NTFS file system tips

The NTFS system supports the hardlink technology. The so-called hardlink is actually to create a hard link for a file, the two files enjoy the same file content. Delete any one of them, and others still protect the original data. This is obviously an interesting feature. So how to create a file's hardlink?

First, create a file test.txt under the root directory of the C drive, and enter fsutil hardlink create c: \ 1.txt c: \ test.txt in the command console. Then press enter to create a hard link for the test.txt file, that is, 1.txt. When you open any file, you will find that the content of the file is the same. modify any file and change the content of the file.

You may not be aware of the features of this new technology. Many of the current security software determine the files to be protected based on the path method, which is similar to my article "process protection, they will determine whether the files need to be protected based on the file path. If yes, the modifications to the files will be filtered out. Here, you may already understand, that is, you can create a hard link for a protected file to modify the file, so using this mechanism to protect the file security software will become useless, this is also a security attack and defense.

Of course, we can also call the system API to create a hard link for a file.

BOOL CreateHardLink(  LPCTSTR lpFileName,  LPCTSTR lpExistingFileName,  LPSECURITY_ATTRIBUTES lpSecurityAttributes);

In fact, security defense depends on who can use some existing simple mechanisms to complete some non-simple functions. Programming is also true. But you often need to understand these simple mechanisms first.