Login/Register
(why) is FSCTL_SET_OBJECT_ID dangerous?
Asked Answered
windowsfilesystemsntfs
L

2

10

NTFS files can have object ids. These ids can be set using FSCTL_SET_OBJECT_ID. However, the msdn article says:

Modifying an object identifier can result in the loss of data from portions of a file, up to and including entire volumes of data.

But it doesn't go into any more detail. How can this result in loss of data? Is it talking about potential object id collisions in the file system, and does NTFS rely on them in some way?

Side node: I did some experimenting with this before I found that paragraph, and set the object id's of some newly created files, here's hoping that my file system's still intact.

Larrabee answered 9/1, 2015 at 23:20 Comment(3)
Puzzling indeed, particularly since it goes on to say that you can't modify an object identifier anyway. (Setting an object identifier on an object that doesn't already have one is not a modification, at least not in the normal sense of the word.)Limousin
They are used by the Distributed Link Tracking service. Which helps to keep track of files when they move from one machine to another, matters in large enterprise networks. Or on your desktop when you move the executable file referenced by a desktop shortcut. Scary language was surely meant to give Microsoft Support a way to get you off the phone when your code makes important corporate documents unfindable :)Pretender
DLTS is not the only service that might use these IDs as an identity, a primary key. I imagine that modifying the primary key of an entity in a database application would have effects that depend on who is doing what with those primary key values. The same goes for NTFS. An intentionally generated file ID collision between a large file, and a zero byte file with a newer timestamp, would be the obvious "loss of data" case.Chyou
I
1

I really don't think this can directly result in loss of data.

The only way I can imagine it being possible is if e.g. a backup program assumes that (1) every file has an Object Id, and (2) that the program is keeping track of all IDs at all times. In that case it might assume that an ID that is not in its database must refer to a file that should not exist, and it might delete the file.

Yeah, I know it sounds ridiculous, but that's the only way I can think of in which this might happen. I don't think you can lose data just by changing IDs.

Inventor answered 22/1, 2015 at 6:58 Comment(3)
As the commenters have pointed out, they are used by some Windows services and technologies, just maybe not the ones active on your box.Chyou
@WarrenP: Are you sure those "object IDs" are the same as these? I feel like they're totally unrelated.Inventor
@WarrenP I agree with Mehrdad on this, seen from the comments so far, the only service that definitely uses file object ids is the distributed link tracking service.Larrabee
K
0

They are used by distributed link tracking service which enables client applications to track link sources that have moved. The link tracking service maintains its link to an object only by using these object identifier (ID).

So coming back to your question,

Is it talking about potential object id collisions in the file system ?

I dont think so. Windows does provides us the option to set the object IDs using FSCTL_SET_OBJECT_ID but that doesnt bring the risk of ID collision. Attempting to set an object identifier on an object that already has an object identifier will fail.

.. and does NTFS rely on them in some way?

Yes. Object identifiers are used to track files and directories. An index of all object IDs is stored on the volume. Rename, backup, and restore operations preserve object IDs. However, copy operations do not preserve object IDs, because that would violate their uniqueness.

How can this result in loss of data?

You wont get into a serious problem if you change(or rather set) object ID of user-created files(as you did). However, if a user(knowingly/unknowingly) sets object ID used by a shared object file/library, change will not be reflected as is.

Since Windows doesnt want everyone(but developers) to play with crutial library files, it issues a generic warning:

Modifying an object identifier can result in the loss of data from portions of a file, up to and including entire volumes of data.

Bottom line: Change it if you know what you are doing.

There's another msn article on distributed link tracking and object identifiers.

Hope it helps!

EDIT:

Thanks to @Mehrdad for pointing out.I didnt mean object identifiers of DLLs themselves but ones which they use internally.

OLEACC(a dll), provides the Active Accessibility runtime and manages requests from Active Accessibility clients[source]. It use OBJID_QUERYCLASSNAMEIDX object identifier [ source ]

Kath answered 22/1, 2015 at 6:21 Comment(11)
I don't think I believe your answer.Inventor
Thats what the article says, I didnt add up anything from my own. Please have a look at the msn article: msdn.microsoft.com/en-us/library/windows/desktop/… ThanksKath
The problem is I don't see the article saying anything about DLL files... and I've never heard of anyone using Object Ids to reference DLL files. (Especially hal.dll?? Do you realize how poor of an example that is?? HAL is loaded long before all this link stuff ever starts to enter the picture...)Inventor
Please indicate the part you are doubting. Also, have a look at "Remarks" section in this article: msdn.microsoft.com/en-us/library/windows/desktop/… CheersKath
I already indicated it in my previous comment, it's the stuff you wrote about DLL files.Inventor
Ah, you're right.. Sorry, my bad. Editing my answer.Kath
You're still mentioning DLL files and I'm pretty sure Object Ids are not used to reference DLL files.Inventor
@NalinChhibber I've never heard of dlls being referenced by anything other than their filenames either, do you have any references on that?Larrabee
@simonzack: It was an awful example. I've omitted it. ThanksKath
I think you're entirely missing my point. Your answer doesn't suddenly become correct just by deleting the word "DLL". DLL is just another name for "shared object file/library" which you clearly mention as the reason behind this in your answer. All you did was delete the word "DLL", which is pretty meaningless. My point is, your answer seems entirely wrong on its foundation. If you keep deleting from it to make it correct then it will become empty and won't answer the question.Inventor
OLEACC(a dll), provides the Active Accessibility runtime and manages requests from Active Accessibility clients[ msdn.microsoft.com/en-us/library/ms971310.aspx ]. It use OBJID_QUERYCLASSNAMEIDX object identifier [ msdn.microsoft.com/en-us/library/windows/desktop/… ]Kath

© 2022 - 2024 — McMap. All rights reserved.