Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Microsoft Corporation1 Windows Kernel Internals NTFS David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation.

Published byCora Booth Modified over 9 years ago

Similar presentations

Presentation on theme: "© Microsoft Corporation1 Windows Kernel Internals NTFS David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation."— Presentation transcript:

1 © Microsoft Corporation1 Windows Kernel Internals NTFS David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation

2 © Microsoft Corporation2 Basic Design Points Aries Logging Meta-data via Cache Manager Self describing meta-data B-trees for fast index lookup Multiple user data streams

3 © Microsoft Corporation3 Disk Basics Volume exported via device object Addressed by byte offset and length Enforced on sector boundaries NTFS allocation unit - clusters Round size down to clusters

4 © Microsoft Corporation4 NTFS Knows Files Partition is collection of files Common routines for all meta-data Utilizes MM and Cache Manager No specific on-disk locations

5 © Microsoft Corporation5 Some System Files $Bitmap $BadClus $Boot. (root directory) $Logfile $Volume

6 © Microsoft Corporation6 MFT File Data is entirely File Records File Records are fixed size Every file on volume has a File Record File records are recycled Reserved area for system files

7 © Microsoft Corporation7 File Records ‘Base’ file record for each file Header followed by ‘Attributes’ Additional file records as needed Update Sequence Array ID by offset and sequence number

8 © Microsoft Corporation8 P Q R S TA B C D E FG H IJ KL MN OU V A B C D E F G H I J K L M N O P Q R S T U V File D:\Letters (File ID 0x200) File \$Mft 100 200 0 280 200 P Q R S TA B C D E FG H IJ KL MN OU V Physical Disk

9 © Microsoft Corporation9 File Basics Timestamps File attributes (DOS + NTFS) Filename (+ hard links) Data streams ACL Indexes

10 © Microsoft Corporation10 File Building Blocks File Records Ntfs Attributes Allocated clusters

11 © Microsoft Corporation11 File Record Header USA Header Sequence Number First Attribute Offset First Free Byte and Size Base File Record IN_USE bit

12 © Microsoft Corporation12 NTFS Attributes Type code and optional name Resident or non-resident Header followed by value Sorted within file record Common code for operations

13 © Microsoft Corporation13 $STANDARD_INFORMATION (Time Stamps, DOS Attributes) MFT File Record $FILE_NAME - VeryLongFileName.Txt $DATA (Default Data Stream) $DATA - “VeryLongFileName.Txt:A named stream” $END (Available for attribute growth or new attribute) $FILE_NAME - VERYLO~1.TXT

14 © Microsoft Corporation14 Attribute Header Length Form Name and name length Flags (Compressed, Encrypted, Sparse)

15 © Microsoft Corporation15 Resident Attributes Data follows attribute header ‘Allocation Size’ on 8-byte boundary May grow or shrink Convert to non-resident

16 © Microsoft Corporation16 Non-Resident Attributes Data stored in allocated disk clusters May describe sub-range of stream Sizes and stream properties Mapping pairs for on-disk runs

17 © Microsoft Corporation17 Some Attribute Types $STANDARD_INFORMATION $FILE_NAME $SECURITY_DESCRIPTOR $DATA $INDEX_ROOT $INDEX_ALLOCATION $BITMAP $EA

18 © Microsoft Corporation18 Mapping Pairs Stored in a byte optimal format Represents allocation and holes Each pair is relative to prior run Used to represent compression/sparse

19 © Microsoft Corporation19 Indexes File name and view indexes Indexes are B-trees Entries stored at each level Intermediate nodes have down pointers $INDEX_ROOT $INDEX_ALLOCATION $BITMAP

20 © Microsoft Corporation20 Index Implementation Top level - $INDEX_ROOT Index buckets - $INDEX_ALLOCATION Available buckets - $BITMAP

21 © Microsoft Corporation21 A B CG IN P QZunuseddata A B CG IN P QZ 0x36 (00110110) $BITMAP $INDEX_ALLOCATION $INDEX_ROOT EJendR

22 © Microsoft Corporation22 $ATTRIBUTE_LIST Needed for multi-file record file Entry for each attribute in file Resident or non-resident form Must be in base file record

23 © Microsoft Corporation23 Attribute List (example) Base Record - 0x200 0x10 - Standard 0x20 - Attribute List 0x30 - FileName 0x80 - Default Data 0x80 - Data1 “Owner” Aux Record - 0x180 0x30 - FileName 0x80 - Data “Author” 0x80 - Data0 “Owner” 0x80 - Data “Writer”

24 © Microsoft Corporation24 Attribute List (example cont.) CodeFRVCNName(Not Present) 0x100x200$Standard 0x300x200$Filename 0x300x180$Filename 0x800x2000$Data 0x800x1800“Author”$Data 0x800x1800“Owner”$Data 0x800x20040“Owner”$Data 0x800x180“Writer”$Data

25 © Microsoft Corporation25 Discussion

Download ppt "© Microsoft Corporation1 Windows Kernel Internals NTFS David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation."

Similar presentations

NTFS - The workhorse file system for the Windows Platform

NTFS - The workhorse file system for the Windows Platform
Chapter 12: File System Implementation

Chapter 12: File System Implementation
File Management.

File Management.
More on File Management

More on File Management
COMP091 – Operating Systems 1

COMP091 – Operating Systems 1
File Systems.

File Systems.
计算机系 信息处理实验室 Lecture 15 File Systems

计算机系 信息处理实验室 Lecture 15 File Systems
Computer Forensics NTFS File System.

Computer Forensics NTFS File System.
NTFS MFT Example COEN 152 / 252. MFT Table Entry.

NTFS MFT Example COEN 152 / 252. MFT Table Entry.
File Systems Examples.

File Systems Examples.
COS 318: Operating Systems File Layout and Directories

COS 318: Operating Systems File Layout and Directories
1 EXT4NTFS 6FAT32 Allocation method IndexedIndexed, by “runs”Linked File representation i-node (default size 256KB) MFT record (default size 1Kb) Chain.

1 EXT4NTFS 6FAT32 Allocation method IndexedIndexed, by “runs”Linked File representation i-node (default size 256KB) MFT record (default size 1Kb) Chain.
Operating Systems File Systems CNS 3060.

Operating Systems File Systems CNS 3060.
Windows XP File System Management Group D. 3 Layers of Drivers Filter Drivers Filter Drivers –Virus protection, compression, encryption File System Drivers.

Windows XP File System Management Group D. 3 Layers of Drivers Filter Drivers Filter Drivers –Virus protection, compression, encryption File System Drivers.
Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.

Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.
File management in UNIX and windows 2000

File management in UNIX and windows 2000
File Systems Implementation

File Systems Implementation
1 File Management in Representative Operating Systems.

1 File Management in Representative Operating Systems.
File System Variations and Software Caching May 19, 2000 Instructor: Gary Kimura.

File System Variations and Software Caching May 19, 2000 Instructor: Gary Kimura.
Wince File systems. File system on embedded File system choice on embedded is important –File system size can be an issue –Different media are used –

Wince File systems. File system on embedded File system choice on embedded is important –File system size can be an issue –Different media are used –

Similar presentations

Ads by Google