Home > Developer > Web Develop

MFT Standard attribute data structure for the NTFS file system

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

The standard property of the MFT is the 0x10 property, which is a resident property. Because the type value of the Standard property is 0x10, the standard attribute is always the first property of the file or directory.

This standard property contains time-date attributes, divided into creation time, modification time, MFT change time, and last access time of the file. This standard property can also indicate whether a file is read-only, whether it is a system file, a compression, or a cryptographic property. The following table is the data structure of the standard attribute body

Offset byte (16 binary) Describe
00-07 Creation time
08-0f Last Modified Time
10-17 MFT Change Time
18-1f Last file access time
20-23

Sign

0x01: Read only; 0x02: hidden; 0x04: System;

0x20: archive; 0x40: equipment; 0x80: General;

0x100: temporary; 0x200: sparse; 0x400: reparse point;

0x800: Compress; 0x1000: Offline; 0x4000: Encryption
24-27 Maximum version number
28-2b Version number
2c-2f Category ID
30-47 No meaning

is the standard attribute seen by the MFT in the Winhex

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/83/F9/wKiom1eCOqOSzY5fAAdWKMZ2Ruw141.jpg "title=" Standard properties. jpg "alt=" wkiom1ecoqoszy5faadwkmz2ruw141.jpg "/>

You can see that the standard attribute is a resident property, and the data structure of its property header is described in the previous chapters.

Attribute Head Split

0X00-0X03 10 00 00 00: Attribute type is 0x10 description is a standard property

0X04-0X07 60 00 00 00: Indicates that the standard attribute has 0x60 bytes, which is 90 bytes

0x08-0x08 00:00 indicates that this property is a resident property

0x09-0x09 00: Indicates a property name length of 0, which means that there is no property name

0x0a-0x0b 18 00: Indicates the attribute property name length, which is meaningless because it was previously known that there is no property name.

0x0c-0x0d 00 00: Indicates no special attributes

0x0e-0x0f 00 00: Attribute ID

0x10-0x13 48 00 00 00: Indicates that the size of the property body is 0x48 bytes

0x14-0x15 18 00: Indicates that the property header size is 0x18 bytes

Here is the part of the property body, starting with the 0x18 offset

0x18-0x1f:49 BF CE D1 01 file creation time

0x20-0x27:49 BF CE D1 01 Last modified

0x28-0x2f:49 BF, CE, D1, MFT change time

0x30-0x37:49 BF CE D1 01 last access time

0x38-0x3b:06 00 00 00 Flag

0x3c-3f:00 00 00 00 Maximum Version number

0x40-0x43:00 00 00 00 Version Number

0x44-0x47:00 00 00 00 Category ID


MFT Standard attribute data structure for the NTFS file system

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
repair ntfs file system repair ntfs file system windows 10 how to recover ntfs file system windows stop code ntfs file system mft file transfer mft managed file transfer linux ntfs data recovery

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More