NTFS 备用数据流 [英] NTFS alternate data streams
问题描述
今天我看到了NTFS系统支持的这个奇怪的魔法:每个文件可以有多个数据流.基本上可以有一个 0b 大小的文件 a.txt 但可以在该文件的单独数据流中隐藏任意数量的字节.这完全是与 NTFS 相关的魔法,我看不出有任何高尚的理由来处理这些流.您可以在 Sysinternals 的 streams 实用程序的帮助下查找 NTFS 流.这将告诉你,基本上每一个那些讨厌的 thumbs.db 文件都带有一个额外的数据流.
Today I have seen this weird magic NTFS system supports: each file can have multiple data streams. Basically one could have a file a.txt of 0b size but there can be any number of bytes hidden in a separate data stream for that file. This is strictly NTFS related magic and I don't see any noble reason for having these streams around. You can look for NTFS streams with the help of the streams utility from Sysinternals. This will show you that basically every one of those nasty thumbs.db files comes with an extra data stream.
好的,现在我已经在 Windows NT4 系统上看到了这个神奇的工作,流添加到文件,复制,删除(在上述实用程序的帮助下),但我现在正在我的 Win XP 系统上在家尝试这个,但是虽然我可以检测到现有的流,但是当我使用 filename:streamname 语法时,我不能显示它们的内容,不能创建新的,或者任何东西.
Okay, now I have seen this magic work on a Windows NT4 system, streams added to files, copied over, deleted (with the help of the aforementioned utility), but I am now trying this at home on my Win XP system, but although I can detect the existing streams, I can't display their contents, can't create new ones, or very much anything when I use the filename:streamname syntax.
我收到此错误:
文件名、目录名或卷标语法不正确.
The filename, directory name, or volume label syntax is incorrect.
示例:来自流实用程序的输出:
Example: Output from the streams utility:
c:DOWNLOADS>streams.exe -s .
Streams v1.56 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals - www.sysinternals.com
c:DOWNLOADS1013.pdf:
:Zone.Identifier:$DATA 46
c:DOWNLOADS>type 1013.pdf:Zone.Identifier
The filename, directory name, or volume label syntax is incorrect.
为什么我不能显示备用数据流的内容?
Why can't I display the contents of the alternate data stream?
查看有关如何使用 NTFS 备用数据流",我可以看到这适用于我的操作系统,尽管他们确实提到将来将不支持这些流.任何人都可以对此有所了解吗?
Looking at the Microsoft documentation on "How To Use NTFS Alternate Data Streams", I can see that this applies to my operating system, although they do mention that these streams will not be supported in the future. Anyone can shed any light on this?
推荐答案
来自我的脑海:NTFS 数据流 是在 Windows NT 4.0 中引入的,并且在所有后代中都存在(不包括 win-95 后代:98、Me).在 XP、Vista 和 Win 7 中,它们仍然存在.只要 Windows 版本支持 NTFS,它们就会支持文件流.他们将在很长一段时间内支持 NTFS.
From the top of my head: NTFS datastreams were introduced in Windows NT 4.0 and have been around in all descendants (excluding the win-95 descendants: 98, Me). In XP, Vista and Win 7 they're still around. As long as Windows versions support NTFS, they will support file streams. They will support NTFS for a long time to come.
您在问题中显示的页面上描述了您遇到的错误.type 命令不理解流.使用:
The error you have is described on the page you show in your question. The type command doesn't understand streams. Use:
more < 1013.pdf:Zone.Identifier
<小时>
使用流
微软只有少数几个可以处理流的命令,实际上只有<、>可以处理流,因此只能使用可以处理流的命令使用这些重定向运算符.我写了一篇关于备用数据流的几篇博文,介绍如何仍然只使用这些命令操作流.
Working with streams
Microsoft only has a handful commands that work with streams, in fact, only <, > work with streams, and thus only commands can be used that can work with these redirect operators. I wrote a couple of blog posts on alternate datastreams on how you can still manipulate streams with only these commands.
Streams 只会和那些被设计用来处理它们的程序一起工作,仅仅是因为它们需要被特殊对待(比较结点,也是 NTFS 的一个特性,但驱动程序隐藏了细节,程序不需要做任何事情特别:他们只是认为连接点是一个真实的文件).
Streams will only work with programs that are designed to work with them, simply because they need to be treated specially (compare junction points, also a feature of NTFS, but the driver hides the details and programs do not need to do anything special: they just consider the junction point a real file).
当您尝试使用 start filename:streamname 打开文件流时,程序显示非法文件名"或找不到文件"之类的信息,并且您确定流名称正确,那么很可能该程序不支持流.我注意到记事本、写字板和 Word/Excel 可以正确处理流,但 Word 和 Excel 认为这些文件很危险.以下是一些实验,您可以尝试.
When you try to open a file stream using start filename:streamname and a program says something like "illegal filename" or "file not found", and you are positive that the stream name is correct, then it's likely that the program does not support streams. I noticed that Notepad, Wordpad and Word/Excel work correctly with streams, though Word and Excel consider the files dangerous. Here are some experiments you may try.
注意:您似乎认为备用数据流很奇怪.它们很奇怪,因为它们是如此隐藏,但许多主要文件系统(HFS、NSS)都有它,而且这个概念可以追溯到 80 年代初.事实上,最初将流添加到 NTFS 是为了与其他文件系统进行互操作.
NOTE: you seem to consider alternate data streams odd. They are odd because they are so hidden, but many major file system (HFS, NSS) have it and the concept dates back to the early 80s. In fact, originally the streams were added to NTFS for interoperability with other filesystems.
这篇关于NTFS 备用数据流的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
