![]() sites.sav - My example had nothing but the header "FDM Sites " followed by hex 00 08 38 03 00 00 00 00 00.schedules.sav - My example just had 8 null bytes.mctasks.sav - My example just had the header "FDM Media Convert Tasks", followed by hex 00 00 00 01 00 00 00 00 00.history.sav - Yet another, even shorter log file, with a different format.4 byte extension list size (little endian).4 byte download path size (little endian).Starts with the null terminated header "FDM Groups", then 11 bytes of binary data, then records of the form: groups.sav - Apppears to be intended for specifying where downloaded files of specified types are to be placed.downloads.sav - Much shorter log file, using a different file format.windows file time #2 (Presumably download end).windows file time #1 (Presumably download start).4 byte target path size (little endian).Then 8 bytes of unknown data, followed by a list of records as follows, terminated by end of file after the last record: ![]() - Log file using the following format: Starts with the null-terminated header "FDM Downloads History".dlmgrsi.sav - This is actually a short executable of some description.Here's a list of the files I found there: It uses a number of files to handle different logs and track various in-process tasks. This is a popular download management application available from The version of the application I analyzed stores its logs under 'userprofile\Application Data\Free Download Manager'. ![]() Recently I worked on a case that required I reverse engineer some file formats used by the ' Free Download Manager' application. Immediately apply the skills and techniques learned in SANS courses, ranges, and summits
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |