Author Topic: Find out when your file extensions were created  (Read 1997 times)

jj2007

  • Member
  • *****
  • Posts: 7446
  • Assembler is fun ;-)
    • MasmBasic
Find out when your file extensions were created
« on: January 28, 2015, 10:03:11 AM »
When testing code for the file association thread, I stumbled over some really weird extensions in the registry, such as

.bejeweled2deluxeSavedGame
.jewelmatch3SavedGame

Before asking nasty questions to certain persons who had access to my puter, I hacked together this little app:

include \masm32\MasmBasic\MasmBasic.inc      ; download
  Init
  PrintLine 'HKCR entries containing the string "SavedGame":'
  GetRegKeyArray "HKCR", ext$(), LastMod()
  For_ ecx=0 To eax-1
      .if Instr_(ext$(ecx), "SavedGame")
            .if Instr_(ext$(ecx), ".")      ; skip the handlers, extensions only
                        PrintLine Str$("#%____i  ", ecx),\
                          Str$("%0i.", LastMod(ecx, wDay)),\
                          Str$("%0i.", LastMod(ecx, wMonth)),\
                          Str$("%i, ", LastMod(ecx, wYear)),\
                          Str$("%0i:", LastMod(ecx, wHour)),\
                          Str$("%0i  ", LastMod(ecx, wMinute)),\
                          ext$(ecx)
            .endif
      .endif
  Next
  Exit
end start

Output:
HKCR entries containing the string "SavedGame":
#   26  14.10.2011, 03:27  .agathachristiedeathnileSavedGame
#   61  14.10.2011, 03:28  .bejeweled2deluxeSavedGame
#   85  14.10.2011, 03:28  .chuzzledeluxeSavedGame
#   98  14.10.2011, 03:28  .crazychickenkart2SavedGame
... etc ...
The dates made "certain persons" look innocent, and they coincide roughly with the period when I bought this notebook. On further investigation, it turns out that Acer installs this crap - online games, initially free, but when users get hooked, you can imagine that this will change.

dedndave

  • Member
  • *****
  • Posts: 8733
  • Still using Abacus 2.0
    • DednDave
Re: Find out when your file extensions were created
« Reply #1 on: January 28, 2015, 11:12:54 AM »
just so you know - BeJeweled is a harmless game
my mom and sister both play it   :P
as far as i know, no ad-ware with it

FORTRANS

  • Member
  • ****
  • Posts: 941
Re: Find out when your file extensions were created
« Reply #2 on: January 29, 2015, 12:31:57 AM »
Hi,

   My brother bought Bejeweled 3 for my mother.  Mom and most
of the rest of us enjoy the game(s).

Cheers,

Steve N.

jj2007

  • Member
  • *****
  • Posts: 7446
  • Assembler is fun ;-)
    • MasmBasic
Re: Find out when your file extensions were created
« Reply #3 on: January 29, 2015, 12:45:39 AM »
Dave & Steve: thanks. It is just that I felt my registry was hijacked by some unknown potentially malicious software. They could choose one common three-letter extension, though, like everybody else 8)

anunitu

  • Member
  • ****
  • Posts: 887
Re: Find out when your file extensions were created
« Reply #4 on: January 29, 2015, 12:50:11 AM »
There was a program(Do not remember its name) that could list all extensions and their respective programs,that would also let you reassign the extensions to other programs. It was nice if you wanted two programs to access one of them(Like notepad to look inside) so you kinda knew what it was used for.

Here from Nirsoft(One of my very favorite source)

http://www.nirsoft.net/utils/file_types_manager.html

There is now a menu program to access all of his programs

http://launcher.nirsoft.net/utilities_list.html

I use his programs a LOT..interesting verity also..

dedndave

  • Member
  • *****
  • Posts: 8733
  • Still using Abacus 2.0
    • DednDave
Re: Find out when your file extensions were created
« Reply #5 on: January 29, 2015, 04:43:04 AM »
when a new association is created, the first thing you want to do is to see if it already exists
i.e., you want the file extension to be unique
this is why the long extension - you can imagine how difficult it might be to come up with one that's unique   :biggrin:

creating one association on your own machine is very different from doing so programmatically

i would give a few pointers....

first, the registry entries are either private (per user name) or public (machine-wide)
generally, best to make it public if you want to avoid potential conflicts

the registry is deeply layered in virtualization
to examine entries, read from the HKCR hive - this gives you the layered view
to create them, write to HKLM\SOFTWARE\Classes (public) or HKCU\Software\Classes (private)
this is the source from which the layered view is created
there are other sources, if a user decides to get into "hardware profiles"
most users have one hardware profile   :P

finally, when you read the documentation, you will see the term, "ProgID"
this is a poorly selected abbreviation for "programmatic identifer" - not "program ID"   :P
that will help reduce the confusion factor - lol