📄 secure.html
字号:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//ZH_CN">
<!-- http://linux-ntfs.sourceforge.net/ntfs/files/secure.html -->
<html lang="ZH_CN">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="description" content="NTFS Documentation">
<link rel="stylesheet" type="text/css" href="../style/ntfsdoc.css">
<link rel="start" type="text/html" href="../index.html" title="NTFS Documentation">
<title>$Secure (9) - File - NTFS Documentation</title>
</head>
<body>
<table border="0" class="toolbar" summary="" cellspacing="0">
<tr>
<td class="toolbar"><div class="toolbar"><a accesskey="1" class="toolbar" href="../index.html">主页</a></div></td> <td class="toolbar"><div class="toolbar"><a accesskey="2" class="toolbar" href="../files/index.html">文件</a></div></td> <td class="toolbar"><div class="toolbar"><a accesskey="3" class="toolbar" href="../attributes/index.html">属性</a></div></td> <td class="toolbar"><div class="toolbar"><a accesskey="4" class="toolbar" href="../concepts/index.html">概念</a></div></td> <td class="toolbar"><a accesskey="5" class="toolbar" href="../help/glossary.html">词汇</a></td>
</tr>
</table>
<h1>文件 - $Secure (9)</h1>
<a class="prevnext" accesskey="," href="badclus.html">前一页</a>
<a class="prevnext" accesskey="." href="upcase.html">后一页</a>
<h2>概述</h2>
<p>
在NTFS v1.2里,每个文件都有一个<a href="../attributes/security_descriptor.html">安全描述符($SECURITY_DESCRIPTOR)
</a>属性。 它无法读取和检查每个文件的存取,而且它们大多数是一样的。NTFSv3.0引入了一个新的元数据文件$Secure。 </p>
<p>
安全标识符,在<a href="../attributes/standard_information.html">标准信息($STANDARD_INFORMATION)</a>里的一个新区域,是一个进入$Secure的索引。这里的$SDS是一个数据流,$SII 和$SDH是
两个索引,这个数据流拥有一个在卷上每个<a href="../attributes/security_descriptor.html">安全描述符($SECURITY_DESCRIPTOR)
</a>属性的拷贝,而这两个索引可交叉参考每件事。
</p>
<h2><a class="heading" href="../attributes/index.html">属性</a></h2>
<table border="1" summary="" cellspacing="0">
<tr>
<th class="numeric">类型</th>
<th>描述</th>
<th>名称</th>
</tr>
<tr>
<td class="numeric"><a class="numeric" href="../attributes/standard_information.html">0x10</a></td>
<td><a href="../attributes/standard_information.html">$STANDARD_INFORMATION</a></td>
<td> </td>
</tr>
<tr>
<td class="numeric"><a class="numeric" href="../attributes/file_name.html">0x30</a></td>
<td><a href="../attributes/file_name.html">$FILE_NAME</a></td>
<td>$Secure</td>
</tr>
<tr>
<td class="numeric"><a class="numeric" href="../attributes/data.html">0x80</a></td>
<td><a href="../attributes/data.html">$DATA</a></td>
<td>$SDS</td>
</tr>
<tr>
<td class="numeric"><a class="numeric" href="../attributes/index_root.html">0x90</a></td>
<td><a href="../attributes/index_root.html">$INDEX_ROOT</a></td>
<td>$SDH</td>
</tr>
<tr>
<td class="numeric"><a class="numeric" href="../attributes/index_root.html">0x90</a></td>
<td><a href="../attributes/index_root.html">$INDEX_ROOT</a></td>
<td>$SII</td>
</tr>
<tr>
<td class="numeric"><a class="numeric" href="../attributes/index_allocation.html">0xA0</a></td>
<td><a href="../attributes/index_allocation.html">$INDEX_ALLOCATION</a></td>
<td>$SDH</td>
</tr>
<tr>
<td class="numeric"><a class="numeric" href="../attributes/index_allocation.html">0xA0</a></td>
<td><a href="../attributes/index_allocation.html">$INDEX_ALLOCATION</a></td>
<td>$SII</td>
</tr>
<tr>
<td class="numeric"><a class="numeric" href="../attributes/bitmap.html">0xB0</a></td>
<td><a href="../attributes/bitmap.html">$BITMAP</a></td>
<td>$SDH</td>
</tr>
<tr>
<td class="numeric"><a class="numeric" href="../attributes/bitmap.html">0xB0</a></td>
<td><a href="../attributes/bitmap.html">$BITMAP</a></td>
<td>$SII</td>
</tr>
</table>
<h2>文件结构</h2>
<a name="sds"></a>
<h3>$SDS数据流</h3>
<p>
这个安全描述符流($SDS)包含一个卷上所有安全描述符的列表。
每一项都填到一个16字节边界并有一个用于索引的无用信息。
</p>
<table border="1" summary="" cellspacing="0">
<tr>
<th class="numeric">偏移量</th>
<th class="numeric">大小</th>
<th colspan="2">描述</th>
</tr>
<tr>
<td class="numeric">0x00</td>
<td class="numeric">4</td>
<td colspan="2">安全描述符的无用信息</td>
</tr>
<tr>
<td class="numeric">0x04</td>
<td class="numeric">4</td>
<td colspan="2">安全标识符</td>
</tr>
<tr>
<td class="numeric">0x08</td>
<td class="numeric">8</td>
<td colspan="2">文件中的项的偏移量</td>
</tr>
<tr>
<td class="numeric">0x10</td>
<td class="numeric">4</td>
<td colspan="2">项的大小</td>
</tr>
<tr>
<td class="numeric">0x04</td>
<td class="numeric">V</td>
<td colspan="2">自相关的安全描述符</td>
</tr>
<tr>
<td class="numeric">V+0x04</td>
<td class="numeric">P16</td>
<td colspan="2">填料</td>
</tr>
</table>
<pre>
由安全标识符分类
自相关? == 2 * SID
一般是一个大文件,不是所有都用
这里也许有丢失的入口--测试
开始是标识部分的大模块,然后是垃圾,然后是另一个256KB的模块
</pre>
<h3>$SDH索引</h3>
<p>
安全描述符无用信息索引
</p>
<table border="1" summary="" cellspacing="0">
<tr>
<th class="numeric">偏移量</th>
<th class="numeric">大小</th>
<th class="numeric">值</th>
<th colspan="2">描述</th>
</tr>
<tr>
<td class="numeric">~</td>
<td class="numeric">~</td>
<td class="numeric">~</td>
<td colspan="2"><a href="../concepts/index_header.html">标准索引标题</a></td>
</tr>
<tr>
<td class="numeric">0x00</td>
<td class="numeric">2</td>
<td class="numeric">0x18</td>
<td colspan="2">到数据的偏移量</td>
</tr>
<tr>
<td class="numeric">0x02</td>
<td class="numeric">2</td>
<td class="numeric">0x14</td>
<td colspan="2">数据的大小</td>
</tr>
<tr>
<td class="numeric">0x04</td>
<td class="numeric">4</td>
<td class="numeric">0x00</td>
<td colspan="2">填料</td>
</tr>
<tr>
<td class="numeric">0x08</td>
<td class="numeric">2</td>
<td class="numeric">0x30</td>
<td colspan="2">索引项的大小</td>
</tr>
<tr>
<td class="numeric">0x0A</td>
<td class="numeric">2</td>
<td class="numeric">0x08</td>
<td colspan="2">索引键的大小</td>
</tr>
<tr>
<td class="numeric">0x0C</td>
<td class="numeric">2</td>
<td class="numeric"> </td>
<td colspan="2">标记</td>
</tr>
<tr>
<td class="numeric">0x0E</td>
<td class="numeric">2</td>
<td class="numeric">0x00</td>
<td colspan="2">填料</td>
</tr>
<tr>
<td class="numeric">0x10</td>
<td class="numeric">4</td>
<td class="numeric"> </td>
<td>键</td>
<td>安全描述符的无用信息</td>
</tr>
<tr>
<td class="numeric">0x14</td>
<td class="numeric">4</td>
<td class="numeric"> </td>
<td>键</td>
<td>安全描述符</td>
</tr>
<tr>
<td class="numeric">0x18</td>
<td class="numeric">4</td>
<td class="numeric"> </td>
<td>数据</td>
<td>安全描述符的无用信息</td>
</tr>
<tr>
<td class="numeric">0x1C</td>
<td class="numeric">4</td>
<td class="numeric"> </td>
<td>数据</td>
<td>安全描述符</td>
</tr>
<tr>
<td class="numeric">0x20</td>
<td class="numeric">8</td>
<td class="numeric"> </td>
<td>数据</td>
<td>到安全描述符的偏移量 (在 $SDS里)</td>
</tr>
<tr>
<td class="numeric">0x28</td>
<td class="numeric">4</td>
<td class="numeric"> </td>
<td>数据</td>
<td>安全描述符的大小 (在 $SDS里)</td>
</tr>
<tr>
<td class="numeric">0x2C</td>
<td class="numeric">P8</td>
<td class="numeric"> </td>
<td>数据</td>
<td>填料</td>
</tr>
</table>
<pre>
最后一个填料一般是4个字节,并总是表示为
Unicode 标准编码字串"II".
</pre>
<h3>$SII索引</h3>
<pre>
安全标识符索引($SII)
</pre>
<table border="1" summary="" cellspacing="0">
<tr>
<th class="numeric">偏移量</th>
<th class="numeric">大小</th>
<th class="numeric">值</th>
<th colspan="2">描述</th>
</tr>
<tr>
<td class="numeric">~</td>
<td class="numeric">~</td>
<td class="numeric">~</td>
<td colspan="2"><a href="../concepts/index_header.html">标准索引标题</a></td>
</tr>
<tr>
<td class="numeric">0x00</td>
<td class="numeric">2</td>
<td class="numeric">0x14</td>
<td colspan="2">到数据的偏移量</td>
</tr>
<tr>
<td class="numeric">0x02</td>
<td class="numeric">2</td>
<td class="numeric">0x14</td>
<td colspan="2">数据的大小</td>
</tr>
<tr>
<td class="numeric">0x04</td>
<td class="numeric">4</td>
<td class="numeric">0x00</td>
<td colspan="2">填料</td>
</tr>
<tr>
<td class="numeric">0x08</td>
<td class="numeric">2</td>
<td class="numeric">0x28</td>
<td colspan="2">索引项的大小</td>
</tr>
<tr>
<td class="numeric">0x0A</td>
<td class="numeric">2</td>
<td class="numeric">0x04</td>
<td colspan="2">索引键的大小</td>
</tr>
<tr>
<td class="numeric">0x0C</td>
<td class="numeric">2</td>
<td class="numeric"> </td>
<td colspan="2">标记</td>
</tr>
<tr>
<td class="numeric">0x0E</td>
<td class="numeric">2</td>
<td class="numeric">0x00</td>
<td colspan="2">填料</td>
</tr>
<tr>
<td class="numeric">0x10</td>
<td class="numeric">4</td>
<td class="numeric"> </td>
<td>键</td>
<td>安全标识符</td>
</tr>
<tr>
<td class="numeric">0x14</td>
<td class="numeric">4</td>
<td class="numeric"> </td>
<td>数据</td>
<td>安全描述符的无用信息</td>
</tr>
<tr>
<td class="numeric">0x18</td>
<td class="numeric">4</td>
<td class="numeric"> </td>
<td>数据</td>
<td>安全描述符</td>
</tr>
<tr>
<td class="numeric">0x1C</td>
<td class="numeric">8</td>
<td class="numeric"> </td>
<td>数据</td>
<td>到安全描述符的偏移量(在 $SDS里)</td>
</tr>
<tr>
<td class="numeric">0x24</td>
<td class="numeric">4</td>
<td class="numeric"> </td>
<td>数据</td>
<td>安全描述符的大小 (在 $SDS里)</td>
</tr>
</table>
<pre>
文件由无用信息分类。
安全描述符存储在$SDS数据流里。
偏移量很特别(64比特不是8字节排列)
</pre>
<h2>注意</h2>
<h3>问题</h3>
<ul>
<li>为什么一些文件还有安全描述符属性($SECURITY_DESCRIPTOR Attribute)?</li>
<li>安全无用信息是怎么产生的?</li>
</ul>
<br>
<a class="contact" href="http://linux-ntfs.sourceforge.net/ntfs/files/secure.html">Online</a>
<a class="contact" href="http://www.reddragonfly.org/ntfs/files/secure.html">中文在线</a>
<!-- The two validators will only work if this page is visible on the web -->
<a class="contact" href="http://validator.w3.org/check/referer">Validate HTML</a>
<a class="contact" href="http://jigsaw.w3.org/css-validator/check/referer">Validate CSS</a>
<a class="contact" href="mailto:webmaster@flatcap.org">$Id: secure.html,v 1.12 2001/07/11 11:04:05 flatcap Exp $</a>
</body>
</html>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -