ハードリンクと代替データストリーム
MFTエントリが同じなので当然といえば当然の結果なのかもしれませんが、なかなか面白いですね。
F:\>echo stream > a.txt:h.txt
F:\>more < f:\b.txt:h.txt
stream
この時の MFT エントリ 36-128-6 の情報は下記になります。代替データストリームは $DATA (128-6) として登録されていますね。
Pointed to by file:
F://b.txt:h.txt
F://a.txt:h.txt
F:/test/c.txt:h.txt
File Type:
ASCII text, with CRLF line terminators
MD5 of content:
2804416ec8b41ba85dabac15c0bf3f5f
SHA-1 of content:
6f06007b022bc0f36374d106cecbd466ad663295
Details:
MFT Entry Header Values:
Entry: 36 Sequence: 1
$LogFile Sequence Number: 1281251
Allocated File
Links: 3$STANDARD_INFORMATION Attribute Values:
Flags: Archive
Owner ID: 0 Security ID: 268
Created: Sat Sep 10 22:12:26 2005
File Modified: Sat Sep 10 23:44:04 2005
MFT Modified: Sat Sep 10 23:44:04 2005
Accessed: Sat Sep 10 23:44:04 2005$FILE_NAME Attribute Values:
Flags: Archive
Name: b.txt, a.txt, c.txt
Parent MFT Entry: 5 Sequence: 5
Allocated Size: 0 Actual Size: 0
Created: Sat Sep 10 22:12:26 2005
File Modified: Sat Sep 10 22:12:26 2005
MFT Modified: Sat Sep 10 22:12:26 2005
Accessed: Sat Sep 10 22:12:26 2005Attributes:
$STANDARD_INFORMATION (16-0) Name: N/A Resident size: 72
$FILE_NAME (48-4) Name: N/A Resident size: 76
$FILE_NAME (48-2) Name: N/A Resident size: 76
$FILE_NAME (48-5) Name: N/A Resident size: 76
$DATA (128-3) Name: $Data Resident size: 7
$DATA (128-6) Name: h.txt Resident size: 9
