Linked by Thom Holwerda on Wed 13th Jun 2018 23:54 UTC
Windows

Is anybody interested in a long list of obscure NTFS tricks? Yes? Good, because this long list provides just that. As an example, ever wanted to create folders with just periods, but you realized you couldn't because every NTFS folder has the special "." and ".." folders to refer to itself and its parent folder, respectively? Well, here's your chance to learn how.

Probably not the most useful tricks, but fun nonetheless.

Order by: Score:
He needs \\?\
by malxau on Thu 14th Jun 2018 01:10 UTC
malxau
Member since:
2005-12-04

A lot of the issues in this article come from the way Win32 truncates trailing periods and spaces from names. The reason you can't make "...." is because once all the periods are truncated, there's nothing to make. But if you make ....:foo, and truncate all the periods, there is something to make. Having created it, it will confuse every Win32 app, since they'll go to open "....", which will all be truncated, and the apps end up confused. CMD is one of those apps.

What this guy needs is tools that use the \\?\ prefix or NT API to suppress some of this behavior to allow for raw create and delete semantics. Once that is done the behavior of Windows on some of these points gets a lot more sensible. One option (shameless plug) would be to use Yori, which is my take on CMD, but uses \\?\ internally so "mkdir ... & rmdir ..." will operate as regular files. See http://www.malsmith.net/yori/ .

Having done it, it still won't work well with Win32 applications though.

Reply Score: 4

NTFS
by agentj on Thu 14th Jun 2018 03:06 UTC
agentj
Member since:
2005-08-19

I heard none of the original NTFS developers work in MS anymore, so everyone is afraid to even touch the code not to make any instability xD I wonder when MS will support BTRFS (or at least ext4) natively.

Edited 2018-06-14 03:07 UTC

Reply Score: 0

RE: NTFS
by Alfman on Thu 14th Jun 2018 03:50 UTC in reply to "NTFS"
Alfman Member since:
2011-01-28

agentj,

I heard none of the original NTFS developers work in MS anymore, so everyone is afraid to even touch the code not to make any instability xD I wonder when MS will support BTRFS (or at least ext4) natively.


Maybe they can take it from reactos, haha.
http://www.osnews.com/story/30458/ReactOS_GSoC_booting_from_Btrfs

On a serious note, the GPL license would be a problematic. They'd have to reimpliment btrfs from scratch. I don't think it's a project that microsoft would entertain for business reasons.

Edited 2018-06-14 03:51 UTC

Reply Score: 2

RE[2]: NTFS
by FlyingJester on Fri 15th Jun 2018 18:05 UTC in reply to "RE: NTFS"
FlyingJester Member since:
2016-05-11

Or just run the FS driver as its own process, which I think Windows already does with FS drivers.

Reply Score: 2

RE: NTFS
by Duke on Thu 14th Jun 2018 11:46 UTC in reply to "NTFS"
Duke Member since:
2018-05-22

I wonder when MS will support BTRFS (or at least ext4) natively.

Why would they want that? For WSL, maybe, but for Windows natively?.. I can't see why would MS want that.

Reply Score: 3

RE: NTFS
by Odwalla on Thu 14th Jun 2018 14:06 UTC in reply to "NTFS"
Odwalla Member since:
2006-02-01

"My best friend's sister's boyfriend's brother's girlfriend heard from this guy who knows this kid who's going with a girl who saw Ferris pass-out at 31 Flavors last night. I guess it's pretty serious."

"Thank you, Simone."

Reply Score: 4

Comment by Duke
by Duke on Thu 14th Jun 2018 11:37 UTC
Duke
Member since:
2018-05-22

Link doesn't work.

Reply Score: 5

Wrong link
by Marc_S on Thu 14th Jun 2018 15:16 UTC
Marc_S
Member since:
2017-08-15

As some mentioned on HN (https://news.ycombinator.com/item?id=17307023), this is the wrong link. And it is down now.

Here‘s the original article: https://sec-consult.com/en/blog/2018/06/pentesters-windows-ntfs-tric...

Reply Score: 2

Comment by kurkosdr
by kurkosdr on Fri 15th Jun 2018 18:30 UTC
kurkosdr
Member since:
2011-04-11

Why does something like "alternative streams" need to exist in a filesystem? What's with that Microsoft obsession of welding as much functionality -which should normally belong in the apps to the OS- as possible, hoping that someday some app will use that "windows-native" functionality instead of doing it via a third-party library (=the sane thing to do)? Does any app use that kind of crap? Of course not.

What a surprise it must have been for Microsoft guys to have their product perceived as inferior to simpler OSes such as OS X... (yes OS X's internals are simpler than Windows). Probably something to do with the fact the functionality OS X provided to apps is the same, but Apple coders have more time providing new features and bundled apps to users instead of resolving vulnerabilities related to cruft practically nobody uses like "alternative streams" (which however has to be maintained because someone might, and removing is harder than adding).

Semi-related quote: The most difficult decisions during the process of designing a new programming language revolve around what will be omitted.

Edited 2018-06-15 18:32 UTC

Reply Score: 1

RE: Comment by kurkosdr
by ssokolow on Fri 15th Jun 2018 19:25 UTC in reply to "Comment by kurkosdr"
ssokolow Member since:
2010-01-21

Why does something like "alternative streams" need to exist in a filesystem? What's with that Microsoft obsession of welding as much functionality -which should normally belong in the apps to the OS- as possible, hoping that someday some app will use that "windows-native" functionality instead of doing it via a third-party library (=the sane thing to do)? Does any app use that kind of crap? Of course not.

What a surprise it must have been for Microsoft guys to have their product perceived as inferior to simpler OSes such as OS X... (yes OS X's internals are simpler than Windows). Probably something to do with the fact the functionality OS X provided to apps is the same, but Apple coders have more time providing new features and bundled apps to users instead of resolving vulnerabilities related to cruft practically nobody uses like "alternative streams" (which however has to be maintained because someone might, and removing is harder than adding).


I thought NTFS's alternative streams were Microsoft's answer to HFS's resource forks, which have been used heavily in MacOS since the beginning.

https://en.wikipedia.org/wiki/Resource_fork

(eg. Rather than using file extensions and then hiding them like Windows 9x and beyond, MacOS chose to store file-type and creator identification codes in the resource fork and classic 68k Mac applications even store their application code in the resource fork.)

Edited 2018-06-15 19:26 UTC

Reply Score: 3

RE[2]: Comment by kurkosdr
by Alfman on Fri 15th Jun 2018 21:29 UTC in reply to "RE: Comment by kurkosdr"
Alfman Member since:
2011-01-28

ssokolow,


I thought NTFS's alternative streams were Microsoft's answer to HFS's resource forks, which have been used heavily in MacOS since the beginning.

https://en.wikipedia.org/wiki/Resource_fork

(eg. Rather than using file extensions and then hiding them like Windows 9x and beyond, MacOS chose to store file-type and creator identification codes in the resource fork and classic 68k Mac applications even store their application code in the resource fork.)


I've never used alternative streams in NTFS. I've never needed them, but I imagine it could be useful for things like thumbnail caching and metadata attached to the file. It doesn't help that they're not portable though, as a software developer I wouldn't want to rely on it.

Most of my files exist on a NAS, so out of curiosity I looked if samba supports these. It actually does, but with caveats:

https://www.samba.org/samba/docs/current/man-html/vfs_streams_xattr....

Reply Score: 2

RE[3]: Comment by kurkosdr
by ssokolow on Fri 15th Jun 2018 23:14 UTC in reply to "RE[2]: Comment by kurkosdr"
ssokolow Member since:
2010-01-21

I've never used alternative streams in NTFS. I've never needed them, but I imagine it could be useful for things like thumbnail caching and metadata attached to the file. It doesn't help that they're not portable though, as a software developer I wouldn't want to rely on it.


The only situation where I think I've seen them used was when Firefox set some kind of OS-level binding metadata so that I'd curse, Undo, and then futz around with re-saving "properly" because deleting the _files folder I'd accidentally requested also caused the .html file to vanish.

Reply Score: 3

I wonder...
by grat on Fri 15th Jun 2018 22:51 UTC
grat
Member since:
2006-02-02

... how many of these "tricks" result in broken backups, because they create non-standard filenames?

Reply Score: 5