technical support Pre-consultation Contacts 中文
MRT Lab > FS > Views
mrt seagate ssd 希捷 教程 硬盘

NTFS standard one

 

Sector data structure

Non-resident data in each cluster has a specific serial number, the serial number is called virtual cluster, the virtual cluster number 0 refers to the first cluster data stream.
 
Each volume has a specific cluster number, this number is called the logic cluster number, a logical cluster number of the first 0 refers to the volume of a cluster (boot sector).
 
Interval stored in the cluster is called attribute data stream . Each stream consists of the starting cluster number and size to describe. Starting cluster number of the former with respect to the flow of a stream offset value is a signed number. Stream format described below: 

Name
Offset
Size
Explanation
SD_Desc
0
1
The number of bytes flow description shows high four (M) describes the number of bytes in the stream description offset, low-4 (N) describes the size of the stream description
SD_Size
1
N
The current size of the stream
SD_Off
N +1
M
Offset relative to the current flow of a stream, if the most significant bit of the value of one indicates that the value is a negative number

 

 After a description of the wake flow under a flow description, if the next SD_Desc described as 0 indicates that the current description of the last one.
Describe compressed files and sparse file data in the form of streams under normal circumstances.
 
Example 1: Generally
Flow 1:      SD_Desc = 21 - accounted for two-byte offset, size, representing a byte.
              SD_Size = 20 (1 byte)
              SD_Off = 5ED (2 bytes)
              Offset = 5ED
              Length= 20
Flow 2:      SD_Desc = 22 - accounted for two-byte offset, size, accounting for two bytes.
              SD_Size = 748 (2 bytes)
              SD_Off = 2248 (2 bytes)
              Offset = 2835 (2248 +5 ED)
              Length=748
Flow 3:      SD_Desc = 21 - accounted for two-byte offset, size, representing a byte.
              SD_Size = 28 (1 byte)
              SD_Off = DBC8 (2 bytes)
              Offset = 3FD (2835 + FFFFDBC8)
              Length=28
Flow 4:      SD_Desc = 0 . Description end marker
Subtotal:
    0x20        clusters stored in the cluster number     0x5ED      the beginning
  0x748      clusters stored in the cluster number     0x2853    at the beginning
  0x28        clusters stored in the cluster number     0x3FD       the beginning
 
Example 2: compressed stream
Flow 1:      SD_Desc = 11 - representing a byte offset, size, representing a byte.
              SD_Size = 8 (1 byte)
              SD_Off = 40 (1 byte)
              Offset = 40
              Length= 8
Flow 2:      SD_Desc = 01 - accounted for 0 byte offset, size, representing one byte.
              SD_Size = 8 (1 byte)
              SD_Off   = -
              Offset = -
              Length= 8
Flow 3:      SD_Desc = 11 - representing a byte offset, size, representing a byte.
              SD_Size = 10 (1 byte)
              SD_Off = 8 (1 byte)
              Offset = 48 (40+8)
              Length= 20
Flow 4:      SD_Desc = 11 - accounted byte offset, size, representing one byte.
              SD_Size = C (1 byte)
              SD_Off = 10 (1 byte)
              Offset = 58(48+10)
              Length= C
Flow 5:      SD_Desc = 01 - accounted for 0 byte offset, size, representing one byte.
              SD_Size = 4
              SD_Off   = -
PrePage123NextPage
<< NTFS standard two >>Manual positioning files from NTFS file system
Check all comments
Related tutorials
Hot documents
Recommend
 
Statement:Data recovery has certain risk, non professionals should be careful to avoid the secondary damage!
Domain name: www.mrtlab.com | | Telephone: +86-27-82621261 | Terms of use
MRT data recovery website,provides professional HDD firmware repair and data recovery technical resources!
Copyright 2003-2019 Powered By MrtLab