An example of a Loadable Kernel Module (LKM) that hooks the system call table.
This module will hide any userspace files that start with a certain prefix from any program that uses the getdents system call to list a directories files.
To use this, run sudo build_and_install.sh in the superhide folder. Remeber where the folder is, because it will be hidden now.
To remove this, run sudo remove_and_clean.sh in the superhide folder.
This program only captures the getdents syscall for hiding files, it doesn't hook the getdents64 call because just doing getdents was enough for a proof of concept. Turns out most things just use the getdents syscall though.
Note: I have found this to not work on some newer kernels.