Alternate Data Streams
View more presentations from nephijohnson.
A good part of my presentation was doing live demonstrations of how alternate data streams can be used from the command line. Here are some examples:
C:\ads>echo >stream.txt default unnamed data stream
C:\ads>dir
Volume in drive C is BLAH
Volume Serial Number is 48C7-9ED4
Directory of C:\ads
08/15/2009 07:37 AM <DIR> .
08/15/2009 07:37 AM <DIR> ..
08/15/2009 07:37 AM 30 stream.txt
1 File(s) 30 bytes
2 Dir(s) 17,025,347,584 bytes free
C:\ads>more < stream.txt
default unnamed data stream
C:\ads>echo >stream.txt:ads alternate (named) data stream
C:\ads>dir
Volume in drive C is BLAH
Volume Serial Number is 48C7-9ED4
Directory of C:\ads
08/15/2009 07:37 AM <DIR> .
08/15/2009 07:37 AM <DIR> ..
08/15/2009 07:38 AM 30 stream.txt
1 File(s) 30 bytes
2 Dir(s) 17,025,347,584 bytes free
C:\ads>more < stream.txt:ads
alternate (named) data stream
C:\ads>type C:\WINDOWS\notepad.exe > stream.txt:other_notepad.exe
C:\ads>start C:\ads\stream.txt:other_notepad.exe
C:\ads>cd ..
C:\>echo >ads:folder_data_stream folders can have named data streams as well
C:\>more <ads:folder_data_stream
folders can have named data streams as well
C:\>dir ads
Volume in drive C is BLAH
Volume Serial Number is 48C7-9ED4
Directory of C:\ads
08/15/2009 07:39 AM <DIR> .
08/15/2009 07:39 AM <DIR> ..
08/15/2009 07:38 AM 30 stream.txt
1 File(s) 30 bytes
2 Dir(s) 17,024,843,776 bytes free
C:\>dir /a:d ad?
Volume in drive C is BLAH
Volume Serial Number is 48C7-9ED4
Directory of C:\
08/15/2009 07:39 AM <DIR> ads
0 File(s) 0 bytes
1 Dir(s) 17,024,843,776 bytes free
C:\>
No comments:
Post a Comment