I'm making a program where I want it to copy itself into an alaternate data stream of another file. There is information out there on how to do it externally via the command prompt. However I want to build this feature into the code so that the file automatically performs that function. The code is in C++, btw. However, this feature of windows is not very well documented, and MS doesn't even mention functions in C++ that can do this. I know that this is possible since the virus W2k.Streams did just that. It copied itself into the data streams of various files. If anybody here has good detailed papers describing how to use this specifically in C++ programming let me know.

Good luck. When this came up earlier, few folks appeared to know about it.

Here's a link to the earlier discussion http://www.governmentsecurity.org/forum/in...p?showtopic=907

Thanks, but I'm looking more for the APIs & functons of integrating data streams in C++. Yeh, this does seem to be a problem with ADS, very few people seem to know that much about it, heh even google and programming websites don't really talk about it, besides basic usage. For some reason MS refuses to document them in detail or create tools for managing them as well. Well if anyone does find something, post it here.

http://msdn.microsoft.com/library/default..../html/ntfs5.asp

a

Well that defenitely is an interesting article, I prolly didn't find it since I was using the word "alternate" as a keyword. Anyway, this is what I was looking for, thanks.

accessing an alternate is quite simple. each alternate data stream is limit to 4GB and only possible on ntfs volumes. a alternate file stream cannot be deleted until the file is removed, it can only be overwritten, and some avs don't scan alernate file streams.
to access one you only need to add an ":" after the filename and behind that your stream name.

example: