Smart phones can be rooted to gain privileged or administrative control or access, also called root access, to tools and functions otherwise unavailable. Rooted phones often use file or process hiding techniques such as path or library obfuscation so that unauthorized software is not visible. Unfortunately, malicious software can also be hidden using the same techniques. A common technique for hiding the presence of files or running applications is hooking libraries to block access to certain files. For example, on rooted ANDROID™ phones, one evasion technique is to hook open or status calls on system files. This prevents discovery of what applications are installed, and even prevents discovery of binaries that indicate the presence of malicious software or policy violation. Therefore, there is a need in the art for a solution which overcomes the file or process hiding techniques described above.