| position | byte | type | description |
|---|---|---|---|
| ( 0) | 0x0000 | "cf ad 12 fe" Equal for all dbx files | |
| ( 1) | 0x0004 | m : "c5 fd 74 6f" CLSID_MessageDatabase f : "c6 fd 74 6f" CLSID_FolderDatabase ( Pop3uidl = "c7 fd 74 6f" / Offline = "30 9d fe 26") | |
| ( 2) | 0x0008 | "66 e3 d1 11 9a 4e 00 c0 4f a3 09 d4 05 00 00 00 05 00 00 00" | |
| ( 7) | 0x001c | int4 | The length of the file info object |
| ( 9) | 0x0024 | int4 | pointer to the last variable segment |
| ( a) | 0x0028 | int4 | length of a variable segment (0xc000) |
| ( b) | 0x002c | int4 | used space of the last variable segment |
| ( c) | 0x0030 | int4 | pointer to the last tree segment |
| ( d) | 0x0034 | int4 | length of a tree segment (0x3e1c) |
| ( e) | 0x0038 | int4 | used space of the last tree segment |
| ( f) | 0x003c | int4 | m : pointer to the last message segment |
| (10) | 0x0040 | int4 | m : length of a message segment (0xf780) |
| (11) | 0x0044 | int4 | m : used space of the last message segment |
| (12) | 0x0048 | int4 | m : root pointer to the deleted message list |
| (13) | 0x004c | int4 | root pointer to the deleted tree list |
| (15) | 0x0054 | int4 | used space in the middle sector of the file |
| (16) | 0x0058 | int4 | reusabel space in the middle sector of the file |
| (17) | 0x005c | int4 | index of the last entry in the tree |
| (19) | 0x0064 | "01 00 00 00" | |
| (1a) | 0x0068 | f : "01 00 00 00" | |
| (1b) | 0x006c | f : pointer to the first folder list node | |
| (1c) | 0x0070 | f : pointer to the last folder list node | |
| (1d) | 0x0074 | f : "03 00 00 00" | |
| (1e) | 0x0078 | f : "02 00 00 00" | |
| (1f) | 0x007c | int4 | used space of the file. (length of the first and the middle sector) |
| (20) | 0x0080 | m : "02 00 00 00" f : "03 00 00 00" | |
| (22) | 0x0088 | int4 | m : pointer to the message conditions object |
| (23) | 0x008c | int4 | f : pointer to the folder conditions object |
| (31) | 0x00c4 | int4 | entries in tree (39) |
| (32) | 0x00c8 | int4 | entries in tree (3a) |
| (33) | 0x00cc | int4 | f : entries in tree (3b) |
| (39) | 0x00e4 | int4 | pointer to the root node of a tree all entries are sorted by there index m : points to all message info objects f : points to all folder info objects |
| (3a) | 0x00e8 | int4 | pointer to the root node of a tree m : points to all watched or ignored message info objects f : points to the same folder info objects like (39) sorted by there parent folders index followed by there name |
| (3b) | 0x00ec | int4 | f : pointer to the root node of a tree. points to all activ subfolders of "Outlook Express". this are the folders you can see in OE on the folders pane. sorted like the tree in(3a) |
| (42) | 0x0108 | "01 00 00 00" | |
| (43) | 0x010c | f : "02 00 00 00" | |
| (9f) | 0x027c | int4 | used space for indexed info objects m : message info f : folder info |
| (a0) | 0x0280 | int4 | used space for conditions objects m : 0x50 message conditions f : 0x2c folder conditions |
| (a2) | 0x0288 | int4 | f : used space for folder list objects |
| (a3) | 0x028c | int4 | used space for tree objects |
| (a4) | 0x0290 | int4 | m : used space for message objects |
| => (15)-(16) = (9f)+(a0)+(a2)+(a3)+(a4) | |||
| (a7) . . . | 0x029c . . . | From 0x29c follows a segment with a length of 0x2000 bytes. Each int4 value points to a single linked list of deleted objects from the variable segments. The objects in each list have the same size : address of the pointer - 0x29c | |
| And at the end I found some values | |||
| 0x22bc | "01 00 00 00" | ||
| 0x22ec | "00 00 02 00" | ||
| 0x22f0 | m : "07 00 00 00" f : "01 00 00 00 00 00 02 05" | ||
| 0x2320 | f : "02 00 01 00 .. .. .. .. 02 05 00 00" | ||
| 0x244c | "68 00 00 00" | ||
01-16
1779
1779
04-02
1万+
1万+
06-06
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
