FlexHEX Editor - Just the Right Tool to Edit Binaries
Working with Alternate (or Named) Streams

Hex Editing with FlexHEX

Inspecting Data

Browsing Undo List

Working with Huge Files

Editing NTFS Alternate Streams

Editing NTFS Sparse File

Navigating Using Bookmarks

User-defined Data Fields

Editing OLE Compound Files
 

 

Editing NTFS Alternate Streams

If you run Windows XP SP2, you may have noticed that it displays a warning every time you try to run a file, downloaded from the Internet. Ever wondered how it tells downloaded files from local ones? Let's open a downloaded file in FlexHEX:

Example of alternate stream

That's it! You can see that the Internet Explorer added a stream named 'Zone.Identifier', containing file zone ID. Easy to guess, 'ZoneId=3' means 'danger'. Delete this stream, and the file will magically become a good old local file, not in any way suspicious.

If you are interested to learn more about NTFS named streams, you can find a detailed discussion in the article NTFS Alternate Streams: What, When, and How To.

Previous Page       Next Page Download Now!
 
Copyright © 2007 Inv Softworks LLC
All rights reserved		  
Home | Product | Download | Order | Support | Documentation | Company