Stack Overflow
Stack Overflow

Questions tagged [alternate-data-stream]

Alternate Data Streams are features of Microsoft's NTFS filesystem. They allow single file to reference multiple independent 'streams' of data and are most commonly used to store file metadata.

On NTFS volumes, each file and directory must have at least one Data Stream. The main, unnamed, data stream refers to the actual data stored in the file. Additional (or Alternate) file streams can be attached to a file/folder by giving unique names to each alternate stream. These alternate streams may then be accessed by specifying the whole path to the file followed by a colon and the name of the stream. For example, this file path refers to the ADS named "MyStream" attached to a file named "MyFile.dat".

C:\Example\MyFile.dat:MyStream

Alternate streams may contain data a normal file can contain, and are not restricted in size, type, or number. Newer versions of Windows (Vista+) will refuse to execute programs stored as alternate streams (a security measure against running invisible EXE's)

50 questions
1
vote
2 answers

What are the contents of the :ms-properties alternate data stream?

When you store a file in OneDrive, an :ms-properties alternate data stream is added. I opened an example stream using FlexHex (as shown in the image), but I can't tell what type of structure those bytes might represent. Does anyone…
user12381459
1
vote
1 answer

NTFS Change Journal - File Change Tracking

I'm developing a change tracking software to monitor files of a specific volume. I tried FileSystemWatcher (.NET) and AlternateDataStreams but they all have some limitations (ie. the change tracking software has to be on 24/7, alternate data streams…
pego
  • 117
  • 1
  • 9
1
vote
2 answers

Accessing hidden data streams

Once you've found a hidden data stream, how do you access it? I'm using windows and I have found the file in C:documents\file7.txt:hiddensecret.txt. Complete newbie in training thanks.
CyberNewbie
  • 43
  • 1
  • 1
  • 4
1
vote
1 answer

Starting an application located in an Alternate Data Stream

On Windows 7, starting a program located in an Alternate Data Stream (e.g. start c:\temp\application.exe:hiddenProgram.exe) does not work anymore! Using Process Monitor, I see that the access result is OK, but somehow, the OS is blocking access to…
mox
  • 6,084
  • 2
  • 23
  • 35
1
vote
1 answer

NTFS alternate data stream usage

We are potentially looking for a solution of how we can identify different versions of a text file on Windows Operating Systems - there are no file attributes that support versioning (e.g. 2.0, 2.1 etc.), but using ADS would allow us to write, for…
stuartjsmith
  • 431
  • 4
  • 8
1
vote
0 answers

Creating and writing HFS+ forks

I'm writing an app that needs to store an alternate version of a file. Ideally, I'd like it to be transparent for the user - so I avoid to create another file along the original one. Fortunately, I know from Amit Singh's website (Link) that an HFS+…
Perceval
  • 247
  • 2
  • 14
1
vote
3 answers

NTFS alternate data streams on . and .. folders

I was playing around with NTFS ADS and found out that I cannot use any of them on the . and .. folders I tried: ..:$I30:$INDEX_ALLOCATION ..::$INDEX_ALLOCATION ..::$INDEX_ROOT ..:$DATA does anyone have any insight as to why that is? is there any…
Boaz Sharabi
  • 11
  • 1
1
vote
2 answers

Why does a signed MSI give a warning when downloaded from gmail but not when copied straight from the dev machine?

I build and sign an MSI (using WiX). If I copy it to my Win8 machine, it works perfectly. If I gmail it then download it on the Win8 machine, I get "Windows protected your PC" - "Run anyway" or "Don't run". This is my main question for which I…
Devin Dow
  • 71
  • 1
  • 3
1
vote
2 answers

Using FindFirstStreamW to find files with Zone.Identifier

Ok so I am trying to write something which can scan through a folder and identify files with a Zone.Identifier tag and delete the tag (hopefully). I've been looking at ways to do it and I'm trying out several different methods. I have a function…
Adwo
  • 171
  • 1
  • 10
1
vote
2 answers

How can I know whether a particular file on a Windows machine supports Alternate Data Streams?

Using the raw Windows programming API from C/C++ and a file handle or a path to a file, folder, link, etc; how can I programmatically decide whether the file (etc) supports ADS (Alternate Data Streams)? I assume one thing I have to know is whether…
hippietrail
  • 15,848
  • 18
  • 99
  • 158
1
vote
2 answers

Running exe file behind a txt file

Was reading about ADS(Alternate data streams) in windows, so came across this thing. Working on Windows XP to test the following. I created a file with name - sample.txt with the content - "hello there" Created another file with name - second.txt…
bugs99
  • 31
  • 1
  • 4
0
votes
1 answer

AltDS - Where is the alternate data stream stored physically on the disc?

I'm struggling to find any information on the physical location of ADS data. Is it stored within the NTFS MFT or does the MFT point to a second location?
JonnyKash
  • 145
  • 6
0
votes
2 answers

How to list NTFS's Alternate Data Stream Files using Java

I want to list NTFS alternate data stream file in a given directory using java. I can do this with the dir /R command on cmd, but I want to do it programmatically. When I do normal file listing operations, I cannot list alternate data streams in the…
bloodwork
  • 7
  • 2
0
votes
0 answers

Find Alternate Data Stream (ADS) files name by using python

I don't get what I want when running the code, especially in the line: myhandler = kernel32.FindFirstStreamW (LPSTR(self.filename), 0, byref(file_infos), 0) this is the code I do : from ctypes import * import sys, os kernel32 =…
Osama Aljede
  • 1
0
votes
0 answers

I can't retrieve data from an NTFS alternative data stream(ADS). What can I do?

So I attached some ADS files to multiple other visible text files in this Test folder. This ADS file VideoTest.txt:hollymichaels.mp4 can be copied/extracted back to the folder just fine using the expand utility but not the VXN.txt:RBB.mp4 ADS file…
NUHASH AHMED CHOWDHURY
  • 1
  • 1
1 2
3
4