disable folder-hiding and folder no-search CLSIDs

Discussion in 'Windows 7 Help and Support' started by sbalfour, Jul 30, 2010.

  1. sbalfour

    sbalfour New Member

    Jul 22, 2010
    Likes Received:

    OK, I've had enough of things I can't see. How for example, can I find and view all files
    named "index.dat". If you enter this into the search bar, you won't find any, but I assure you, there are dozens on the typical system. And that's just the tip of the iceberg.
    There're many thousands of files that can't be viewed or found. I've selected show
    hidden files and protected operating syswtem files, and show common file extensions
    in folder options.

    The problem is these two keys typically found in desktop.ini files (which themselves are
    The first says to hide this folder from the UI; the second to exempt this folder from being searched.

    I want to see all such folders. Deleting these keys from the registry does not unhide the folders. The registry keys are kind of placeholders - they don't enable or create
    any capabilities. These keys are recognized implicitly by the kernel and their function
    exercised with (usually) some default value. Can a value be set somewhere to turn
    them off? Or maybe replace or equate their function to doing something innocuous,
    or a no-op.

    Mounting the disk on another windows installation won't unhide the folders because
    that windows copy will also recognize the keys.

    Mounting the disk on a system booted from a linux live distro like Knoppix will find
    all hidden folders and files. But manipulating (writing) to NTFS from Unix sometimes
    has unexpected consequences.

    Another similar problem seems to be Windows not displaying file/folder names completely.
    Some files seem to have invisible non-displayable characters in their names. I.e., if I
    navigate to the file through the UI, then copy and paste its name into a command
    window as an argument to a delete or other command, it will say "No Such File" or
    a similar message. So how do I see the real name? (I've already enabled show common file extensions folder option).

    A different problem I encountered while trying to purge a virus, was registry keys that
    contain nulls. Apparently, some legitimate keys also do. Maybe file/folder names
    do too? If a name contains a null or other non-ascii character, the character should
    be displayed in the UI as a meta-character: ^0 for null for example.

    There may be other ways of hiding files, too, that I'm not aware of. I once had
    a program rootkitrevealer, which displayed any files that are found in the file
    table that don't show in the Windows UI. It was eye-opening. The Windows 7
    version of that program runs as a service that I'm unable to start. There was also
    another program, findallfiles or similar name on XP, that I seem to have lost. It
    also found invisible files. I want Windows search to find everything... I do mean everything. I've seen forensic tools that can read the FAT or NTFS file table
    completely and correctly, why can't Windows just "do it"? There are serious security
    implications to not being able to "see" in the ordinary way. In windows, seeing is
    exclusively through the Windows Explorer UI. As an Administrator, if I see a file that
    has a weird name, an owner different than other files in the directory, permissions inconsistent with its function, or an inappropriate extension for the directory its in,
    I know immediately that I need to investigate.

    Some files remain invisible to administrator for permissions reasons. Administrator
    is owner of "System Volume Information", but the UI shows 0 items there. Nonetheless,
    through reducio-ad-absurdium methods, I know something really big is hiding there.
    That's system recovery information... why hide that?? I'm not going to go mucking
    with permissions on "System Volume Information", in case I invalidate shadow copy
  2. zvit

    zvit Honorable Member

    Nov 3, 2009
    Likes Received:
    Open Windows Explorer, go to Tools\Folder Options\View and click on "Show hidden files, folders and drives", and also un-check "Hide protected operating system files" and you will see the index.dat and lots of other hidden and system files.

    I must warn you - people that leave these files visible, will mess up their system quickly.

    Why do you need to see these files? You don't see air but breathe just fine. You don't see your kidneys but they work ok. Some things are hidden to protect you. I suggest keep them hidden. Even if YOU know what you are doing, someone else might be on your computer and totally mess it up.

    About non-correct displaying of file names in cmd, instead of copying the file name, do what I do, and just drag the file to the cmd window, which will put the correct name there.

    With permissions I won't argue with you. I feel like Windows won't even let me pee in my own back yard.

    P.s. Some programs WILL show you all hidden and system files no matter what your Windows settings are, like LupasRename (freeware). http://www.lupasfreeware.org/rename/
    #2 zvit, Jul 30, 2010
    Last edited: Jul 30, 2010
  3. sbalfour

    sbalfour New Member

    Jul 22, 2010
    Likes Received:
    I know about the folders option to show hidden and system files - it's on, because I can see
    such files as hiberfil.sys and pagefile.sys, when they're normally hidden. Search finds no
    index.dat files on my system, though there are 27. I know, because a search from a
    Knoppix live CD finds 27 of them, they are non-zero length, and otherwise normal files.
    Linux does not use the Windows API, and Windows isn't running when booted from Knoppix,
    so it can't protect the files from search. I'm fairly knowledgeable about hidden files;
    Windows uses CLSID tricks to hide the index.dat files (and many thousands of other files).
    It may use other tricks I don't know about. The search I can't do, which is what I want to do,
    is "find all files invisible to the Windows UI". Malware hides the same way - by intercepting
    the Windows API calls and deleting references to their own files. As for users shooting themselves
    in the foot by seeing these "superhidden" files, a large number of such files are just temporary
    internet files in the content.IE5 folder. They're never deleted by Windows IE, yet their cumulative
    size can get to be many GB on a system that's been in operation for a while. On my system, they
    totalled 13GB! All junk, all safe to delete. As a sysadmin, I want to know which superhidden
    files really are trouble, and which ought to be seen (and deleted). It's stuff that CAN'T be seen,
    read, or deleted by ordinary UI operations that spells trouble.

    I might add, that Linux users don't have any of these problems, and nothing is ever invisible.
    You need read permission to see into directories (folders) of course. But users never have
    write permission to system objects. On my multi-user research machine, I have write
    permission on only one directory - my home directory and everything I own is in there. Each
    user is the same way. Executables may not be installed or kept in home directories - they
    are installed by users with a privileged installer process (sudo install) into a /usr/local/<userid>
    area. where they become owned by system (root), with read and execute only permissions
    to the world. Any user-owned object in a system area or system-owned object in a user area
    is cause for immediate concern, and is likely to be quarantined without notice by the administrator
    (me). It's trivial to find such objects, so a scheduled administrative process runs every night
    to check for them. I can't remember the last time I had a malicious program or process on the
    Linux machine. I don't think it's ever happened. And I've never had a user erroneously delete
    a system object - they can't.

    I'm making the point here that it is simplicity, not complexity that contributes to security, reliability
    and usability. Windows / MS doesn't "get it".
  4. zvit

    zvit Honorable Member

    Nov 3, 2009
    Likes Received:
    I can understand your frustration. Just a note, most "big" junk will be in Temp folders (for instance, the content.IE5 you mentioned is in %Userprofile%\Local Settings\Temporary Internet Files) that you can always delete their contents.

    Otherwise, Windows hides what it thinks should be hidden and we have to manually sort it out or use 3rd party software to clean "junk" from our computers.
  5. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Oct 16, 2009
    Likes Received:
    I did a search for *.dat files and found quite a few. The main thing is to start in the root directory, which in Windows Explorer needs to be set before you start the search. These may not be the exact files you are looking for, but many index.dat files do show up.

Share This Page