Hide and Seek – Understanding how to see Hidden and System files

In this exercise, you will learn how to view “Hidden” and “System” files from the Command Prompt and from Explorer.

Required software:

  • Windows XP or newer installed to C: drive with no settings changed
  • Steps were designed on Windows 10. If screenshots don’t match up exactly, it could simply be you aren’t on the same version of Windows or Microsoft released an update and changed how something looks.

Rating:

  • Difficulty = Basic
  • Skills learned = More important than you know

 

 

Why is it important to know both user interfaces?  Because you will find that the GUI lies and it’s good to learn how to look at an Operating System from multiple angles.

Typically, the only time you will see Explorer lie about Hidden and System files is if you are working on an infected system which keeps turning off viewing of Hidden and System files.  This is rare to see, but you will waste a lot of time if you don’t go and check for Hidden and System files from the command prompt.  The other reason to look at something from the command prompt is when you are troubleshooting an issue and only using Explorer.  If you feel like you are getting stuck, try looking at the situation from another point of view.  In this example, the other point of view will be via Command Prompt.  You will be amazed how doing something as simple as changing your perspective will allow you to see what you have been overlooking.

 

To start, let’s setup a few things.  First, we will need to open an administrative command prompt.  Do this however you like.  I will blog on the multitude of ways it is possible to do this later.  Here are the steps to follow for setup:

  1. Open an Administrative Command Prompt
  1. Change directories to the C: drive

cd C:\

  1. Make a directory named “HideNSeek” without the quotes

mkdir HideNSeek

  1. Change directories into your “HideNSeek” folder

cd HideNSeek
Your command prompt will now look like this:

 

  1. Execute the following 3 commands to create 3 files

echo. > OneFile
echo. > TwoFile
echo. > ThreeFile

  1. List these files with from the command prompt

dir
You should now be seeing something similar to this:

Notice how you can see all 3 files.

 

  1. Execute the following 2 commands to hide some of the files.

attrib +h TwoFile
attrib +h +s ThreeFile

  1. Now list the contents of the folder

dir
Ask yourself a few questions.

  • How many files do you see?
  • What did the attrib command do to these files? Feel free to run the command “attrib /?” without quotes to try and decipher the attrib commands.
  • Why is it that you can’t see all the files?

 

Now that we are done contemplating those 3 highly philosophical questions, let’s see how to view these files from the command prompt.

  1. Apply some secret sauce to see all 3 files from the command prompt.

dir /a
Time for some more important life questions, don’t worry, I’ll help make sense of what we just did with that command.

  • What did the “/a” do for our command?
  • Does using “dir /?” help make sense of the command?

If you looked at the use of “dir /?”, you will see that there isn’t a very good explanation for “/a” and how to use “/a”.  All the explanation we get is “Displays files with specified attributes”.  But we didn’t specify any attributes, which is exactly why our command worked.  Basically, if we just don’t specify any attributes of interest, it displays all files with any attributes (except for alternate data streams, but that’s a story for another day).

  1. Lastly feel free to play with these commands to view the file attributes of each file. I won’t explain this section, so use some of the tricks hinted at so far to see if you can make sense of each command.  Be careful to not get ahead of yourself and start using different commands than the ones listed below.  You might remove the attributes we set and then you will be lost for the next GUI section.

attrib OneFile
attrib TwoFile
attrib ThreeFile
 

Let’s move on to using explorer to view these files.  Now just follow this guide here and you will see some fairly big differences.

  1. Use the following to open up our folder directly and quickly:

Windows Key + R

Type in: C:\HideNSeek

Press Enter

Now that we are in our folder, ask yourself this question.

  • How many files do I see?

If you haven’t changed any settings in Windows yet, all you should see is something like this:

You can’t see any of the other 2 files.  Let’s change that.

  1. Perform the next few steps to open up what we need on any version of Windows:

Windows Key + R

Type in: control.exe folders

Press Enter

  1. You should now have a “File Explorer Options” window open. In this window Navigate to the “View” tab.
  2. Locate the option called “Show hidden files, folders, or drives”, select this option, and simply click “Apply”

Now that we have clicked “Apply”, contemplate this:

  • Why can you only see 2 files and not 3 files in your HideNSeek folder from the GUI?

The answer to this is simple and you have likely forgotten about or simply did not know about this one other setting.  To simply state the issue of why you only see 2 files, you only turned on viewing of “Hidden” files.  That option called “Show hidden files, folders, and drives” only turns on viewing of “Hidden” files.  So how do we turn on viewing of “System” files?  Well that’s what we’re gonna do next.  Don’t rush me.  I’m getting there.

  1. Go back to our open and waiting “File Explorer Options” window.
  2. Scroll down a single line by using the tiny down arrow on the scroll bar.
  3. Locate the setting “Hide protected operating system files (Recommended)” and uncheck it. Now click “Apply”

You will get a pop up window. If you have never read this message, read it aloud to yourself.  Once you are done talking you yourself like a crazy person, click “Yes”.

Guess what…..that’s it, you are done.  If you followed the above instructions, you will now be able to see all 3 files.  It’s like we figured out x-ray vision.

Last thing to do is to see how to manipulate the attributes “Hidden” and “System” from the GUI.  It’s simple, just right click on a file and choose properties.  Look around for where you would mark a file as “Hidden” or “System”.  Once you are done going crazy looking for “System”, come back here and read through the following takeaways.

 

 

Main Takeaways:

  • Hidden = “Show hidden files, folders, or drives”
  • System = “Protected operating system files”
    • It is simpler to just say Hidden and System instead of those long descriptions.
  • When viewing Hidden and System from the command prompt, you simply use the “dir /a” command. Basically, just always use this command instead of “dir” by itself.  It will save you a headache.
  • When viewing files in the GUI, you should turn on “Show hidden files, folders, or drives” and turn off “Hide protected operating system files” or you might end up not seeing the whole picture.
    • Extra Pro Tip: When changing the settings in “control.exe folders” to allow viewing of hidden and system files, also uncheck “Hide extensions for known file types”. Trust me, changing those 3 settings will allow the GUI to not lie to you….as much as it normally does.
  • Fastest method to open up “Folder Explorer Options” (aka Folder Options) on any Windows OS is to execute “control.exe folders” from the run prompt (Windows Key + R)

 

Bonus Takeaways:

  • If you are uncertain of a command in Windows, just put a “/?” at the end of the command to get Windows to explain itself.
  • The only way to mark a file as a “System” file is from the command line using the “attrib” command.
  • You now know how to make a new folder from the command line using “mkdir” and you know how to do some basic changing of directories via command line using “cd”
  • Its important to read what a pop up message says.  Especially if you have never read it before.

 

One thought on “Hide and Seek – Understanding how to see Hidden and System files

Leave a Reply

Your email address will not be published. Required fields are marked *