Hmm. Is it conceivable that this is a mechanism that Microsoft uses to cache the users desktop, to achieve a faster startup? All it would really need to do is describe the desktops last state on shutdown/logoff, and i wouldn't be surprised if the icons were cached in there as well. In a networked environment, i could see how this might add a reasonable amount of speedup, since the USER.DAT file may well have been read already, saving quite a few file reads. Since i don't have a windows box around to test tho, i can't really add any more suggestions than that, but it seems like a useful optimisation to have, like building a small index of subject lines for mailboxes, to speed opening the mailbox, which you keep updated. Andrew Pilley, Junior Linux Sysadmin. On Wed, 2002-04-24 at 06:08, Burnette, Michael wrote: > Is anyone aware of what the file listing at the end of a Windows 98 > User.dat is? When I open the file with a text editor I see the > following (binary removed): > > ptsscreenshot1small.gif PTSSCR~1.GIF 108 O :i +00 #C:\ 1 ( n Windows 1 ( > p Temp 1 2 o * > good wife's guide.jpg GOODWI~1.JPG 109 O :i +00 #C:\ 1 ( n Windows 1 ( p > Temp ( 2 * > ATT00003.htm ATT00003.HTM 110 O :i +00 #C:\ 1 ( n Windows 1 ( p Temp ) 2 > t +i UW > Outing.jpg UWOUTI~1.JPG 111 O :i +00 #C:\ 1 ( n Windows 1 ( p Temp ( 2 t > +i > ~0022115.jpg ~0022115.JPG 112 O :i +00 #C:\ 1 ( n Windows 1 ( p Temp 7 2 > -+ > > I looked at my own to compare and found the filenames in mine match my > Windows 2000 desktop. The binary in-between the filenames look a lot > like file attributes although I haven't yet been able to decode the raw > file using a DOS or W32 file time interpreter (winhex). Notice also the > incrementing decimal values. There are also entries for folders on the > desktop. I'd be interested in knowing if anyone has a way to read this > as a directory listing. > > Thanks, > Michael Burnette > Rogers & Hardin LLP > Atlanta, GA USA -- ---------------------------------------------------------------------- Andrew Pilley - Cybersource Pty Ltd, Lvl 9, 140 Queen St. Melbourne ashridahat_private Ph. 9642-5997 www.cyber.com.au ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Apr 24 2002 - 20:23:37 PDT