Monday, May 15, 2017

The Windows CloudStore

Windows stores some desktop/shell-related settings in this Registry section:


Each subkey is one setting. After the first dollar sign in the subkey name is a GUID for the object, or nothing if there can be only one of that type. After the second dollar sign is the object's type. For example, there are tons of but only one Inside that key is a Current subkey, which has a single value: Data, of the binary type.

It appers that the first four bytes of that data are always 02 00 00 00, perhaps a version signature. Then the next eight bytes are the last-modified time as a FILETIME. Then there are four more zero bytes. After that, it gets into type-specific data, which I have not yet managed to figure out.

No comments:

Post a Comment