Re: Current status of NTFS support

Anton Altaparmakov (aia21@cam.ac.uk)
Sat, 21 Apr 2001 10:23:27 +0100


At 03:07 21/04/2001, Lee Leahu wrote:
>On Friday 20 April 2001 20:39, you wrote:
> > Lee Leahu <lee@ricis.com> writes:
>my boss rememebres reading a very indepth article in one of the msdn
>magazines. i could scan the articles in and compress them and send them
>to the developers.

Since you can access the library for free at msdn.microsoft.com/library
that would be a waster of your time. Just give the references to the
article. If however you mean the "inside NTFS" and "inside Windows 2000
NTFS" by Mark Russinovich then yes they are great but no they are not
in-depth enough in that you have to complete the picture by mapping his
"logical" information to the actual "physical" on disk information. Which
admittedly is not that difficult with NTFS DiskEdit or any other hex editor
most of the time... That's how I got the system files indexing keys and
indexed data, the format of $Secure, etc, etc... (-;

I would be surprised if you are referring to any articles I haven't found
yet but please try me. (-: I would be happy to have missed out some really
cool article which gives even more information.

>i want to help the ntfs movement on linux. would somebody be willing to
>teach me the ropes of reverse engineering of software. i am a faster
>learner, and very interested in reverse engineering of software.

Do you understand assembly language? If not this is a _very_ long learning
curve! Reverse engineering consists of three things:

1. Use a hexeditor or NTFS DiskEdit (provided by MS on NT4SP4 CD) and study
the structures on disk and play with files, e.g. compress/uncompress,
encrypt/decrypt, apply quotas, apply ACLs, and look at how the disk changes.

2. Use a disassembler (I use IDA Pro from www.datarescue.com/idapro,
excellent product btw!) to get at the human readable form of ntfs.sys and
associated system files. Fortunately MS provides some debugging symbols on
their web site which help a lot as they name some of the functions and
global variables so you have some idea of what is going on right away. -
This is extremely time consuming. - My current NTFS.sys disassembled file
(from WinNT4 ntfs.sys) has 171460 lines! A _lot_ of code...

3. Use a kernel mode debugger (like SoftIce for example) and place break
points inside the NTFS driver in memory and then trace execution to see
what values are contained in some of the driver's variables, what functions
call what, what they do, etc.

Without a working knowledge of assembly language points 2 and 3 are
impossible...

>i have access to the msdn library and maganzies

So does everyone. They are free on the net.

> and have lot of free time for dedicated ntfs code hacking.

Now that is cool. (-:

If you are really interested join the linux-ntfs project on Sourceforge.
The documentation provided by the header files is the most in depth and
most complete docs about NTFS you will ever find... You can use that
knowledge to either help linux-ntfs development or just take the knowledge
and use it to fix the existing driver instead. I welcome patches! [Make
sure to download CVS and not the released version as that is very out of date.]

Anton

-- 
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Linux NTFS Maintainer / WWW: http://sourceforge.net/projects/linux-ntfs/
ICQ: 8561279 / WWW: http://www-stu.christs.cam.ac.uk/~aia21/

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/