Programming

IE Browser Compatibility View Settings Data Analysis

Parsing Data for IE Browser Compatibility View Settings Compatibility View Settings Registry Location: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData\UserFilter Data Type: REG_BINARY Data Structure: 1. Data Header: 8-byte prefix (fixed value: 411F00005308ADBA) 4-byte URL count (stored in little-endian format) 4-byte data segment length (includes its own length of 4 bytes, stored in little-endian format) 4-byte separator (fixed value: 01000000) 4-byte URL count (stored in little-endian format) 2. Data Body (repeats per URL): 4-byte separator (fixed value: 0C000000) 8-byte timestamp 4-byte separator (fixed value: 01000000) 2-byte URL length (stored in little-endian format) URL string (encoded in Little-Endian UTF-16) Example: Command to Query the Registry: reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData" /v UserFilter Example Output: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData UserFilter REG_BINARY 411F00005308ADBA020000005C00000001000000020000000C00000034D173F7D675D801010000000900620061006900640075002E0063006F006D000C0000008F115EDCD775D801010000000D00310030002E003200330037002E003200300035002E0033003500 Parsing the Example Data: 1. Data Header: 411F00005308ADBA: 8-byte prefix (fixed value) 02000000: 4-byte URL count (2 URLs, stored in little-endian) 5C000000: 4-byte data segment length (92 bytes, including its own 4-byte length, stored in little-endian) 01000000: 4-byte separator (fixed value) 02000000: 4-byte URL count (2 URLs, stored in little-endian) 2. Data Body (repeats for each URL): URL 1: 0C000000: 4-byte separator (fixed value) 34D173F7D675D801: 8-byte timestamp 01000000: 4-byte separator (fixed value) 0900: 2-byte URL length (9 characters, stored in little-endian) 620061006900640075002E0063006F006D00: URL string (baidu.com, encoded in Little-Endian UTF-16) URL 2: 0C000000: 4-byte separator (fixed value) 8F115EDCD775D801: 8-byte timestamp 01000000: 4-byte separator (fixed value) 0D00: 2-byte URL length (13 characters, stored in little-endian) 310030002E003200330037002E003200300035002E0033003500: URL string (10.237.205.35, encoded in Little-Endian UTF-16)

Jan 23, 2025 - 10:29
 0
IE Browser Compatibility View Settings Data Analysis

Parsing Data for IE Browser Compatibility View Settings

Compatibility View Settings Registry Location:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData\UserFilter

Data Type:

REG_BINARY

Data Structure:

1. Data Header:

  • 8-byte prefix (fixed value: 411F00005308ADBA)
  • 4-byte URL count (stored in little-endian format)
  • 4-byte data segment length (includes its own length of 4 bytes, stored in little-endian format)
  • 4-byte separator (fixed value: 01000000)
  • 4-byte URL count (stored in little-endian format)

2. Data Body (repeats per URL):

  • 4-byte separator (fixed value: 0C000000)
  • 8-byte timestamp
  • 4-byte separator (fixed value: 01000000)
  • 2-byte URL length (stored in little-endian format)
  • URL string (encoded in Little-Endian UTF-16)

Example:

Command to Query the Registry: 

reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData" /v UserFilter

Example Output: 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData
    UserFilter    REG_BINARY    411F00005308ADBA020000005C00000001000000020000000C00000034D173F7D675D801010000000900620061006900640075002E0063006F006D000C0000008F115EDCD775D801010000000D00310030002E003200330037002E003200300035002E0033003500

Parsing the Example Data:

1. Data Header:

  • 411F00005308ADBA: 8-byte prefix (fixed value)
  • 02000000: 4-byte URL count (2 URLs, stored in little-endian)
  • 5C000000: 4-byte data segment length (92 bytes, including its own 4-byte length, stored in little-endian)
  • 01000000: 4-byte separator (fixed value)
  • 02000000: 4-byte URL count (2 URLs, stored in little-endian)

2. Data Body (repeats for each URL):

  • URL 1:

    • 0C000000: 4-byte separator (fixed value)
    • 34D173F7D675D801: 8-byte timestamp
    • 01000000: 4-byte separator (fixed value)
    • 0900: 2-byte URL length (9 characters, stored in little-endian)
    • 620061006900640075002E0063006F006D00: URL string (baidu.com, encoded in Little-Endian UTF-16)

  • URL 2:

    • 0C000000: 4-byte separator (fixed value)
    • 8F115EDCD775D801: 8-byte timestamp
    • 01000000: 4-byte separator (fixed value)
    • 0D00: 2-byte URL length (13 characters, stored in little-endian) 310030002E003200330037002E003200300035002E0033003500: URL string (10.237.205.35, encoded in Little-Endian UTF-16)
Read More

Tags:

Previous Article

Edge Computing VS Cloud Computing

Next Article

Top 5 Programming Languages to Learn in 2025.

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow

Related Posts

HTML Basics

HTML Basics

Jan 14, 2025  0

ELIZA Reborn: A Journey Through Time and Code

ELIZA Reborn: A Journey Through Time and Code

Jan 22, 2025  0

The Test Drama (The Opening Salvo): Cypress vs Playwright Installation - The Good, The Bad, and the... Bug-ly!

The Test Drama (The Opening Salvo): Cypress vs Playwrig...

Jan 22, 2025  0