Is anybody interested in a long list of obscure NTFS tricks? Yes? Good, because this long list provides just that. As an example, ever wanted to create folders with just periods, but you realized you couldn’t because every NTFS folder has the special “.” and “..” folders to refer to itself and its parent folder, respectively? Well, here’s your chance to learn how.
Probably not the most useful tricks, but fun nonetheless.
A lot of the issues in this article come from the way Win32 truncates trailing periods and spaces from names. The reason you can’t make “….” is because once all the periods are truncated, there’s nothing to make. But if you make ….:foo, and truncate all the periods, there is something to make. Having created it, it will confuse every Win32 app, since they’ll go to open “….”, which will all be truncated, and the apps end up confused. CMD is one of those apps.
What this guy needs is tools that use the \\?\ prefix or NT API to suppress some of this behavior to allow for raw create and delete semantics. Once that is done the behavior of Windows on some of these points gets a lot more sensible. One option (shameless plug) would be to use Yori, which is my take on CMD, but uses \\?\ internally so “mkdir … & rmdir …” will operate as regular files. See http://www.malsmith.net/yori/ .
Having done it, it still won’t work well with Win32 applications though.
I heard none of the original NTFS developers work in MS anymore, so everyone is afraid to even touch the code not to make any instability xD I wonder when MS will support BTRFS (or at least ext4) natively.
Edited 2018-06-14 03:07 UTC
agentj,
Maybe they can take it from reactos, haha.
http://www.osnews.com/story/30458/ReactOS_GSoC_booting_from_Btrfs
On a serious note, the GPL license would be a problematic. They’d have to reimpliment btrfs from scratch. I don’t think it’s a project that microsoft would entertain for business reasons.
Edited 2018-06-14 03:51 UTC
Or just run the FS driver as its own process, which I think Windows already does with FS drivers.
Why would they want that? For WSL, maybe, but for Windows natively?.. I can’t see why would MS want that.
“My best friend’s sister’s boyfriend’s brother’s girlfriend heard from this guy who knows this kid who’s going with a girl who saw Ferris pass-out at 31 Flavors last night. I guess it’s pretty serious.”
“Thank you, Simone.”
Link doesn’t work.
As some mentioned on HN (https://news.ycombinator.com/item?id=17307023), this is the wrong link. And it is down now.
Here‘s the original article: https://sec-consult.com/en/blog/2018/06/pentesters-windows-ntfs-tric…
Why does something like “alternative streams” need to exist in a filesystem? What’s with that Microsoft obsession of welding as much functionality -which should normally belong in the apps to the OS- as possible, hoping that someday some app will use that “windows-native” functionality instead of doing it via a third-party library (=the sane thing to do)? Does any app use that kind of crap? Of course not.
What a surprise it must have been for Microsoft guys to have their product perceived as inferior to simpler OSes such as OS X… (yes OS X’s internals are simpler than Windows). Probably something to do with the fact the functionality OS X provided to apps is the same, but Apple coders have more time providing new features and bundled apps to users instead of resolving vulnerabilities related to cruft practically nobody uses like “alternative streams” (which however has to be maintained because someone might, and removing is harder than adding).
Semi-related quote: The most difficult decisions during the process of designing a new programming language revolve around what will be omitted.
Edited 2018-06-15 18:32 UTC
I thought NTFS’s alternative streams were Microsoft’s answer to HFS’s resource forks, which have been used heavily in MacOS since the beginning.
https://en.wikipedia.org/wiki/Resource_fork
(eg. Rather than using file extensions and then hiding them like Windows 9x and beyond, MacOS chose to store file-type and creator identification codes in the resource fork and classic 68k Mac applications even store their application code in the resource fork.)
Edited 2018-06-15 19:26 UTC
ssokolow,
I’ve never used alternative streams in NTFS. I’ve never needed them, but I imagine it could be useful for things like thumbnail caching and metadata attached to the file. It doesn’t help that they’re not portable though, as a software developer I wouldn’t want to rely on it.
Most of my files exist on a NAS, so out of curiosity I looked if samba supports these. It actually does, but with caveats:
https://www.samba.org/samba/docs/current/man-html/vfs_streams_xattr….
The only situation where I think I’ve seen them used was when Firefox set some kind of OS-level binding metadata so that I’d curse, Undo, and then futz around with re-saving “properly” because deleting the _files folder I’d accidentally requested also caused the .html file to vanish.
… how many of these “tricks” result in broken backups, because they create non-standard filenames?