NTFS备用数据流 [英] NTFS alternate data streams

查看:302
本文介绍了NTFS备用数据流的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

今天我看到了这个奇怪的魔术NTFS系统支持:每个文件可以有多个数据流。基本上可以有一个0b大小的文件 a.txt ,但是可以有任意数量的字节隐藏在该文件的单独数据流中。这是严格的NTFS相关的魔术,我没有看到有这些流的周围的任何高尚的理由。您可以在Sysinternals的 streams 实用程序的帮助下查找NTFS流。这将告诉你,基本上这些讨厌的 thumbs.db 文件中的每一个都带有一个额外的数据流。



好吧,现在我已经看到了在Windows NT4系统上的这个神奇的工作,流添加到文件,复制,删除(在上述实用程序的帮助下),但我现在试图在我的Win XP系统在家里,但虽然当我使用 filename:streamname 语法时,我可以检测到现有的流,我无法显示它们的内容,无法创建新的或者非常多的东西。



我得到这个错误:

lockquote

文件名,目录名或

示例:
来自流实用程序的输出:

  c:\ DOWNLOADS> streams.exe -s。 

Streams v1.56 - 枚举备用NTFS数据流
Copyright(C)1999-2007 Mark Russinovich
Sysinternals - www.sysinternals.com

c :\DOWNLOADS\1013.pdf:
:Zone.Identifier:$ DATA 46

c:\ DOWNLOADS> type 1013.pdf:Zone.Identifier
文件名,目录名称或卷标语法不正确。

为什么我不能显示备用数据流的内容?



查看如何使用NTFS备用数据流,我可以看到这适用于我的操作系统,虽然他们确实提到这些流将来不会被支持。任何人都可以解释这一点吗?

Windows NT 4.0引入了NTFS数据流,并且在所有的后代(不包括win-95后代:98,NTFS,NTFS,NTFS,NTFS,我)。在XP,Vista和Win 7中,他们还在。只要Windows版本支持NTFS,他们将支持文件流。他们将支持NTFS很长一段时间。



您在您的问题中显示的页面中描述了您的错误。 类型命令不理解流。使用:

 更多< 1013.pdf:Zone.Identifier 






使用流 b
微软只有少数几个可以使用stream的命令,实际上只有< > 使用流,因此只能使用可以使用这些重定向操作符的命令。我写了一篇一些关于备用数据流的博文,只有这些命令才能操作流。



流只能用于与它们配合使用的程序,仅仅是因为需要专门处理它们(比较交汇点,也是NTFS的一个功能,但是驱动程序隐藏了细节和程序,不需要做任何特殊的事情:他们只是将交接点视为一个真实的文件)。

当您尝试使用开始文件名:流名称打开文件流时,程序会显示非法文件名或找不到文件,并且您确信流名是正确的,那么程序可能不支持流。我注意到记事本,写字板和Word / Excel可以正常使用流,尽管Word和Excel认为这些文件是危险的。以下是一些实验,您可以试试。






注意:您似乎认为备用数据流是奇数。它们很奇怪,因为它们如此隐藏,但许多主要的文件系统(HFS,NSS)都有,它的概念可以追溯到80年代初。事实上,最初这些流被添加到NTFS与其他文件系统的互操作性。

Today I have seen this weird magic NTFS system supports: each file can have multiple data streams. Basically one could have a file a.txt of 0b size but there can be any number of bytes hidden in a separate data stream for that file. This is strictly NTFS related magic and I don't see any noble reason for having these streams around. You can look for NTFS streams with the help of the streams utility from Sysinternals. This will show you that basically every one of those nasty thumbs.db files comes with an extra data stream.

Okay, now I have seen this magic work on a Windows NT4 system, streams added to files, copied over, deleted (with the help of the aforementioned utility), but I am now trying this at home on my Win XP system, but although I can detect the existing streams, I can't display their contents, can't create new ones, or very much anything when I use the filename:streamname syntax.

I get this error:

The filename, directory name, or volume label syntax is incorrect.

Example: Output from the streams utility:

c:\DOWNLOADS>streams.exe -s .

Streams v1.56 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals - www.sysinternals.com

c:\DOWNLOADS\1013.pdf:
   :Zone.Identifier:$DATA       46

c:\DOWNLOADS>type 1013.pdf:Zone.Identifier
The filename, directory name, or volume label syntax is incorrect.

Why can't I display the contents of the alternate data stream?

Looking at the Microsoft documentation on "How To Use NTFS Alternate Data Streams", I can see that this applies to my operating system, although they do mention that these streams will not be supported in the future. Anyone can shed any light on this?

解决方案

From the top of my head: NTFS datastreams were introduced in Windows NT 4.0 and have been around in all descendants (excluding the win-95 descendants: 98, Me). In XP, Vista and Win 7 they're still around. As long as Windows versions support NTFS, they will support file streams. They will support NTFS for a long time to come.

The error you have is described on the page you show in your question. The type command doesn't understand streams. Use:

more < 1013.pdf:Zone.Identifier


Working with streams

Microsoft only has a handful commands that work with streams, in fact, only <, > work with streams, and thus only commands can be used that can work with these redirect operators. I wrote a couple of blog posts on alternate datastreams on how you can still manipulate streams with only these commands.

Streams will only work with programs that are designed to work with them, simply because they need to be treated specially (compare junction points, also a feature of NTFS, but the driver hides the details and programs do not need to do anything special: they just consider the junction point a real file).

When you try to open a file stream using start filename:streamname and a program says something like "illegal filename" or "file not found", and you are positive that the stream name is correct, then it's likely that the program does not support streams. I noticed that Notepad, Wordpad and Word/Excel work correctly with streams, though Word and Excel consider the files dangerous. Here are some experiments you may try.


NOTE: you seem to consider alternate data streams odd. They are odd because they are so hidden, but many major file system (HFS, NSS) have it and the concept dates back to the early 80s. In fact, originally the streams were added to NTFS for interoperability with other filesystems.

这篇关于NTFS备用数据流的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆