Difference between pages "Windows Job File Format" and "User talk:Onager"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(variable-length section)
 
m (Welcome!)
 
Line 1: Line 1:
{{expand}}
+
'''Welcome to ''ForensicsWiki''!'''
 
+
We hope you will contribute much and well.
== Overview ==
+
You will probably want to read the [[https://www.mediawiki.org/wiki/Special:MyLanguage/Help:Contents|help pages]].
On [[Windows]] a .JOB file specifies task configuration. A .JOB file consists of two main sections, fixed-length and variable-length.
+
Again, welcome and have fun! [[User:.FUF|.FUF]] ([[User talk:.FUF|talk]]) 17:34, 7 July 2014 (EDT)
 
+
=== fixed-length section ===
+
 
+
The fixed-length section is 68 bytes in size and consists of:
+
{| class="wikitable"
+
|-
+
! offset
+
! size
+
! value
+
! description
+
|-
+
| 0
+
| 2
+
|
+
| Product version
+
|-
+
| 2
+
| 2
+
|
+
| File version
+
|-
+
| 4
+
| 16
+
|
+
| Job UUID (or GUID)
+
|-
+
| 20
+
| 2
+
|
+
| Application name size offset <br> The offset is relative from the start of the file.
+
|-
+
| 22
+
| 2
+
|
+
| Trigger offset <br> The offset is relative from the start of the file.
+
|-
+
| 24
+
| 2
+
|
+
| Error Retry Count
+
|-
+
| 26
+
| 2
+
|
+
| Error Retry Interval
+
|-
+
| 28
+
| 2
+
|
+
| Idle Deadline
+
|-
+
| 30
+
| 2
+
|
+
| Idle Wait
+
|-
+
| 32
+
| 4
+
|
+
| Priority
+
|-
+
| 36
+
| 4
+
|
+
| Maximum Run Time
+
|-
+
| 40
+
| 4
+
|
+
| Exit Code
+
|-
+
| 44
+
| 4
+
|
+
| Status
+
|-
+
| 48
+
| 4
+
|
+
| Flags
+
|-
+
| 52
+
| 16
+
|
+
| Last run time <br> Consists of a SYSTEMTIME
+
|}
+
 
+
==== SYSTEMTIME ====
+
{| class="wikitable"
+
|-
+
! offset
+
! size
+
! value
+
! description
+
|-
+
| 0
+
| 2
+
|
+
| Year
+
|-
+
| 2
+
| 2
+
|
+
| Month
+
|-
+
| 4
+
| 2
+
|
+
| Weekday
+
|-
+
| 6
+
| 2
+
|
+
| Day
+
|-
+
| 8
+
| 2
+
|
+
| Hour
+
|-
+
| 10
+
| 2
+
|
+
| Minute
+
|-
+
| 12
+
| 2
+
|
+
| Second
+
|-
+
| 14
+
| 2
+
|
+
| Milli second
+
|}
+
 
+
==== Priority ====
+
{| class="wikitable"
+
|-
+
! Value
+
! Identifier
+
! Description
+
|-
+
| 0x00800000
+
| REALTIME_PRIORITY_CLASS
+
| The task can run at the highest possible priority. The threads of a real-time priority class process preempt the threads of all other processes, including operating system processes performing important tasks.
+
|-
+
| 0x01000000
+
| HIGH_PRIORITY_CLASS
+
| The task performs time-critical tasks that can be executed immediately for it to run correctly. The threads of a high-priority class process preempt the threads of normal or idle priority class processes.
+
|-
+
| 0x02000000
+
| IDLE_PRIORITY_CLASS
+
| The task can run in a process whose threads run only when the machine is idle, and are preempted by the threads of any process running in a higher priority class.
+
|-
+
| 0x04000000
+
| NORMAL_PRIORITY_CLASS
+
| The task has no special scheduling requirements.
+
|}
+
 
+
==== Status ====
+
{| class="wikitable"
+
|-
+
! Value
+
! Identifier
+
! Description
+
|-
+
| 0x00041300
+
| SCHED_S_TASK_READY
+
| Task is not running but is scheduled to run at some time in the future.
+
|-
+
| 0x00041301
+
| SCHED_S_TASK_RUNNING
+
| Task is currently running.
+
|-
+
| 0x00041305
+
| SCHED_S_TASK_NOT_SCHEDULED
+
| The task is not running and has no valid triggers.
+
|}
+
 
+
==== Flags ====
+
See: [http://msdn.microsoft.com/en-us/library/cc248283.aspx Flags]
+
 
+
=== variable-length section ===
+
The variable-length section contains the following values:
+
* Running Instance Count
+
* Application Name
+
* Parameters
+
* Working Directory
+
* Author
+
* Comment
+
* User Data
+
* Reserved Data
+
* Triggers
+
* Job Signature
+
 
+
== See Also ==
+
* [[Windows]]
+
 
+
== External Links ==
+
* [http://msdn.microsoft.com/en-us/library/cc248285.aspx .JOB File Format], by [[Microsoft]]
+
 
+
[[Category:File Formats]]
+

Latest revision as of 16:34, 7 July 2014

Welcome to ForensicsWiki! We hope you will contribute much and well. You will probably want to read the [pages]. Again, welcome and have fun! .FUF (talk) 17:34, 7 July 2014 (EDT)