Re: Desktop files enumerated in windows user.dat?

From: Andrew Pilley (ashridahat_private)
Date: Tue Apr 23 2002 - 21:14:56 PDT

Next message: Can Erkin Acar: "Re: "ls: File too large""

Previous message: Doug.Barbinat_private: "RE: Desktop files enumerated in windows user.dat?"
In reply to: Burnette, Michael: "Desktop files enumerated in windows user.dat?"
Next in thread: Seth Arnold: "Re: Desktop files enumerated in windows user.dat?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hmm. Is it conceivable that this is a mechanism that Microsoft uses to
cache the users desktop, to achieve a faster startup? 

All it would really need to do is describe the desktops last state on
shutdown/logoff, and i wouldn't be surprised if the icons were cached in
there as well. In a networked environment, i could see how this might
add a reasonable amount of speedup, since the USER.DAT file may well
have been read already, saving quite a few file reads.

Since i don't have a windows box around to test tho, i can't really add
any more suggestions than that, but it seems like a useful optimisation
to have, like building a small index of subject lines for mailboxes, to
speed opening the mailbox, which you keep updated.

Andrew Pilley,
Junior Linux Sysadmin.

On Wed, 2002-04-24 at 06:08, Burnette, Michael wrote:
> Is anyone aware of what the file listing at the end of a Windows 98
> User.dat is?  When I open the file with a text editor I see the
> following (binary removed):
> 
> ptsscreenshot1small.gif PTSSCR~1.GIF 108 O :i +00 #C:\ 1 ( n Windows 1 (
> p Temp 1 2 o * 
> good wife's guide.jpg GOODWI~1.JPG 109 O :i +00 #C:\ 1 ( n Windows 1 ( p
> Temp ( 2 * 
> ATT00003.htm ATT00003.HTM 110 O :i +00 #C:\ 1 ( n Windows 1 ( p Temp ) 2
> t +i UW 
> Outing.jpg UWOUTI~1.JPG 111 O :i +00 #C:\ 1 ( n Windows 1 ( p Temp ( 2 t
> +i 
> ~0022115.jpg ~0022115.JPG 112 O :i +00 #C:\ 1 ( n Windows 1 ( p Temp 7 2
> -+ 
> 
> I looked at my own to compare and found the filenames in mine match my
> Windows 2000 desktop.  The binary in-between the filenames look a lot
> like file attributes although I haven't yet been able to decode the raw
> file using a DOS or W32 file time interpreter (winhex).  Notice also the
> incrementing decimal values.  There are also entries for folders on the
> desktop.  I'd be interested in knowing if anyone has a way to read this
> as a directory listing.
> 
> Thanks,
> Michael Burnette
> Rogers & Hardin LLP
> Atlanta, GA      USA

-- 
----------------------------------------------------------------------
Andrew Pilley  -   Cybersource Pty Ltd, Lvl 9, 140 Queen St. Melbourne
ashridahat_private        Ph. 9642-5997 www.cyber.com.au

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Can Erkin Acar: "Re: "ls: File too large""
Previous message: Doug.Barbinat_private: "RE: Desktop files enumerated in windows user.dat?"
In reply to: Burnette, Michael: "Desktop files enumerated in windows user.dat?"
Next in thread: Seth Arnold: "Re: Desktop files enumerated in windows user.dat?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 24 2002 - 20:23:37 PDT