Alternate Data Stream

  • Article

NTFS supports the concept of File Stream. Not many applications support NTFS file stream though.

In Vista. dir now can display NTFS file stream (where it calls it "Alternate Data Stream").

E:\demo>ver

Microsoft Windows [Version 6.0.5370]

E:\demo>dir /?
Displays a list of files and subdirectories in a directory.

DIR [drive:][path][filename] [/A[[:]attributes]] [/B] [/C] [/D] [/L] [/N]
[/O[[:]sortorder]] [/P] [/Q] [/R] [/S] [/T[[:]timefield]] [/W] [/X] [/4]

  [drive:][path][filename]
Specifies drive, directory, and/or files to list.

  /A Displays files with specified attributes.
attributes D Directories R Read-only files
H Hidden files A Files ready for archiving
S System files - Prefix meaning not
/B Uses bare format (no heading information or summary).
/C Display the thousand separator in file sizes. This is the
default. Use /-C to disable display of separator.
/D Same as wide but files are list sorted by column.
/L Uses lowercase.
/N New long list format where filenames are on the far right.
/O List by files in sorted order.
sortorder N By name (alphabetic) S By size (smallest first)
E By extension (alphabetic) D By date/time (oldest first)
G Group directories first - Prefix to reverse order
/P Pauses after each screenful of information.
/Q Display the owner of the file.
/R Display alternate data streams of the file.
/S Displays files in specified directory and all subdirectories.
/T Controls which time field displayed or used for sorting
timefield C Creation
A Last Access
W Last Written
/W Uses wide list format.
/X This displays the short names generated for non-8dot3 file
names. The format is that of /N with the short name inserted
before the long name. If no short name is present, blanks are
displayed in its place.
/4 Displays four-digit years

Switches may be preset in the DIRCMD environment variable. Override
preset switches by prefixing any switch with - (hyphen)--for example, /-W.

E:\demo>dir /r
 Volume in drive E has no label.
Volume Serial Number is 50D6-414C

 Directory of E:\demo

04/20/2006 06:19 PM <DIR> .
04/20/2006 06:19 PM <DIR> ..
03/15/2006 03:15 PM 275,340 1.txt
04/20/2006 06:19 PM 14 2.txt
2 File(s) 275,354 bytes
2 Dir(s) 11,818,872,832 bytes free

E:\demo>more 1.txt >2.txt:foo

E:\demo>dir /r
 Volume in drive E has no label.
Volume Serial Number is 50D6-414C

 Directory of E:\demo

04/20/2006 06:19 PM <DIR> .
04/20/2006 06:19 PM <DIR> ..
03/15/2006 03:15 PM 275,340 1.txt
04/20/2006 06:19 PM 14 2.txt
294,415 2.txt:foo:$DATA
2 File(s) 275,354 bytes
2 Dir(s) 11,818,577,920 bytes free