Release Date: 2000-03-31
Article content:
By adam, joyadam@263.net
Using NTFS access in NT is of course necessary, but in this mechanism, there is still a favorite access format you are familiar with it?
I called his file stream, can't find relevant information on Microsoft's site (or I will not find it)
How did I find this thing, huh, huh, very accidental factors
You can also find the file stream according to my method (note: must be NTFS file system)
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-1998 Microsoft Corp.
C: /> cd test
C: / test> DIR
The volume in the drive C does not have a label.
The serial number of the volume is 588F-38D2
C: / test catalog
2000-03-30 18:15
2000-03-30 18:15
2000-03-30 18:15 3 adam.txt
1 file 3 bytes
2 catalogs 788, 922, 368 available bytes
C: / test> Notepad adam.txt: IloveAdam
[This time, you will prompt you to create a new file, click Yes Ten start entering, then the deployment exits. ]
C: / test> DIR
The volume in the drive C does not have a label.
The serial number of the volume is 588F-38D2
C: / test catalog
2000-03-30 18:15
2000-03-30 18:15
2000-03-30 18:16 3 adam.txt
1 file 3 bytes
2 catalogs 788, 922, 368 available bytes
Did did not find this established Adam.txt: IloveAdam, and there is no change in the size of the disk.
You may think that you have not made anything, but please see below:
C: / test> Notepad adam.txt: IloveAdam
[Is it what you just knocked? 】
If the file in front of the colon does not exist, I created a file stream directly?
C: / test> DIR
The volume in the drive C does not have a label.
The serial number of the volume is 588F-38D2
C: / test catalog
2000-03-30 18:21
2000-03-30 18:21
2000-03-30 18:16 3 adam.txt
1 file 3 bytes
2 catalogs 788, 922, 368 available bytes
C: / test> Notepad adamtest: 123
C: / test> DIR
The volume in the drive C does not have a label.
The serial number of the volume is 588F-38D2
C: / test catalog
2000-03-30 18:21
2000-03-30 18:21
2000-03-30 18:16 3 adam.txt
2000-03-30 18:21 0 ADAMTEST2 file 3 bytes
2 catalogs 789, 184, 512 available bytes
In fact, this has already had a file stream AdamTest: 123
Then let's take a look at if there is a directory and then play the file stream.
C: / test> DIR
The volume in the drive C does not have a label.
The serial number of the volume is 588F-38D2
C: / test catalog
2000-03-30 18:29
2000-03-30 18:29
2000-03-30 18:26
0 file 0 bytes
3 catalogs 788, 922, 368 available bytes
C: / test> Notepad ADAM: 123
C: / test> DIR
The volume in the drive C does not have a label.
The serial number of the volume is 588F-38D2
C: / test catalog
2000-03-30 18:29
2000-03-30 18:29
2000-03-30 18:26
0 file 0 bytes
3 catalogs 789, 184, 512 available bytes
Haha, you now know that I study this thing!
That is, I can build C: / Winnt / System: ADAM, C: / Winnt / System32: ADAM on your hard drive
And you can never find!
The command line mode can not be seen, the resource manager can not see
Q: Can you put 2 credit?
A: You go to try it yourself, write a virus, write the big brother of the Trojan to play, its industry is also analyzed, because Microsoft has a tool, you can detect the DLL you call in real time, you open this Monitor, then step by step Go, you will find what he did!
Haha, write the program, I can't do it, I am in the line! How to play yourself! There is a result of Mail to Joyadam@263.net to discuss discussions! Your area!
