Page 390 - DCAP103_Principle of operating system
P. 390

Unit 13: Input/Output and Security of Windows



                                                                                                  Notes
                             Figure 13.6: The Attributes Used in MFT Records



                Attribute            Description
                Standard information  Flag bits, timestamps, etc.
                File name            File name in Unicode; may be repeated for MS-DOS name

                Security descriptor  Obsolete. Security information is now in $Extend$Secure
                Attribute list       Location of additional MFT records, if needed

                Object ID            64-bit file identifier unique to this volume
                Reparse point        Used for mounting and symbolic links

                Volume name          Name of this volume (used only in $Volume)
                Volume information   Volume version (used only in $Volume)

                Index root           Used for directories
                Index allocation     Used for very large directories

                Bitmap               Used for very large directories
                Logged utility stream  Controls logging to $LogFile

                Data                 Stream data; may be repeated


            In NT 4.0, security information could be put in an attribute, but in Windows 2000 it all goes into
            a single file so that multiple files can share the same security descriptions. The attribute list is
            needed in case the attributes do not fit in the MFT record. This attribute then tells where to find
            the extension records. Each entry in the list contains a 48-bit index into the MFT telling where
            the extension record is and a 16-bit sequence number to allow verification that the extension
            record and base records match up.

            The object ID attribute gives the file a unique name. This is sometimes needed internally. The
            reparse point tells the procedure parsing the file name to do something special. This mechanism
            is used for mounting and symbolic links. The two volume attributes are used only for volume
            identification. The next three attributes deal with how directories are implemented. Small ones
            are just lists of files but large ones are implemented using B+ trees. The logged utility stream
            attribute is used by the encrypting file system.
            Finally, we come to the attribute that everyone has been waiting for the data. The stream name, if
            present, goes in this attribute header. Following the header is either a list of disk addresses telling
            which blocks the file contained, or for files of only a few hundred bytes (and there are many of
            these), the file itself. Putting the actual file data in the MFT record is called an immediate file.
            Of course, most of the time the data does not fit in the MFT record, so this attribute is usually
            non-resident. Let us now take a look at how NTFS keeps track of the location of nonresident
            attributes, in particular data.
            The model for keeping track of disk blocks is that they are assigned in runs of consecutive blocks,
            where possible, for efficiency reasons. For example, if the first logical block of a file is placed in
            block 20 on the disk, then the system will try hard to place the second logical block in block 21,



                                             LOVELY PROFESSIONAL UNIVERSITY                                   383
   385   386   387   388   389   390   391   392   393   394   395