Note:I translated Japanese into English using Google Translate.
Thank you, Google.

Last week I checked the symbolic link using the mklink command.  The Symbolic link reparse data has a field of Print name, but the mklink command can not set the Print name.

Using CreateNtfsSymlink included in symboliclink-testing-tools, you can specify Print name.

Without specifying Print name, create a symbolic link and check the result. AS a result of the DIR command, the contents of <SYMLINK> shows [example.png].

Next, specify the Print name and create a symbolic link. The reference destination information of <SIMLINK> is test_print_name, it is not the information of the destination.

The FILE record number is 58.
By the way, Reparse Point is displayed in Flags of $ SIA. I did not notice it last week.

Look at offset 59392 in $ MFT.

0C 00 00 A0 Reparse point tag ⇒ Symbolic link
4C 00 Reparse data size ⇒ 76
00 00 Reserved
00 00 Substitute name offset ⇒ 00
1E 00 Substitute name size ⇒ 30
20 00 Print name offset ⇒ 32
1E 00 Print name size ⇒ 30
00 00 00 00 Symbolic link flags
5C003F003F005C006500780061006D0070006C0065002E0070006E006700 \??\example.png
0000
74006500730074005F007000720069006E0074005F006E0061006D006500 test_print_name 

Let's create Junction or mount point reparse data. If Print name is not specified, the link destination is displayed. 

Create the mount point by specifying Print name.

Using MFTECmd Version 0.2.9.1, confirm the parsing result of $MFT.

Sample VHD Disk.

Reference URL:

tyranidslair.blogspot.com

github.com

A simple way to access Shadow Copies in Vista – Antimail