Are you familiar with the feature of NTFS called Alternate Data Streams? Our typical usage of files is pretty simple. We double click it and it opens. But by default we are only accessing the “default” data stream. We can write to multiple data streams, effectively storing multiple files in a single file. These alternate streams are generally hidden, but we can see them and even write to them. I’ll show you how to do it from the command line and from C#.
Even if you have never heard of this feature, you have probably used it. On Windows, when you download a file the OS automatically writes the Internet Zone that the file came from to an alternate stream. This is what you manipulate with the “Unblock” checkbox:
You can view the details of the stream with a simple dir command that shows the stream name and number of bytes it contains:
And, you can view the data with notepad by specifying the file name with its Alternate Data Stream:
Writing text to an Alternate Data Stream is pretty simple. The command line supports this, all you have to do is provide the name you want to give the stream:
echo I'm writing a new stream ! > someExistingFile.txt:YourNameChoiceHere
That’s pretty interesting in itself, but we are not limited to writing text. We can write any data. The following C# program will write text to the default stream, an image to one alternate stream and finally a PDF to another. Unfortunately C# doesn’t have native support for this so we have to p/Invoke a bit:
After running the program (be sure to edit you paths and files appropriately), the following 3 commands ….
c:\Users\tekhe\temp>"C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe" funwithfiles.txt:PDFSample c:\Users\tekhe\temp>notepad funwithfiles.txt c:\Users\tekhe\temp>mspaint funwithfiles.txt:TheKitten
… open the following files, read from the default and Alternate Data Streams: