Windows File System
1. Windows FSD structure
File System Driver of Windows 2000/XP can be divided in local FSD and remote FSD.
Local FSD: allow users to access data on the local computer
- FSD is responsible to the local I / O manager register yourself, when you start to access a volume, I / O manager calls FSD to identify the volume.
- After the completion of the roll identification, local FSD to create a device object representing the mounted file system.
- I / establish a connection between the volume device object O Manager by volume parameter block (VPB) in volume device object store manager to create and FSD created. This connection will be I / O Manager I / O request to the FSD device object.
Remote FSD: allow users to access data on a remote computer over a network.
Consists of two parts: a client and server side FSD FSD.
- FSD first client receives from the application I / O requests, and converted to a network file system protocol commands, and then sent to the server over the network FSD.
- Server-side FSD listens network command, the receiving network file system protocol and forwarded to the local FSD command to execute.
FSD and file system operations
Windows file system related operations are done by FSD:
- Display File I / O: applications via I / O interface functions such as CreateFile, ReadFile, WriteFile, etc. to access the file.
- Delayed write cache: this thread regularly cache pages that have been modified write operation.
- Read-ahead cache: This thread is responsible for reading the data in advance.
- Memory dirty pages to write: This thread regular cleaning buffer.
- Memory page fault processing
2 Windows 2000/XP supported file systems
2.1 CDFS and UDF
CDFS (CDROM File System) that CD-ROM file system. UDF standard has now been replaced.
- Features: file and directory names must be less than 32 characters; directory tree depth should not exceed 8 levels.
- Windows 2000/XP by \ Winnt \ System32 \ Drivers \ Cdfs.sys implementation supports CDFS's.
UDF (Universal Disk Format) that is universal disk format.
- Features: File names can be case-sensitive; filenames to 255 characters long; longest path to 1023 characters.
- Windows 2000/XP by \ Winnt \ System32 \ Drivers \ Udfs.sys implementation supports the UDF.
2.2 FAT12 , FAT16 , FAT32
Windows 2000/XP via \ Winnt \ System32 \ Drivers \ Fastfat.sys provide FAT (File Allocation Table, File Allocation Table) file system driver.
FAT12 and FAT16
- FAT file system with disk-digit numbers to identify Shangcu number. 12 clusters identified as FAT12, FAT16 cluster is identified as 16.
- FAT12 is 5.25 inch and 3.5-inch floppy disk in a standard format.
- FAT volume is divided into several areas: boot sector, file allocation table (contains entries for all clusters on a roll and keep a backup), the root directory (FAT12 and FAT16 can only store up to 256 files or directories), other directories and documents.
- FAT16 advantages: multiple operating systems can be accessed. Disadvantages: Does not support long file names; do not support the system fault tolerance; does not support the internal security features.
- The file allocation table identifies clusters expanded to 32, mainly used in Windows 9x and Windows Me.
- Advantages: 1) with a strong ability to address more effectively manage than FAT16 disk;
2) the number of files in the root directory without a maximum limit of 256;
3) extension for the backup boot record contains important data structure, and thus not easily affected by the error partition a single point;
4) supports long file name format
- Disadvantages: does not support the same features and internal security system fault tolerance features.
2.3 NTFS (New Technology File System )
2.3.1 NTFS advantage
- Support for file system data recoverability, security, data redundancy and fault tolerant data;
- Has other advanced features: multiple data streams, fully supports Unicode, generic indexing mechanism, dynamic bad-cluster remapping (Hot Fix), full support for POSIX (Portable Operating System Interface), supports compressed file data, logging and support user disk quota, hard links and soft links (hard links from multiple paths to allow the same files and directories, soft links allow redirect a directory), link tracking, encryption, defragmentation.
1. NTFS recoverability support
NTFS is achieved by logging recoverability of the file system.
All sub-operating to change the file system on the disk before you run, the first to be recorded in the log file. In the recovery phase, NTFS file operations based on the information recorded in the log file, and the completion of those transactions were partially redone or revoked, in order to ensure consistency of the file system on the disk. This technique is called "pre-written log record."
2. NTFS bad clusters recovery support
Windows 2000/XP volume management functions are used FtDisk by basic disks and dynamic disks LDM (Logical Disk Manager) is used to achieve volume management tool repair bad clusters.
NTFS dynamically at runtime to collect information about the bad clusters and stored in the system file, and in the application environment without having to know the existence of bad clusters. When an error occurs sector, tolerant NTFS driver to issue the notice of the sector is bad, NTFS allocates a new cluster to replace the bad sectors in the cluster, and copy the data to the new cluster, NTFS will mark the bad sector and no longer use it.
3. NTFS security support
NTFS files and directories as objects and collections of objects, object files and directories with a security descriptor, and as part of the file is stored on disk. Before opening the process to verify whether the process object handle has sufficient permissions.
NTFS support Encrypting File System (EFS), in order to prevent unauthorized users from accessing encrypted files.
2.3.2 NTFS FSD (File System Driver)
- I / O Manager I / O request is sent to the NTFS FSD execution.
- NTFS FSD application through the creation and access to documents. Steps are as follows: First, check the permissions to see if a legitimate user's request; then I / O Manager will convert the file handle for the file object pointer; finally NTFS files on the disk to get through the file object pointer.
2.3.3 NTFS disk structure
NTFS is a volume-based. Volume builds on disk partitions.
Zoning is a fundamental part of the disk is formatted and can use a single logical unit. When a disk is formatted in NTFS format partition is created on an NTFS volume.
A disk can have multiple volumes, a volume may be composed of multiple disks. Windows 2000/XP often used FAT and NTFS volumes volumes. 2. Cluster
NTFS and FAT, the use of clusters as the basic unit of disk space allocation and recovery. That is a whole cluster of several files take up the remaining space of the last cluster is no longer used.
Internally, NTFS cluster references only and not know the size of the disk sectors. This allows NTFS to maintain the independence of the physical sector size, able to choose the right cluster of disks of different sizes.
Shangcu volume size (called clustering factor) is the user use the Format command or other formatting program to determine when the volume is formatted, it varies with the size of the volume, but are an integer multiple of the physical sector.
Clusters can be used to locate the logical cluster number (LCN) and the virtual cluster number (VCN)
- LCN clusters on the volume all the simple numbers from start to finish. Clustering factor multiplied by the physical byte offset volume LCN available, resulting in a physical disk address.
- VCN files belonging to a particular cluster number from 0 to m, in order to reference the data file. VCN does not require physically contiguous, can be mapped to any number on the volume LCN.
3. Master File Table (MFT)
In NTFS, all data stored in the volume, including the data structures used to locate and recover files, program data and records to guide the allocation status of the entire volume bitmap (NTFS metadata), are contained in a document called the master Table (MFT) file.
MFT is the core structure of the NTFS volume, NTFS is the most important system files. MFT file record array to realize that each file size is 1KB, each file on the volume (including the MFT itself) has one row MFT record.
4. File reference number
NTFS file volumes through called "file reference number" 64 values identified.
File reference number from the file number (lower 48) and file sequence number (upper 16 bits).