Stack Overflow
Stack Overflow

Questions tagged [alternate-data-stream]

Alternate Data Streams are features of Microsoft's NTFS filesystem. They allow single file to reference multiple independent 'streams' of data and are most commonly used to store file metadata.

On NTFS volumes, each file and directory must have at least one Data Stream. The main, unnamed, data stream refers to the actual data stored in the file. Additional (or Alternate) file streams can be attached to a file/folder by giving unique names to each alternate stream. These alternate streams may then be accessed by specifying the whole path to the file followed by a colon and the name of the stream. For example, this file path refers to the ADS named "MyStream" attached to a file named "MyFile.dat".

C:\Example\MyFile.dat:MyStream

Alternate streams may contain data a normal file can contain, and are not restricted in size, type, or number. Newer versions of Windows (Vista+) will refuse to execute programs stored as alternate streams (a security measure against running invisible EXE's)

50 questions
3
votes
2 answers

Windows Explorer Alternate Data Stream Shell Extension

I have some files that use alternate data stream and are not shown on windows explorer. I would like to make a shell extension or a program that runs on background that when I use windows explorer and navigates to a folders that has alternate data…
Nick Doulgeridis
  • 583
  • 1
  • 16
  • 31
3
votes
1 answer

Alternate Data Streams files disappear on Windows 10

I'm experimenting an strange behavior on Windows 10 with Alternate Data Streams (ADS) meta data. I have downloaded an executable file from internet, and, as it was downloaded to a NTFS partition, it has its corresponding ADS file marked as Zone…
Harry
  • 51
  • 4
3
votes
2 answers

Encrypt a specified alternate data stream - NTFS, XP

According to MSDN, each alternate data stream may be stored at an encrypted form (NTFS' encrypted state). The only API function I've find for setting Encryption state, is EncryptFile() , which states to encrypt all data streams of a file. So is…
Doori Bar
  • 873
  • 2
  • 13
  • 20
3
votes
3 answers

What are the APIs for working with HFS+ named forks?

I know that resource forks are deprecated in Mac OS X. It's not clear whether the less well known and little used named forks are also deprecated. HFS+ actually supports an arbitrary number of arbitrary length forks for any file. (Mac's named forks…
hippietrail
  • 15,848
  • 18
  • 99
  • 158
3
votes
1 answer

How do you use Alternate Data Streams and what are the benefits?

I've read some documentations about Alternate Data Streams and I'm thinking about using them in my own projects. However there is so much unknown knowledge and open questions that I still have before I decide to use them. That's why I made this…
Ben
  • 3,380
  • 2
  • 44
  • 98
2
votes
1 answer

How do you copy a file into an NTFS alternate data stream in Powershell?

I'm trying to create a proof of concept of an example I saw in a textbook for one of my cybersecurity classes. I set up the required files and tried it but I only am getting errors. This is the example: C:\> type C:\windows\system32\notepad.exe >…
Austen Reece
  • 29
  • 2
2
votes
3 answers

How do I fix my "self-deleting" .exe from deleting itself early?

For the sake of testing and personal proof of concept, I have a .exe file that only outputs a simple string and then calls a system pause (literally system("pause") in C++). I have a simple Python script I'm testing on a Windows XP VM that does…
Joseph Hansen
  • 12,665
  • 8
  • 50
  • 68
2
votes
1 answer

How to access and modify alternate data streams (ADS) with go

How can I access and modify metadata stored in NTFS alternate data streams with golang? I already know about https://github.com/pkg/xattr for accessing metadata stored in extended attribures under linux. However, i need comparable functionality for…
Christian Cavegn
  • 23
  • 4
2
votes
1 answer

Open Alternate Data Stream (ADS) from file handle or file ID

I would like to open an alternate data stream of a file using an existing handle to the file, or using the file id. The only way I found is by the full name (file name + ADS name). I am afraid of the file being renamed during the operation. Is there…
michael
  • 530
  • 4
  • 16
2
votes
0 answers

Can Robocopy Copy Only ADS (Alternate Data Streams) ? i.e. Not Re-Copy the Data/Security

I'm not sure I really understand ADS, but it seems that a file has a main one then potentially more. Well, I ran a program and discovered that my source drive has about 700 ADS more than what the destination drive has after performing a robocopy. …
whatever1234566
  • 71
  • 7
2
votes
2 answers

ADS (Alternate Stream) versus DSO (File Properties) for Storing Metadata

I want to programmatically add a small piece of metadata to some files of arbitrary type. I am considering using either ADS or DSOFile. Is either option preferable? What are the pros and cons? Are there significant differences in efficiency or…
kgh
  • 157
  • 1
  • 12
2
votes
1 answer

MFT information for alternate data stream names

I have been working on retrieving file information from MFT. I see that the MFT record has info regarding standard info, file names, data and few other attributes. I tried parsing the MFT record to get all the details that it contains. I am able to…
kishore
  • 604
  • 3
  • 7
  • 13
2
votes
2 answers

Alternate Data Streams on a folder

I'm using StgCreateStorageEx from python win32com based adapting the code in testStorage.py to write my own file_id attribute onto any file. According to alternate-streams (though not necessarily from this API call) it should be possible to save to…
RuiDC
  • 8,403
  • 7
  • 26
  • 21
1
vote
2 answers

Remove alternative data stream using powershell

I'm trying to remove a bunch of OSX alternate data streams on an NTFS volume. However no matter what I try I cannot get Powershell to do it. Yes, I admit that my powershell is not great. Is anyone able to help? Objective: Remove the ADS…
Rob P
  • 99
  • 1
  • 4
1
vote
1 answer

Script in power shell to add checksum as alternate data stream fails with some file names but otherwise works

I want to check files for integrity with a checksum. To make it easier I put the hash into an alternate data stream of the file. When someone alters the file I can verify this with the checksum. However, when I add a data stream the file's…
specialsymbol
  • 11
  • 2
1
2
3 4