This page has been robot translated, sorry for typos if any. Original content here.

Alternate Data Streams to NTFS



There is such a thing in NT as ADS (Alternate Data Streams - additional data streams). And easier to say: NTFS supports multithreaded files in the form of : ; then eat one file can own several independent streams that differ in name (StreamName). Above these streams it is allowed to perform normal write / read operations, later specifying the file name through the colon with the stream name.
For example: the conclusion to the "monitor" of a program is redirected to an alternative stream: ping.exe >> somefile.txt: kakashka
The whole joke is that the explicit file size has not changed at all, since the axis will measure the size of the main (default) thread (for which the colon is not written, its name is also not written). But the space on the disc was smaller due to the fact that we recorded kakashka in the stream.
As allowed to use these things, guess yourself. :) ))) Although, of course, in addition to splitting NTFS-volumes, for ADS it is allowed to find many more other applications. For example: it is allowed to write a cool prog which is hidden in alternate streams;)
It is impossible to bang an alternative stream with the usual del. The easiest way to get rid of alternative streams is to transfer the file containing them to FAT, only then back. There are programs for their detection. For example, "lads". By the way, additional threads are allowed to cling to directories as well, only files in them can no longer be put :)


Copyright by MicroSoft




Material published by permission of DHGROUP (http://www.dhgroup.org)