Inject dll to explorer.exe and hide file from process.
Microsoft Detours Library - https://github.com/microsoft/Detours
Compile:
- Unzip source code, open command line and enter to source directory
- SET DETOURS_TARGET_PROCESSOR=X64
- C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat
- NMAKE
Add detours.lib to Linker additional libraries.
Hooked Functions:
- NtQueryDirectoryFile
Microsoft try to hide it, The address to the function is dynamic, you need to find it yourself. - RtlUnicodeStringToAnsiString