Concept - File

Overview

It is composed of attributes including its name and its data.

This contains the DOS-style file permission, such as read-only and archive. It also contains four different types of modification time.

The file's name is stored as an attribute, too. A file can have several filenames. This is Windows' equivalent to hard linking files together.

This stores all of Windows' permissions. ACLs, ACEs, auditing.

    May not exist on Win2K (std info, $secure)

This, finally, is the actual data of the file. It, too, is stored in an attribute

    unnamed data stream compulsory (chkdsk will put it back if missing)
    named data streams optional (any limit to the number?)

    access with "jim.txt:stream"

Type	Description	Name
0x80	$DATA	icon
0x80	$DATA	author

Windows 2000 introduced the idea of summary information on files. This information is stored as a set of four named data streams.

Description: Title; Subject; Category; Keywords (multi-line); Comments (multi-line)
Origin: Source; Author; Revision Number

Type	Description	Name
0x80	$DATA	{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
0x80	$DATA	^EDocumentSummaryInformation
0x80	$DATA	^ESebiesnrMkudrfcoIaamtykdDa
0x80	$DATA	^ESummaryInformation

N.B. Three of the names begin with CTRL-E (0x05). This is probably to discourage people from reading the streams directly.

The first stream {4c.. is always empty. This is probably just a marker to

Data Stream	Summary Field	Data Type	Code
^EDocumentSummaryInformation	Unknown1	Numeric?	0x00
	Unknown2	Numeric	0x01
	Category	ASCII	0x02
^ESebiesnrMkudrfcoIaamtykdDa	Unknown3	Numeric?	0x00
	Unknown4	Numeric?	0x01
	Source	Unicode	0x04
^ESummaryInformation	Unknown5	Numeric?	0x00
	Unknown6	Numeric?	0x01
	Title	ASCII	0x02
	Subject	ASCII	0x03
	Author	ASCII	0x04
	Keywords	ASCII	0x05
	Comments	ASCII	0x06
	Revision Number	ASCII	0x09