Difference between pages "User:Abelcheung" and "Windows Job File Format"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(My info)
 
(Priority)
 
Line 1: Line 1:
== Personal Info ==
+
{{expand}}
Blog: http://me.abelcheung.org/
+
  
 +
== Overview ==
 +
On [[Windows]] a .JOB file specifies task configuration. A .JOB file consists of two main sections, fixed-length and variable-length.
  
== License ==
+
=== fixed-length section ===
  
I hereby license all my contributions to this wiki (since 2008-03-11) under the [http://creativecommons.org/licenses/by-sa/2.5/ Creative Commons Attribution-ShareAlike 2.5] license.
+
The fixed-length section is 68 bytes in size and consists of:
 +
{| class="wikitable"
 +
|-
 +
! offset
 +
! size
 +
! value
 +
! description
 +
|-
 +
| 0
 +
| 2
 +
|
 +
| Product version
 +
|-
 +
| 2
 +
| 2
 +
|
 +
| File version
 +
|-
 +
| 4
 +
| 16
 +
|
 +
| Job UUID (or GUID)
 +
|-
 +
| 20
 +
| 2
 +
|
 +
| Application name size offset <br> The offset is relative from the start of the file.
 +
|-
 +
| 22
 +
| 2
 +
|
 +
| Trigger offset <br> The offset is relative from the start of the file.
 +
|-
 +
| 24
 +
| 2
 +
|
 +
| Error Retry Count
 +
|-
 +
| 26
 +
| 2
 +
|
 +
| Error Retry Interval
 +
|-
 +
| 28
 +
| 2
 +
|
 +
| Idle Deadline
 +
|-
 +
| 30
 +
| 2
 +
|
 +
| Idle Wait
 +
|-
 +
| 32
 +
| 4
 +
|
 +
| Priority
 +
|-
 +
| 36
 +
| 4
 +
|
 +
| Maximum Run Time
 +
|-
 +
| 40
 +
| 4
 +
|
 +
| Exit Code
 +
|-
 +
| 44
 +
| 4
 +
|
 +
| Status
 +
|-
 +
| 48
 +
| 4
 +
|
 +
| Flags
 +
|-
 +
| 52
 +
| 16
 +
|
 +
| Last run time <br> Consists of a SYSTEMTIME
 +
|}
 +
 
 +
==== SYSTEMTIME ====
 +
{| class="wikitable"
 +
|-
 +
! offset
 +
! size
 +
! value
 +
! description
 +
|-
 +
| 0
 +
| 2
 +
|
 +
| Year
 +
|-
 +
| 2
 +
| 2
 +
|
 +
| Month
 +
|-
 +
| 4
 +
| 2
 +
|
 +
| Weekday
 +
|-
 +
| 6
 +
| 2
 +
|
 +
| Day
 +
|-
 +
| 8
 +
| 2
 +
|
 +
| Hour
 +
|-
 +
| 10
 +
| 2
 +
|
 +
| Minute
 +
|-
 +
| 12
 +
| 2
 +
|
 +
| Second
 +
|-
 +
| 14
 +
| 2
 +
|
 +
| Milli second
 +
|}
 +
 
 +
==== Priority ====
 +
{| class="wikitable"
 +
|-
 +
! Value
 +
! Identifier
 +
! Description
 +
|-
 +
| 0x00800000
 +
| REALTIME_PRIORITY_CLASS
 +
| The task can run at the highest possible priority. The threads of a real-time priority class process preempt the threads of all other processes, including operating system processes performing important tasks.
 +
|-
 +
| 0x01000000
 +
| HIGH_PRIORITY_CLASS
 +
| The task performs time-critical tasks that can be executed immediately for it to run correctly. The threads of a high-priority class process preempt the threads of normal or idle priority class processes.
 +
|-
 +
| 0x02000000
 +
| IDLE_PRIORITY_CLASS
 +
| The task can run in a process whose threads run only when the machine is idle, and are preempted by the threads of any process running in a higher priority class.
 +
|-
 +
| 0x04000000
 +
| NORMAL_PRIORITY_CLASS
 +
| The task has no special scheduling requirements.
 +
|}
 +
 
 +
==== Status ====
 +
{| class="wikitable"
 +
|-
 +
! Value
 +
! Identifier
 +
! Description
 +
|-
 +
| 0x00041300
 +
| SCHED_S_TASK_READY
 +
| Task is not running but is scheduled to run at some time in the future.
 +
|-
 +
| 0x00041301
 +
| SCHED_S_TASK_RUNNING
 +
| Task is currently running.
 +
|-
 +
| 0x00041305
 +
| SCHED_S_TASK_NOT_SCHEDULED
 +
| The task is not running and has no valid triggers.
 +
|}
 +
 
 +
=== variable-length section ===
 +
 
 +
== See Also ==
 +
* [[Windows]]
 +
 
 +
== External Links ==
 +
* [http://msdn.microsoft.com/en-us/library/cc248285.aspx .JOB File Format], by [[Microsoft]],
 +
 
 +
[[Category:File Formats]]

Revision as of 11:39, 5 July 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Overview

On Windows a .JOB file specifies task configuration. A .JOB file consists of two main sections, fixed-length and variable-length.

fixed-length section

The fixed-length section is 68 bytes in size and consists of:

offset size value description
0 2 Product version
2 2 File version
4 16 Job UUID (or GUID)
20 2 Application name size offset
The offset is relative from the start of the file.
22 2 Trigger offset
The offset is relative from the start of the file.
24 2 Error Retry Count
26 2 Error Retry Interval
28 2 Idle Deadline
30 2 Idle Wait
32 4 Priority
36 4 Maximum Run Time
40 4 Exit Code
44 4 Status
48 4 Flags
52 16 Last run time
Consists of a SYSTEMTIME

SYSTEMTIME

offset size value description
0 2 Year
2 2 Month
4 2 Weekday
6 2 Day
8 2 Hour
10 2 Minute
12 2 Second
14 2 Milli second

Priority

Value Identifier Description
0x00800000 REALTIME_PRIORITY_CLASS The task can run at the highest possible priority. The threads of a real-time priority class process preempt the threads of all other processes, including operating system processes performing important tasks.
0x01000000 HIGH_PRIORITY_CLASS The task performs time-critical tasks that can be executed immediately for it to run correctly. The threads of a high-priority class process preempt the threads of normal or idle priority class processes.
0x02000000 IDLE_PRIORITY_CLASS The task can run in a process whose threads run only when the machine is idle, and are preempted by the threads of any process running in a higher priority class.
0x04000000 NORMAL_PRIORITY_CLASS The task has no special scheduling requirements.

Status

Value Identifier Description
0x00041300 SCHED_S_TASK_READY Task is not running but is scheduled to run at some time in the future.
0x00041301 SCHED_S_TASK_RUNNING Task is currently running.
0x00041305 SCHED_S_TASK_NOT_SCHEDULED The task is not running and has no valid triggers.

variable-length section

See Also

External Links