University/Notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vault backup: 2025-05-05 16:48:06

Browse Source
This commit is contained in:
Boyan
2025-05-05 16:48:06 +02:00
parent 464477c358
commit bf04a00d10
13 changed files with 32756 additions and 2359 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
Operating Systems/File Systems Management.md
View File

@ -217,9 +217,15 @@ The table itself is a list of blocks where many links are created and stored. Ea
Note the reserved blocks. They contain:
- Boot sector (VBR)
- Bios parameter block
- Bootloader code
- Sector, cluster size, FAT count, root directory location
- FS information Sector (only for FAT32)
- Last allocated cluster for speed
- Backup boot sector
- In case of corruption
#### Free blocks list
@ -231,7 +237,91 @@ Stores a value for each cluster which can indicate:
To find a free block we just need to search for the first available cluster. We keep the last allocated cluster, optimizing search time.
### NTFS
New Technologies File System
New Technologies File System.
- Everything is a cluster
- Size is a multiple of disk block size
- Journaling
- File data compression
![](Pasted%20image%2020250505161542.png)
- Boot sector (VBR)
- NTFS signature and other boot info
- Location of Master File Table (MFT)
- Sector 0 of partition
- MFT
- Stores metadata for every file and directory
- MFT entry that stores attributes
- name
- size
- timestamps
- security
- MFT itself is described in the MFT lmfao
- File system metadata
- $MFT, $Bitmap , $LogFile, $Secure, etc. store metadata
- System files are treated like regular files
- Data
- Actual file content, either stored in MFT for small entries or in separate clusters (large files)
- Uses extents[^4] and B+ trees[^5]
- Supports encryption
#### MFT entry
Each file or directory is represented by a 1KB entry:
- File name
- Info (timestamps, perms)
- Data location (resident[^6] or not)
- Index
- Attributes
![](Pasted%20image%2020250505162331.png)
##### `$DATA`
- Mft Entry
- If the file contains regular data, the `$DATA` attribute stores the file content or the location
- For files that fit in a single MFT record (1KB usually)
- In-place storage of data (resident)
- For larger files, the `$DATA` attribute contains data runs, which are pointers that tell NTFS where the file's data is located on the disk. Typically a sequence of three values
- offset/ length byte
- Cluster count
- Cluster offset
##### Bitmaps
- Map of logical clusters in use and not. Same as FAT.
##### Compression
Compresses data in 16-cluster chunks.
Size of a compression unit (chunk) depends on cluster size:
- 4 KB cluster size -> 64 KB compression unit (most common on modern volumes)
- 8 KB cluster size -> 128 KB compression unit
If a chunk is not compressible to at least 50%, NTFS stores it uncompressed.
Uses LZNT1, a variation of (LZ77)
##### Journaling
Logs all file system changes in the `$LOGFILE` before applying them.
- It can detect bad sectors and mark them in `$BadClus`
- NTFS can recover a corrupted MFT using `$MFTMirr`
- NTFS uses ACLs to manage permissions
- Each file stores a `$SECURITY_DESCRIPTOR`
### Security descriptors
```
Owner: S-1-5-21-3623811015-3361044348-30300820-1001 (User: Alice)
Group: S-1-5-32-544 (Administrators)
DACL:
Allow: S-1-5-21-3623811015-3361044348-30300820-1001 (Alice) - Full Control
Deny: S-1-5-21-3623811015-3361044348-30300820-1002 (Bob) - Read Access
Allow: S-1-5-18 (Local System) - Full Control
SACL:
Audit: S-1-5-21-3623811015-3361044348-30300820-1003 (Eve) - Log Failed
Access
```
Where DACL = **Discretionary Access Control List** and SACL = **System Access Control List**
@ -243,3 +333,9 @@ New Technologies File System
[^2]: Extension (.pdf, .txt) as opposed to format, which specifies the [grammar](Regular%20languages.md) of the file
[^3]: contains information about where to place different parts of the program in memory.
[^4]: contiguous area of storage reserved for a file in a file system, represented as a range of block numbers, or tracks on count key data devices
[^5]: Balanced based on height tree. Nodes can contain multiple keys and pointers. Leaf nodes are the data records, upper nodes only store ketys. Ordered (BST).
[^6]: In the MFT entry straight up.

4
Operating Systems/Inter-Process Communication.md
View File

@ -132,6 +132,10 @@ It uses **condition variables** (often with wait and signal[^3]operations) to al
![|600](Pasted%20image%2020250502180811.png)
## Endianness
![](Pasted%20image%2020250505163335.png)
---
[^1]: [Context switching](Processes%20and%20Threads.md#Context%20switching)

BIN
Operating Systems/assets/Pasted image 20250505161542.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
Operating Systems/assets/Pasted image 20250505162331.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 98 KiB

BIN
Operating Systems/assets/Pasted image 20250505163335.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 92 KiB