Change to an NTFS partition on your system, and type
echo "stream message" > afile.txt:myPrivyA file has been created named
afile.txt - there is no afile.txt:myPrivy file. Now, try type afile.txt and you'll get nothing! Hmmm... If you list the folder's content's you'll notice that afile.txt has got a 0 bytes size but
more < afile.txt:myPrivyshows that
myPrivy has indeed got "stream message" in it!
This is actually a little known feature of NTFS that's been there since its very first incarnation, NT 3.1, but has never been much touted by Microsoft. myPrivy is a named stream of the file, while its normal contents go to the unnamed stream and that is the stream that all applications - even dir - seem to be aware of. Have a look at this article, which appeared in Microsoft Systems Journal, November 1998. It may have been originally devised for storing thumbnails and user changes but it looks to me more suitable for trojan horses and DOS attacks or, as the authors of this article say, "for some geeky party games where you can allocate a large stream in a file on a friend's disk".
0 comments:
Post a Comment