OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Windows file problem
From: Doe, John (LeaveMeHighAOL.COM)
Date: Sat Oct 07 2000 - 13:11:38 CDT

In a message dated 10/7/00 11:01:11 AM Pacific Daylight Time,
poeppingLOGICAL.CM.NU writes:

> Am I mising something? or is this just a flaw in windows (tested on
> windows nt 4.0 doesn't seem to work on windows 98, but need to try
> creating the file with vi.exe)

From MSDN:

o Streams

It’s little known that NTFS allows a single file to have multiple data
streams. This feature has actually been in NTFS since its very first version
(in Windows NT 3.1) but has been downplayed by Microsoft. This is unfortunate
 because streams can be incredibly useful in many situations.

...

To understand how this works, let’s perform an experiment. On a Windows
NT-based machine (any version) open a command shell. Then change to an NTFS
partition and enter the following:

C:\>ECHO “Hi Reader” > XX.txt:MyStream
When you execute this command, the system creates a file called XX.txt. This
file contains two streams: an unnamed stream that contains 0 bytes and a
named stream (called MyStream) that contains the text “Hi Reader”. If you
haven’t guessed by now, you access a file’s named stream by placing a colon
after the file name followed by the name of the stream. As with file names,
Win32® functions treat stream names as case-preserved and searches are case-
insensitive.

Unfortunately, the tools supplied with the system treat streams as second
class citizens at best. For example, execute the following command:

C:\>DIR XX.txt
Volume in drive C is Wizard
Volume Serial Number is 40E5-92D4

Directory of C:\
03/18/98 08:36a 0 XX.txt
               1 File(s) 0 bytes
               0 Dir(s) 3,399,192,576 bytes free
As you can see, DIR reports that the file size is 0 bytes, but this is not
true. The DIR command only reports to the user the size of a file’s unnamed
stream; the sizes of named streams within the file are not shown to the user.
By the way, Explorer also reports a file size of 0 bytes. This allows for
some geeky party games where you can allocate a large stream in a file on a
friend’s disk. The friend won’t be able to discover where all the disk space
has gone because all of the tools report that the file occupies only 0 bytes!
When working with streams, remember that it’s only the tools that don’t
treat streams with the respect that they deserve; NTFS has full support for
streams (they even count against your storage quota).

Now, to see the contents of the stream, execute this command:

C:\>MORE < XX.txt:MyStream
“Hi Reader”

...

Thus, a feature, not a bug...

-lmh