt

Now you know how to view and edit attached AltDS with notepad, as well as attach it to files and folders.
')

Hiding and launching applications

Hide applications using AltDS is as easy as test files. First, create the base file again:

C: \ WINDOWS> echo Test> test.txt

Next, put our application in the stream, for example I used notepad.exe:

C: \ WINDOWS> type notepad.exe> ​​test.txt: note.exe

Now, make sure that our file also contains all the text:

C: \ WINDOWS> type test.txt
Test

And now the most interesting, let's launch our hidden application:

C: \ WINDOWS> start. \ Test.txt: note.exe
C: \ WINDOWS>

Since this article is not a complete translation of an article taken from here , it is designed as a simple topic. Additional tricks can be found at the link.

UPD:

Utilities for working with AltDS (the list is taken from the article at the link above):

LADS - List Alternate Data Streams by Frank Heyne
www.heysoft.de/Frames/f_sw_la_en.htm

Streams.exe from SysInternals:
www.sysinternals.com/ntw2k/source/misc.shtml#streams

ScanADS command line tool:
www.kodeit.org/products/scanads/default.htm

ADS Spy GUI Scanner:
www.spywareinfo.com/~merijn/downloads.html

Crucial ADS GUI Scanner:
www.crucialsecurity.com/downloads.html

ADS Detector for Explorer:
www.codeproject.com/csharp/CsADSDetectorArticle.asp

Windows ports of Unix tools like CAT:
unxutils.sourceforge.net

UPD2: Software work with threads