Sysinternals/streams

From aldeid
Jump to navigation Jump to search

Description

Tool from Sysinternals to view and delete Alternate Data Streams (ADS).

Installation

Download link: http://download.sysinternals.com/files/Streams.zip

Usage

Syntax

Usage: streams.exe [-s] [-d] <file or directory>

Options

-s
Recurse subdirectories
-d
Delete streams

Example

Let's create a stream in a text file: 

C:\malware>echo hidden stream > test.txt:hidden
C:\malware>more < test.txt:hidden
hidden stream

Now let's find and delete the streams: 

C:\malware>\tools\streams.exe -s -d c:\malware

Streams v1.56 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals - www.sysinternals.com

c:\malware\test.txt:
   Deleted :hidden:$DATA

The stream has been deleted: 

C:\malware>more < test.txt:hidden
Le fichier spécifié est introuvable.

Comments

Retrieved from "https://www.aldeid.com/w/index.php?title=Sysinternals/streams&oldid=27383"