Understand NTFS 2000 from the perspective of programmers: stream and hard links

xiaoxiao2021-03-18  255

Dino Esposito March 2000

Summary: This article discusses NTFS 2000 in depth, which is a new file system in Microsoft Windows 2000. (Printing a total of 19 pages)

table of Contents

1. Introduction 2, NTFS 2000 Overview 3, multi-file stream 4, flow basic principle 5, flow backup and enumeration 6, hard link 7, enjoy NTFS function 8, summary

Introduction

Since 1994, the myth of the full face to Microsoft (R) Windows NT (R) has been circulated for a period of time. Cairo - The legendary code name of the legend - has never been implemented outside the REDMOND laboratory. Since there is Cairo, some of its basic thinking will be accepted from time to time.

The basic idea behind Cairo is that the files and folders should be a collection of objects and objects. The content of the folder is not necessarily limited to the basic file system storage mechanism, you can use the object as a separate, separate project, access and copy them. Files and folder objects use methods and properties to display programmable APIs, which can be both standard or defined by owners or authors.

And what we have today is a file system that registers files and folders in some internal structures. When the file and folder moves in the disk, it will be copied. The files and folders have a fixed feature, which is too small to meet the needs of modern applications. As part of the work area, in the past few years, we have provided several techniques to add additional information to files and folders. Shell and Namespace extensions, Desktop.ini files, FileSystemObject, and "SHELL Auto Object Model" are several examples. However, all of these features are just a small amount and partial solution. They can't be a base point for organic redesign of Windows file systems. Because the forward compatibility is a serious problem, Windows still uses the old file system built on the file allocation table (FAT), which can be traced back to Microsoft MS-DOS (R) version 2.0! Even more improvements have been made recently, such as supporting high-capacity hard drives, FAT is still a less suitable way for storing files and folder information.

Practical experience in several years shows that the most important restrictions we have encountered is that the programmer must handle the additional information required to manage and identify files. Recently, someone invited me to retrieve the actual creation date of the Word 97 document. You may think this is a simple job because the date of creation is an attribute that can be easily retrieved by some API features. This is just partially correct. Try to copy the same Word file in different machines, even the same folder, and then compare the creation date of the two copies. Surprisingly, they are not the same! When copying the file, you created a new file with time tag that indicated when creating. When you continue to handle a copy, you lost the potential valuable information about when the startup file.

Fortunately, the Word document reserves this information in the internal summaryinformation field. Therefore, in my case, I can solve the problem and successfully advertise the customer. If it is an Access or text file, then my efforts are white.

For Windows NT, Microsoft introduces a new file system called NTFS. In all of its compelling functions, the B tree structure is particularly remarkable, and it accelerates file retrieval on large folders, based on file security, recording, enhanced file system recovery and better use than FAT or FAT32. disk space. (By the way, Windows 2000 provides full support and access to the FAT32 volume.)

Since they are adopted by Windows 3.1, the NTFS volume also has another functionality that is usually ignored: they support multiple data streams into a single file. For Windows 2000, flow support is again enhanced, and add other functions to help you seamlessly process files. Let's see the main features of NTFS 2000 - synchronized with Windows 2000 -. NTFS 2000 Overview

If multiple data flow is not exclusive features of the NTFS 2000 volume file, there are several other features that require Windows 2000. They are:

Document and directory encryption, each user, disk quota re-analyzing points and hierarchical storage management load per volume

During the Windows 2000 installation process, you are required to specify whether you want to convert Windows 2000 volumes to NTFS 2000. However, when the machine is used as a domain controller, the NTFS 2000 file system is required. You can convert the FAT partition to NTFS at any time by using the command line utility convert.exe:

Convert volume / fs: ntfs [/ v]

Where the VOLUME parameter specifies the drive letter, followed by a colon. It can also be a load point or a volume name. / Fs: NTFS option indicates that the volume must be converted to NTFS. Finally, if you want to run the utility in a detailed mode, use / v. When you run Convert.exe, it initializes, and then requests you to restart. After restarting, the conversion takes effect immediately.

In addition to all the features listed above, the significant aspect of the entire folder management of Windows 2000 is a comprehensive and slightly extended support for the Desktop.ini file. In the rest of this article, I will mainly focus on flow and hard links. However, Table 1 summarizes the main points involving other key functions of NTFS 2000.

Table 1. Main features of NTFS 2000

Multi-file stream

Under the NTFS file system, each file can have multiple data streams. It is worth noting that the stream is not the characteristics of NTFS 2000, but from Windows NT 3.1 already exists. When you read the contents of the file in a non-NTFS volume (such as the disk partition on the Windows 98 machine), you can only access a data stream. Thus, you think it is the true and "unique" content of the file. Such mainstreams have no name, and the unique stream of non-NTFS file system can handle. But when you create a file on the NTFS volume, the situation is different. Please refer to Figure 1 to understand the big graphic.

Figure 1. Structure of multi-stream files

A multi-stream file is a collection of all unflow files embedded in the same file system project. They look like unique, basic units, but contain a series of separate subunits, you can create, delete, and modify them separately. There are some common programming environments, where the stream is more than enough. However, if you plan to use them, remember that once you copy multiple stream files to non-NTFS storage devices (such as CD, floppy disks, or non-NTFS disks), all excess departure is lost and cannot be recoverable. Unfortunately, this compatibility issue makes the stream are not so popular in practical applications. For server-side applications that are designed and defined on the NTFS volume, stream is an excellent tool that can be used to establish outstanding, creative solutions.

Basic principle of flow

When you copy multiple stream files on a non-NTFS volume, only the mainstream file is copied. This means you lose extra data because you will not appear again even if you copy the file back to NTFS disks. Now, suppose you work on the NTFS machine and let us see how to create a named stream. In Code Example 1 You can see Windows Script Host (WSH), and Microsoft Visual Basic (R) Scripting Edition (VBScript) file, which demonstrates how to read write flow from the NTFS file. To identify the namefire in the file, you should follow the special naming rules and add a colon at the end of the file name, then the name of the stream. For example, if you want to access the VersionInfo stream on the Test.txt file, you should use the following file name:

Test.txt: VersionInfo

Use this file name with any Microsoft Win32 (R) API function of the manipulated file. To access the contents of the VersionInfo stream, pass the name to createfile (), then use readfile () and WriteFile () to complete the read and write. If you want to check if a specific stream exists in a file, write the name of the file stream as shown below, and use createfile () to check if it exists:

Handle Hfile = Createfile (SzfileStreamname, Generic_Read, 0,

NULL, OPEN_EXISTING, 0, 0);

CloseHandle (HFILE);

IF (hfile == null)

MessageBox (hwnd, "error", null, mb_ok);

If you want to process, you don't have to be a skilled C programmer. You can also use the stream in Visual Basic, even in the script code, as shown in Code Example 1. This transparency is called possible key factors is that all lower Win32 API functions, especially createFile (), supports streaming file names on NTFS partitions. If you are trying to be on a non-NTFS partition, for example on the Windows 98 machine, open a file called Test.txt: VersionInfo, you will get an error message that "Find File". Note that the substance of the problem is that the file system containing the volume of the file is not called the Windows platform or disk partition type resides in the application. In other words, you can also successfully access a specific naming stream on the shared folder on the NTFS partition by connecting Windows 98 machines. In addition, it should be considered that even for long file names, the colon is not a valid character. Therefore, when CREATEFILE () encounters the colon in the file name, it will know that it has a special meaning.

As shown in Code Example 1, you can use the stream with VBScript, because FileSystemObject object patterns use CreateFile () to open, write, create, and test files. In the sample code, the text file I have created with empty data, 0 length mainstream, and any number of named streams required. Please try to run the demo and create two streams. They can be named VersionInfo and VersionInfoEx. There is no indication in the Windows Shell to help you infer the existence of multiple streams in a particular file. In Figure 2, you can see the test.txt file in the Windows Explorer.

Figure 2. A file can be 0, but has a named stream.

The Size column shows only the size of the unnamed mainstream, even in the Properties dialog box, you cannot get more information about the stream. Only in the NTFS volume, in the Windows 2000 Properties dialog box, you only have the only chance to read information about all files, including text files. Click the Summary tab, then enter, for example, an author name, as shown in Figure 3. By the way, this type of name can be displayed in a specific author column due to the improvement of the SHELL user interface of Windows 2000. For more information, see the primary problem in MSDN Magazine on http://msdn.microsoft.com/msdnmag/ (English).

Figure 3. NTFS rolls related to additional information

Hey, wait. Although the summary information is the general data set for Word or Excel document, it is more undoubtedly part of the document itself. Can you combine it with a text file without changing the content of plain text? Of course. The shell completes it through the stream! After using those changes, try to copy the file to another non-NTFS partition. The dialog shown in Figure 4 will appear.

Figure 4. WINDOWS 2000 warning for possible flow data loss.

It turns out that the Test.txt file contains a stream with document summary information. When you try to copy files with additional information to a volume that does not support this file, the system will beware. In a non-NTFS partition, only the unnamed mainstream is copied, and the rest is abolished. Therefore, if the target file does not match, the stream-based file is hardly exchanged.

Flow backup and enumeration

Is there a way - one or two API functions - to enumerate all the streams owned by a particular file? Yes, there is. But it is not that simple and intuitive. Win32 backup API functions (Backupread, BackupWrite, etc.) can be used to enumerate streams in the file. However, they use a bit weird, and they look more like a work area, not a valid final solution.

Its ideas is that when you want to back up a file or entire folder, you need to pack and store all possible information. Therefore, backupread () is your best friend when you need to try the flow in the file. I will focus on the prototype of the function:

Bool backupread

Handle Hfile,

LPBYTE LPBUFFER,

DWORD NNUMBEROFBYTESTOREAD,

LPDWORD LPNUMBEROFBYTESREAD,

Bool Babort,

Bool BProcessSecurity,

LPVOID * LPCONTEXT

);

For our purposes, you can ignore such as context and security here. The HFile parameter must be obtained by calling createfile (), and lpbuffer should point to the Win32_Stream_ID data structure:

TypedEf struct _win32_stream_id {

DWORD DWSTREAMID;

DWORD DWSTREAMATTRIBUTES;

Large_integer size;

DWORD DWSTREAMNAMESIZE;

Wchar cstreamname [Anysize_Array];

} WIN32_STREAM_ID, * LPWIN32_STREAM_ID;

The top 20 bytes of this structure represent the title of each stream. The name of the stream is followed by the DWStreamNameSize field, and the name is followed by the contents of the stream. Because traditional file content can be considered stream - although it is unnamed stream, you want to enumerate all streams, you only need to loop until BackupRead returns false. In fact, Backupread should read all information related to a given file or folder: Win32_Stream_id SID;

ZeromeMory (& SID, SIZEOF);

DWORD DWSTREAMHEADERSIZE = (LPBYTE) & Sid.cstreamname -

(Lpbyte) & Sid Sid.dwstreamNameSize;

BContinue = Backupread (HFile, (LPBYTE) & SID,

DWSTreamheadersize, & dwread, false, false,

& lpContext);

The above segment is a key code read in the header of the stream. If the operation is successful, you can try to read the actual name of the stream:

Wchar wszstreamname [MAX_PATH];

Backupread (Hfile, (lpbyte) wszstreamname, Sid.dwstreamNameSize,

& dwread, false, false, & lpContext);

Before accessing the next stream, you first call backupseek (), move backup indicators forward:

Backupseek (hfile, sid.size.lowpart, sid.size.highpart,

& DW1, & DW2, & LPCONText);

In most cases, you can use the flow as a regular file - such as, you want to delete the stream, you can use deletefile (). If you want to brush the stream, just use readfile () and writefile (). There is no formal and supported way to move or rename streams. In the last part of this article, I will use this code to build a NTFS 2000-specific Windows Shell extension, add the new property page to all filed files. At the same time, let's quickly browse another feature of NTFS.

Hard link

Do you know a shortcut? - is those small .lnk files, most of them spread on the desktop for reference to other content. There is no doubt that shortcut is a useful feature, but there are some shortcomings. First, if you point to the same target from multiple shortcuts from different folders, you actually have the same - Fortunately, smaller - multiple copies of the file. More importantly, the shortcut target object will change over time. It may be moved, deleted, or just rename it. What is your shortcut situation? Can they detect and track those changes, and correct (automatically) update? Unfortunately, they can't. The main reason is that the shortcut is the function of the application level. From the perspective of the system, they are just a user-defined file. When you want to open them, you only need to do additional work. Considering that there is a privilege, you may decide to assign it to other file classes. If this makes sense, you can create a shortcut class that belongs to yourself, the extension is not .lnk. Complete this task is the registry key called Isshortcut under the class node. Suppose you want the .xyz file as a shortcut. Create a .xyz node under HKEY_CLASSES_ROOT to register the file class and point to another node, usually XYZFILE. Then add an empty REG_SZ project to: hkey_classes_root

/ xyzfile

This is done.

Other operating systems, especially POSIX and OS / 2, similar functions in the system level. Especially OS / 2, it is called Shadows. Hard link is a shortcut for a given file in the system level. By creating a hard link for an existing file, you have neither copying the file, nor is there any file-based reference (ie, shortcut). Instead, you add information to its NTFS level it in its directory item. The physical document has not moved in the original position. In short, you can now use two or more names to access the same content!

The hard chain allows you to free from multiple (except required additional) copies that retain the same file, which is responsible for managing a single physical content of the system processing of different path names. This greatly simplifies your work and saves valuable disk space. In addition, hard links are shortcuts for system-level, always point to the correct target file - whether you are renamed or moving it. Since the link is stored in the file system level, all changes are automatically and transparently applied. It is worth noting that hard links must be created in the same NTFS volume. For example, you cannot let the drive C: on the hard link to the drive D: on the file.

To sound more familiar, you can imagine hard links as an alias of the file. You can use any individual name to access the file, which is only deleted after all the alias is deleted. (The role of alias is just like a reference count.) Because hard links are alias, they are not problematic.

CREATEHARDLINK () is an API function used to create a hard link. The prototype is as follows:

Bool Createhardlink

LPCTSTR LPFILENAME,

LPCTSTR LPEXISTINGELENAME,

LPSecurity_attributes lpsecurityattributes

);

In the code contained in the old MIND (see "Windows 2000 For Web Developers" Mind (English), March 1999), I have a COM object that enables you to create hard links through scripting code. Code Example 2 shows the hard linking VBScript program that uses it to create a given file. Although it is easy to find how many hard links have a file, do not enumerate all hard links. The API function getfileinformationByHandle () fills the BY_HANDLE_FILE_INFORMATION structure, and its nNumberoflinks field issues a notification about enumerations. Enumerates all the names of all link files slightly difficult. Basically, you must scan the entire volume and assigned a unique ID assigned to each file. When you encounter an existing ID, a hard link to the file has been found. The unique ID of the file is allocated by the system and is stored in the NFileIndexHigh and NfileIndexlow fields of by_handle_file_information. Enjoy NTFS functionality

The stream is particularly important for the file to add additional information, without changing or corrupted the original format. Of course, there is a space that will occupy itself, however "Windows Explorer" does not seem to be aware of this. The stream is invisible for "Windows Explorer", so although it seems to have enough available disk space, the actually available disk space has been reduced to the extent to be dangerous. You can add additional (invisible) information to any file, including text and executable.

On the other hand, hard links are an outstanding resource that aggregates shared information. You only have a real, you can access the information library accessible from each different path. You know, hard links are not a brand new concept for Windows NT technology. Since the introduction of Windows NT, there is hard link. However, until Windows 2000, Microsoft provides a public function that creates hard links. Each file has at least one of its own links, so getfileinformationByHandle always returns the number of links greater than zero. You cannot set hard links to the directory, but only to files.

The stream and hard chain have a common practical problem, that is, their support from Shell is extremely limited. In order to remedy this problem, I wrote a shell extension to provide information about the stream and hard links of the given file. Figure 5 illustrates its appearance and sensation.

Figure 5. The stream tab shows information about stream and hard links.

The SHELL extension source code enumerate with the BackupRead () API function. Simply by calling deletefile (), the content of the selected stream can be deleted. Edit stream button Run the script code in Code Example 1, with it, you can add or update the stream. Similarly, create a hard link button to run the code in Code Example 2 to create additional links. Only after refreshing, the user interface reflects the changes. Finally, pay attention to remember if you delete a hard link (ie, delete files), as long as the deleted file is still in the "Recycle Bin", the total number of links will not be updated.

Summary

In this article, I just introduced NTFS 2000, focusing on its main functions, such as streaming and hard links. If you want to have a more extensive understanding of the new features of the Windows 2000 file system, I suggest you refer to "A file system for the 21st century: Previewing The Windows NT 5.0 File System (21st Century File System: Preview Windows NT 5.0) System) "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" This article is not involved in some striking topics, especially sparse flow and re-analyzing points, but if you are interested in this article, please let us know, we will help you. Code example 1

Code Example 2

转载请注明原文地址:https://www.9cbs.com/read-129926.html

New Post(0)