ntfs

Page 61

NTFS Files

Offset

Size

Value

Description

0x0A

2

0x08

Size of Index Key

0x0C

2

0x0E

2

0x10

4

Key

Hash of Security Descriptor

0x14

4

Key

Security Id

0x18

4

Data

Hash of Security Descriptor

0x1C

4

Data

Security Id

0x20

8

Data

Offset to Security Descriptor (in $SDS)

0x28

4

Data

Size of Security Descriptor (in $SDS)

0x2C

P8

Data

Padding

Flags 0x00

Padding

Last padding is always 4 bytes and always appears to be the Unicode string "II".

11.3.3. $SII Index The Security Id Index ($SII)

Table 3.24. Layout of $Secure:$SII Offset

Size

Value

Description

~

~

~

Standard Index Header

0x00

2

0x14

Offset to data

0x02

2

0x14

Size of data

0x04

4

0x00

Padding

0x08

2

0x28

Size of Index Entry

0x0A

2

0x04

Size of Index Key

0x0C

2

0x0E

2

0x10

4

Key

Security Id

0x14

4

Data

Hash of Security Descriptor

0x18

4

Data

Security Id

0x1C

8

Data

Offset to Security Descriptor (in $SDS)

0x24

4

Data

Size of Security Descriptor (in $SDS)

Flags 0x00

Padding

This file is sorted by the hash. The security descriptors are stored in the $SDS data stream. surprisingly the offset (64 bit isn't 8 byte aligned)

11.4. Notes 53

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.