Introduction of NTFS File System
|
NTFS boot sector is also located in the file system No. 0 sector, this is it the only similarities with the FAT file system on the layout.Data structure as shown below, this picture shows a hard DBR:
 4.1 DBR's role
DBR ( DOS BOOT RECORD, DOS boot record), located at cylinder 0, head 1, sector 1, that is the logical sector 0. DBR is divided into two parts: DOS boot program and BPB (BIOS parameter block). Which DOS boot process is complete DOS system files (IO.SYS, MSDOS.SYS) positioning and loading, while BPB information used to describe the DOS disk partitions, BPB is located at 0BH DBR offset of 13 bytes. It contains the parameters used when a logical format, available for DOS file allocation table is calculated on the disk, the starting address of the directory and data areas, formatting after BPB words provide physical parameters (low grid) when used. Boot program or device driver disks based on these logical address information (DOS sector number) into a physical address (absolute sector number).
4.2 DBR data structure
More than the number of bytes to guide the most critical sectors are 0B-0C (bytes per sector) 0B-0C (bytes per sector) 0D (number of sectors per cluster) 28-2F (the sum of the file system sector ) 30-37 (MFT starting cluster number) 38-3F (MFT backup starting cluster number) 40 (MFT entries each size) 44 (each index number of clusters), but unpredictable data corruption occurs, you can Based on the above information rebuild partition table, locate the data area, recovery MFT, reconstruction DBR, the usefulness of these keywords section code is self-evident. Chapter MFT master file table
Formatted as NTFS file system when, that is, which created a master file table MFT, which contains 16 yuan file records. To minimize the possibility of fragmentation of the $ MFT file system to reserve in advance for the entire file system in advance about 12.5% of the space. Only when the user data area space exhaustion, will temporarily give up some space to store data MFT area, but once the data area has enough space, it will immediately let out to recover the original MFT space. MFT master file table MFT of one of the items, each item is actually a MFT file record, which is recorded with various information of the various attributes of the file or directory. The actual size of each MFT entry will be explained in the boot sector, all versions of Microsoft are 1024 bytes in size. A front portion comprising dozens of bytes of fixed size and structure MFT head, the remaining bytes of the attribute list for the storage of various attributes.
5.1 MFT basic features:
Ø The first area is the signature MFT, all MFT entries have the same signature (FILE). If you find an error in the item, it may be rewritten as the words "BAAD"'s.
Ø MFT entry there is a flag field to illustrate the entry is a file or a directory entry, as well as its distribution state. MFT allocation status is also a $ BITMAP attribute file description.
Ø Each MFT entry occupies two sectors, the end of each two-byte sector has a correction value, the correction value MFT entry update sequence number is the same, if we find a different, considers the MFT entry errors .
Ø If a file's attributes more, using an MFT entry can not accommodate all of the property, you can use multiple MFT entries, the first entry is called basic or fundamental MFT file record entries.
|