qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Win2k-SP3

From: Piotr Krysik
Subject: Re: [Qemu-devel] Win2k-SP3
Date: Mon, 21 Jun 2004 06:05:25 -0700 (PDT)
Hi,
 
You can use
# od -t x1z edbXXXXX.log | less
It seems to be transactions log of Jet database [1]. The log, I guess, is related to database C:\WINNT\Security\Database\secedit.sdb. The database stores Local Security Policy [2].
 
I noticed that contents of all the files (except edb.log, edb00001.log and res1.log), is identical if first 32 bytes (header?) are ignored.
 
[1] http://groups.google.pl/groups?q=edb00001.log+jet&hl=pl&lr=&ie=UTF-8&inlang=pl&selm=uMKQ7RSGEHA.3456%40tk2msftngp13.phx.gbl&rnum=2
[2] http://groups.google.pl/groups?hl=pl&lr=&ie=UTF-8&inlang=pl&selm=036001c30ea8%245794ccd0%24a401280a%40phx.gbl&rnum=6
 
Brad Campbell <address@hidden> wrote:

Does anyone know what I can use to extract some information from these files?

Incidentally, the entire 2.9GB of log files compressed with gzip comes to 3.3MB.
I have put the whole shebang at http://www.wasp.net.au/~brad/win2k-logs.tgz if anyone is interested
in having a look.

Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
reply via email to
[Prev in Thread] Current Thread [Next in Thread]