I know that to display alternate data streams of all the files (if any) in command prompt, this is the command dir /R. But, how do I do it if I only want to display files that have alternate data streams?
Asked
Active
Viewed 2.1k times
17
npocmaka
- 55,367
- 18
- 148
- 187
csharpnewbie
- 421
- 1
- 9
- 18
-
Put it in a for loop batch. – Endoro May 02 '13 at 16:15
-
what do you mean by put in for loop? because dir /R displays all files, regardless of them having ADS or not. I'm asking if there is a way to only show the files that have ADS, if possible, output them to a text file. – csharpnewbie May 09 '13 at 08:53
-
Can you use "streams" from Microsoft Sysexternals? – Endoro May 09 '13 at 09:37
-
erm i need the command in command prompt, can't use any other programs :/ – csharpnewbie May 09 '13 at 10:35
-
1"Streams" is a command line tool, for use on the command prompt. – Endoro May 09 '13 at 10:57
1 Answers
22
dir /s /r | findstr /e ":$DATA"
or
dir /r | findstr /e ":$DATA"
the first will search in all sub-directories.The second only in current folder. These will show also the ADS assigned to the directory.For only files:
dir /a-d /s /r | findstr /e ":$DATA"
npocmaka
- 55,367
- 18
- 148
- 187
-
What if the alternate stream is named something other than ":$DATA"? What about ":HIDDEN" or ":MALWARE", etc.? – Jim JR Harris Apr 01 '23 at 15:34
-
@JimJRHarris - try this: `(echo #>:ads) && (dir /r /s)` - all alternate data streams end with `$DATA` when dir command is used. – npocmaka Apr 01 '23 at 18:56