NTFS file system INFO inside
The New Technology File System (NTFS)
Objective: a new File System with improved security and reliability for WinNT and Win2000. NTFS was intended to overcome the problems and weaknesses of the MS FAT system.
The main features of NTFS are:
Required by businesses
ƒá Security and Access control:
The original FAT system had no security features, these are very important particularly in networks (shared files).
ƒá Removing the partition size limitations:
Over the years, hard disk capacity has increased considerable, far beyond the limits imposed by the FAT system.
Means to recover following a failure (minimise losses).
ƒá Storage efficiency:
Reduce slack (internal fragmentation)
ƒá Allow long file names:
Conventional FAT was limited to 8+3 characters. NTFS is designed to allow up to 255 characters.
The figure below shows a NTFS disk partition. Every NTFS partition on a single disk will look like this one.
With the exception of the partition boot sector, every structure in NTFS is a file. Special files that contain the file system control information are called metadata files. These files contain information such as lists of files on the partition, volume information, cluster allocations, etc. In turn every file in NTFS, is a collection of attributes. NTFS attributes are regular file attributes such as those in the FAT. Data stored is also an attribute.
2.1 Partition Boot Sector
Also known as Volume Boot Sector or Record.
The partition boot occupies the first 16 sectors of partition. It consists of the BIOS Parameter Block and the Volume Boot Code. The former contains information such as the volume label and its size. The latter contains a small program that tells the system how to load the operating system.
2.2 Metadata Files
Also known as system files. These system files are created when the hard disk is formatted with an NTFS partition. The MFT is a metadata file. Other metadata files are the log file, volume descriptor, attribute definition table, root directory, cluster allocation bit map, volume boot code, bad cluster file, quota tables, and upper case table.
2.3 Master File Table
The Master File Table contains information about every file and directory in a NTFS volume. The MFT is a relation database. Whenever a file or directory is created an entry (record) is created in the MFT. When retrieving a file, it is the starting point to look up the file. NB the MFT is a metadata file. The MFT is analogous to the File Allocation Table.
The MFT stores file (and directory) information has records. Each record is a collection of attributes. The actual data to be stored is an attribute called data attribute. Since the MFT is a file, it is also made up of records containing attributes. A record is limited in size (bytes), which means the number/size of attributes in a record is limited to the record size. If a file is sufficiently small, the attributes may be stored in the MFT record itself (resident attributes). For larger files, the data attributes are stored outside the MFT (non-resident attributes). In this case, the MFT record contains a pointer to the records in the extent (outside the MFT) containing the file data attribute(s). For very large files, the number of pointers to extents may be so large that even these pointers are made non-resident. (Satisfy yourself that this overcomes the file size limitation of FAT). NB the pointers are attributes in an MFT record. Performance is improved for small files since only the MFT record need be read.
When an NTFS volume is formatted, additional space is reserved (beyond the MFT area) for the MFT to grow into as more files are stored. To maintain good performance, this space is contiguous. However if this reserve space fills up, additional space is allocated to the MFT in the extent region. This space is not contiguous and results in fragmentation. [Compare with FAT32, FAT32 support large partitions but at the expense of internal fragmentation (slack) and huge FAT table.] The maximum NTFS partition size is 264 bytes.
2.4 NTFS Directory
Same hierarchical tree structure as FAT or Unix. Because NTFS file records/attributes contain information (other than the data) about the file, the NTFS directory contains only information about itself, the directory and not about the files in the directory (as FAT does). Since a directory is just another file, it also has an entry in the MFT. The MFT record for every directory file contains the following:
1. Header (H): General file information e.g. pointers to directory records.
2. Standard Information Attribute (SI): This attribute contains "standard" information stored for all files and directories. E.g. date/time-stamps for directory creation, last-modified, accessed, etc. It also contains typical attributes (in the FAT sense of the word) associated with a file (such as whether the file is read-only, hidden, and so on.)
3. File Name Attribute (FN): This attribute stores the name associated with the directory. Note that a directory can have multiple filename attributes, to allow the storage of the "regular" name of the file, along with an MS-DOS short filename alias.
4. Index Root Attribute: This attribute contains the actual index of files contained within the directory, or part of the index if it is large. If the directory is small, the entire index will fit within this attribute in the MFT; if it is too large, some of the information is here and the rest is stored in external index buffer attributes, as described below.
5. Index Allocation Attribute: If a directory index is too large to fit in the index root attribute, the MFT record for the directory will contain an index allocation attribute, which contains pointers to index buffer entries containing the rest of the directory's index information.
6. Security Descriptor (SD) Attribute: This attribute contains security information that controls access to the directory and its contents. The directory's Access Control Lists (ACLs) and related data are stored here.
2.5 NTFS Files
As said before, NTFS stores files as a collection of attributes, the actual data is just another attribute. The MFT record for every file contains the following:
1. Header (H): General file information e.g. pointers to directory records.
2. Standard Information Attribute (SI): This attribute contains "standard" information stored for all files and directories. This includes fundamental properties such as date/time-stamps for when the file was created, modified and accessed. It also contains the "standard" FAT-like attributes usually associated with a file (such as whether the file is read-only, hidden, and so on.)
3. File Name Attribute (FN): This attribute stores the name associated with the file. Note that a file can have multiple file name attributes, to allow the storage of the "regular" name of the file, along with an MS-DOS short filename alias.
4. Data (Data) Attribute: This attribute stores the actual contents of the file.
5. Security Descriptor (SD) Attribute: This attribute contains security information that controls access to the file. The file's Access Control Lists (ACLs) and related data are stored here.
As explained earlier, the records of small files are made resident while larger files are non-resident. The maximum theoretical file size is the disk size less the MFT and System areas.
2.5.1 Procedure to store a file in NTFS
1. Small files will be stored entirely in the MFT entry where possible.
2. Larger files will not fit in the MFT record and so the data attribute is made non-resident. The entry for the data attribute in the MFT contains pointers to data runs (also called extents) which are blocks of data stored in contiguous sectors in the partition, outside the MFT zone.
3. For even larger files, when there isn't even sufficient space in the MFT record for the list of pointers, the list of pointers is itself made non-resident. The main MFT record will not have a data attribute but instead a pointer to a second MFT record that contains the data attribute's list of pointers to data runs.
4. This process will continue, as a file becomes larger and larger, creating multiple non-resident MFT records if needed to store an increasing number of pointers to different data runs.
Each extent is a contiguous group of clusters. There are two implications, first the file need not be read sequentially and second fragmentation is low (lower than FAT).
2.5.2 File name
File names can be up to 255 characters long and are not case-sensitive. However NTFS preserves character case for display. File links are possible with NTFS.
This section deals with NTFS¡¦ ability to recover from a computer crash with minimal loss and a consistent file system. The problem arises when a system crash occurs while writing data to file. We have seen that for any FS, writing a file to disk involves reserving clusters, writing system information and writing the actual data. Imagine that the computer hangs-up after allocating clusters but not writing the data. When the computer is re-booted (re-started) it is in an inconsistent state.
To overcome consistency problems, NTFS employs a transaction-based or transactional scheme. Each action in an operation a.k.a transaction, for example to save a file to disk, must complete successfully for the operation/ transaction, to be considered
I thought this would be an intresting read since it is quite simple to understand.... some of the end bits are missing due to sysopt limitations (thank god ).
Now you guys know why your hard drive is dead when your MFT is corrupt of you master boot record is broken.
As you can see this is all quite complicated and saving a file is quite complicated , writting into the MFT creating pointers if the file is over a certain limit and saving the info outside the MFT and creating more pointers etc etc
The same principlas apply to Memory management and virtual memory, just that that stuff if even more complicated and has similar things to the MFT table, just for memory, like where the address of a memory block is of a program, and maybe that memory part contains a pointer to another memory address etc etc.
Computers are really complicated devices. It is just amazing alone how a simple processor works (one that can only add 2 digit numbers) but what we have now is mind boggeling.
It is rubbish how it is implemented (like reading a file for example is soooooo complicated) but i think there is nobody out there creating a new system how computers work.
Oh programming is easy! cause you will never need to know how the machine works, its all structured english and all the complicated stuff is hidden.
BUT Programming IS hard and difficult, it is not easy and you need to be bright to understand it
And I will strike down upon thee with great vengeance and furious anger those who attempt to poison and destroy my brothers
nobody uses c any more only c++ cause it can do all c can do and is better.....
god do i hate polymorphism its so mind bogelling and pointers
... ... ...
New Security Features Planned for Firefox 4
Another Laptop Theft Exposes 21K Patients' Data
Oracle Hits to Road to Pitch Data Center Plans
Microsoft Preps Array of Windows Patches
Microsoft Nears IE9 Beta With Final Preview
Simplified Analytics Improve CRM, BI Tools
Android Passes RIM as Top Mobile OS in 2Q
VMware Updates Hyperic System Management
File Monitoring Key to Enterprise Security
LinkedIn Snaps Up SaaS Player mSpoke