A processor-based method to defeat file and process hiding techniques in a computing device is provided. The method includes generating one of a path permutation, a symlink, or an address, for a path to open or obtain status of a tool or function in a library in a mobile computing device and making an open or status call for the tool or function, using the one of the path permutation, symlink or address. The method includes avoiding a pattern match and blocking, by an injected library, of the open or status call, the avoiding being a result of making the open or status call using the path permutation, symlink or address.