Windows: NTFS symbolic links and hard links

Hi,

today I will explain the possiblity of the ntfs filesystem to create symbolic- and hardlinks.

Whats the difference? A symbolic link (File) or junction point (Directory) is a pointer to an existing file or directory. These works across volumes.
A hardlink is a file or directory which is referenced by more then one path on the same volume.

An example. The explorer.exe in c:\windows. The most Windows system files are hardlinks. These files have two of them. One in the Windows, respective system32 folder and one to its current version in the component store winsxs.

[C:\]fsutil hardlink list c:\Windows\explorer.exe
\Windows\explorer.exe
\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

this means the file is stored once and there are two references in the filesystem to it.
With the dir command you cannot identify an hardlink. The only way is fsutil.exe.

Creating an hardlink is very easy. Two builtin command line tools are available since Windows Vista/Server 2008. mklink.exe or fsutil.exe

[D:\iso]dir Kal*
 Volume in drive D is Data
 Volume Serial Number is 7C54-0C6C

 Directory of D:\iso
20.11.2013  08:35   2.525.937.664  kali-linux-1.0.5-amd64.iso

Note: If you are usally working with the penguin OS, the parameters are swapped to the ln command. First the link and then the target.

D:\iso>mklink /h d:\iso\Kali-Linux-current.iso d:\iso\kali-linux-1.0.5-amd64.iso
Hardlink created for d:\iso\Kali-Linux-current.iso <<===>> d:\iso\kali-linux-1.0.5-amd64.iso

or

D:\iso>fsutil hardlink create d:\iso\Kali-Linux-current.iso d:\iso\kali-linux-1.0.5-amd64.iso
Hardlink created for d:\iso\Kali-Linux-current.iso <<===>> d:\iso\kali-linux-1.0.5-amd64.iso

it seems there are 2 files, each with a size of 2.3GB. But in fact the file is stored only once!

[D:\iso]dir Kal*
 Volume in drive D is Data
 Volume Serial Number is 7C54-0C6C

 Directory of D:\iso
20.11.2013  08:35   2.525.937.664  kali-linux-1.0.5-amd64.iso
20.11.2013  08:35   2.525.937.664  Kali-Linux-current.iso

Deleting the hardlink

[D:\iso]del Kali-Linux-current.iso

Also the creation of a symbolic link is very easy. You can use the builtin command mklink.exe or junction.exe (Folders only) delivered by the sysinternals tool suite.

D:\iso>mklink  d:\iso\Kali-Linux-current.iso d:\iso\kali-linux-1.0.5-amd64.iso
symbolic link created for d:\iso\Kali-Linux-current.iso <<===>> d:\iso\kali-linux-1.0.5-amd64.iso
D:\iso>dir Ka*
 Volume in drive D is Data
 Volume Serial Number is 7C54-0C6C

 Directory of D:\iso

20.11.2013  08:35       2.525.937.664  kali-linux-1.0.5-amd64.iso
22.01.2014  22:57             Kali-Linux-current.iso [d:\iso\kali-linux-1.0.5-amd64.iso]

The behaviour of how symlinks are evaluated can altered by

D:\iso>fsutil behavior set SymlinkEvaluation

This lists the current settings

D:\iso>fsutil behavior query SymlinkEvaluation
Local to local symbolic links are enabled.
Local to remote symbolic links are enabled.
Remote to local symbolic links are disabled.
Remote to remote symbolic links are disabled.

If the powershell is your favourite environment, then the “Powershell community extensions” provides some command-lets for the handling of hard- and symlinks:

Get-ReparsePoint
New-Hardlink
New-Junction
Remove-ReparsePoint
New-Symlink

Get it from http://pscx.codeplex.com/.

Have a nice day.

Michael

Leave a Reply Cancel reply