Description - The basic description of the file along with our expanded details.
Key Facts from within File - This are the raw data extracted from the file. These values are created by the developer and while normally accurate, may have minor errors and/or some fields may have been left blank.
File System and OS Information - Here we show the path where the file typically resides, and other file system information such as the file size and dates. While rare (and odd), the file created date may be newer than the date modified. We surmise during production all the files in a group had the "Modified Date" reset to the same date without consideration to the original creation date. It's not normally something of concern.
We also show the environment we captured the file data from and OS. FaultWire uses clean Windows installations from files directly provided by Microsoft. The core installations have no internet access to get information prior to any updates. Update installations have very limited internet access to only allow Microsoft updates.
Security Validation - Each file is scanned to create MD5 and SHA security hashes. Identical files will have the same security hashes. This is useful to validate a file in the wild matches identically with files we've processed. It's one technique to ensure a file has not be tampered with.
Requires - This section shows required files needed to when this program runs. Keep in mind that these references may in turn require additional files, and it is possible the program requires other files not listed. If there are no required files, this section will not appear.
Additional Analysis - It may include the language it was written in, the type of file encountered and a count of programs we've identified that use this file.
Internal Resources - Many files include additional resources, such as images, dialogs, text strings and more. When resources are detected, we'll display a summary of internal resource counts, and select resources. Keep in mind that the presence of a resource does not guarantee it is actually used, as developers often forget to remove resources that are no longer used.
- Group Icons - When a file uses device independent icons (the most common type), we've extracted a single icon from each group and created a single montage showing all these icons. We always select the highest color quality available within the group. When there are less than 32 icons, we show the 32x32 size. For more than 32 icons we use the 16x16 size. Some icons are ignored - such as those with non-standard sizes and/or those without either a 32x32 or 16x16 size. Lastly, if there is only one icon, or only 2 identical icons, we ignore them, since it will appear at the top as the primary icon.
- Group Cursors - Similar to icons, we combine the cursors within a single image. We use a fixed size of 32x32 for each cursor, so if the cursor is larger, it may be clipped. Smaller cursors are show as actual size within the 32x32 space.
- Dialog Titles - Dialog resources often have a title, and when available, we'll extract it here.
- Text Inside File - The string resource is often used for text within dialogs or for output. Each resource slot can contain multiple zero terminated sub-strings. These sub-strings are shown separated with a round dot "•".
We limit each slot to a maximum of about 1000 characters. If slot exceeds 1000 characters, we append an ellipse (...) at the end. We also limit the number of slots to the first 100, which handles 99% of the files we've encountered.
Text Inside File does not include strings that may be written directly into the code, a practice that is generally discouraged, but commonly occurs. We also do some minor filtering for strange characters.
If you see ampersands within text, such as "P&roperties", it is usually a flag for Windows to mark the character after the ampersand as a hot-key. The ampersand is suppressed when Windows displays the string. In this example, Ctrl-R would be the hot-key for Properties.
If you see formatting characters, typically like %s or %d (and many others) within a string, this is a placeholder for a variable the program will insert into that spot at run-time. The format %s is typically used to insert a short string, while %d is used to display a number.
Vendor Summary- Here are the basic contact information for the vendor. In many cases the publisher information within the file is missing or wrong, in which case the FaultWire team has located the actual vendor. Click on the Vendors name for expanded information on this vendor.
Research This File - We've built an immediate search for this file. For this section, you can select different tabs to check results for the entire web, or narrow your search to Microsoft's site. You can also search Blogs, which may have a different view on the issue.