¡¡(some of) windows 95 find file by edward blake ([email protected])
it took a while to find some miminal information about the windows95 file
find format. this shows some of the basics of this file structure. i am not
very good at analyzing file formats, so the information here could be sligthly
inacurate. i was only able to successfully get the basic format of a file
which doesn't have results saved. if the information is not too understandable,
the appendix shows the decimal values of what i used to try to understand the
format.
---------------------
basic structure for non-stored entry format:
[header 32 bytes]
[token variable length]
[token variable length]
[token variable length]
.
.
[5 nulls (byte value=0) ]
a usual findfile file (without saving entries, only search by filename)
has this structure
[header]
[55 header - searched filename]
[48 header - where is searched (c:\ for example)]
[55 header - 17 value is "0"]
[5 nulls]
----------------------
the header:
the header of the windows 95 file find format has something like this:
byte 1 signature1, set to 68
byte 2 signature2, set to 70
byte 3 signature3? set to 3
byte 4 null
byte 5 flags1
byte 6 flags2
byte 7 null
byte 8 null
byte 9 reserved? set to 255
byte 10 reserved? set to 255
byte 11 reserved? set to 16
byte 12 null
byte 13 32
byte 14 null
byte 15 null
byte 16 null
byte 17 number of tokens (i believe) (both 55 and 48 types)
byte 18 null
byte 19 null
byte 20 null
byte 21 i don't have a single clue what this is
byte 22 null
byte 23 null
byte 24 null
byte 25 reserved? set to 255
byte 26 reserved? set to 255
byte 27 reserved? set to 255
byte 28 reserved? set to 255
byte 29 iconstate
byte 30 null
byte 31 null
byte 32 null
notes:
flags1 switchs:
+1 = controls including\not including subdirectories
+8 = case sensitive
flags2 switchs:
+16 = ?
+1 = store entries
iconstate switchs:
=1 = large icons
=2 = small icons
=3 = listing
=4 = details
there seem to be two types of tokens, one with 55 in the middle, and the other
having 48 in the middle. i could only find one value for the 48 type token.
[ x 55 y 0 <stream of bytes> 0 ]
x 16 = filename searched
17 = include subdirectories?
32 = registered file type searched for
33 = text searched within file
57 = search by date-1
55 = search by date-2
53 = search by date-3
34 = at least\most
y number of bytes plus null in string
handling data in stream of bytes
for x:
16 ascii text
17 ascii text
one character: "0" = include subdirectories
"1" = not include subdirectories
32 ascii text
33 ascii text
57 <unknown>
58 ascii values: ex. "50" = 50
59 ascii values: ex. "50" = 50
34 ascii values:
first character: "1" = at least
"2" = at most
(space)
at least\most value in ascii (divide by 1024 to get in k)
[ x 48 y 0 <stream of text> 0 ]
x 2 = where to search
y number of bytes plus null in string
---------
appendix:
---------
files named winfile (not include subs) - z2
files of type adobeacrobat named winfile - z3
files of type adobeacrobat named winfile (not include subs) - z4
files named winfile with hello within - z5
files named winfile (with at least 200k) - z6
files named winfile (with at most 200k) - z7
files named winfile (created\modified opt 1) - z8
files named winfile (created\modified opt 2) - z9
files named winfile (created\modified opt 3) - z10
files named winfile (created\modified opt 2-10) - z11
files named winfile (created\modified opt 3-10) - z12
files named winfile (case sensitive) - z13
files named winfile (view as large icons) - z14
files named wed (bitmap files) - z15
files named winfile (stored entries) - z16
df���
|