Google Blogoscoped

Forum

The mystery of the zero byte image

Cow [PersonRank 2]

Sunday, November 20, 2005
18 years ago

This is kind of a follow up to the mystery of the missing HTML (http://blogoscoped.com/forum/11732.html) but it uses a very different method and unlike the last one, this uses Windows.

Basically, I've made the Google logo zero bytes (or appear to be zero bytes).

Steps to reproduce:
http://cow.neondragon.net/index.php/292-The-Mystery-Of-The-Zero-Byte-Image

Anyone know how it's done?:)

James [PersonRank 0]

18 years ago #

It's using NTFS alternate data streams, which are not properly accounted for in the explorer UI. The :rw indicates the use of another stream. IE6SP2 uses this to mark files downloaded from the internet – search on [Zone.Identifier] for more details.

Artem [PersonRank 4]

18 years ago #

The reason is called Windows Alternate Data Streams (ADS). In essence it is NTFS feature with the purpose of associating with the file several data streams. Programs can store there icons, descriptions, etc.

Well, hackers also store their rootkits in the ADS, because normal Windows utilities don't take ADS into account. I believe the main reason for it the the fact, that (possibly assigned by the Windows Explorer) app's icons and description should not be a part of the file size.

You can read more about ADS here: http://www.windowsecurity.com/articles/Alternate_Data_Streams.html

P.S.
Philipp, when are you going to add Preview to the forum posts? :)

Brian M. [PersonRank 10]

18 years ago #

A realtime javascript preview would be trivial...

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!