erez_l wrote:
The big prblem is that I don't know exactly what is the structure of those at files and how to search inside them, because they are in the "control panel\scheduled tasks" folder.
You can easily dissect these files, MSDN has documentation on the file format.
See
2.4.1 FIXDLEN_DATA[
^] and
2.4.2 Variable-Length Data Section[
^]
You can probably skip the section 2.4.1 because it is fixed length and doesn't contain anything you are interested in.
What you might come up with is this.
It is the full code to a console application that will print the command line of every .job file.
#include <windows.h>
#include <stdio.h>
#pragma pack(push)
#pragma pack(1)
typedef struct {
WORD nProductVersion;
WORD nFileVersion;
WORD nUUID[9];
WORD nAppNameLenOffset;
WORD nTriggerOffset;
WORD nErrorRetryCount;
WORD nErrorRetryInterval;
WORD nIdleDeadline;
WORD nIdleWait;
DWORD nPriority;
DWORD nMaximumRunTime;
DWORD nExitCode;
DWORD nStatus;
DWORD nFlags;
WORD nYear;
WORD nMonth;
WORD nWeekday;
WORD nDay;
WORD nHour;
WORD nMinute;
WORD nSecond;
WORD nMilliSeconds;
} FixedLenData;
typedef struct {
WORD nLength;
wchar_t szString[];
} UnicodeString;
typedef struct {
FixedLenData *pHeader;
union {
struct {
UnicodeString *pApplicationName;
UnicodeString *pParameters;
UnicodeString *pRunningInstanceCount;
UnicodeString *pWorkingDirectory;
UnicodeString *pAuthor;
UnicodeString *pComment;
UnicodeString *pUserData;
UnicodeString *pReservedData;
UnicodeString *pTriggers;
UnicodeString *pJobSignature;
};
UnicodeString *pStrings[10];
};
} ATJobFile;
#pragma pack(pop)
ATJobFile *ReadJob(LPCSTR szFileName) {
HANDLE hFile = CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
return NULL;
}
DWORD nFileSize = SetFilePointer(hFile, 0, NULL, FILE_END);
SetFilePointer(hFile, 0, NULL, FILE_BEGIN);
BYTE *pData = new BYTE[nFileSize];
ATJobFile *pJob = new ATJobFile();
ReadFile(hFile, pData, nFileSize, &nFileSize, NULL);
CloseHandle(hFile);
pJob->pHeader = (FixedLenData *)pData;
pData += sizeof(FixedLenData);
for (int nString = 0; nString < 10; ++nString) {
pJob->pStrings[nString] = (UnicodeString *)pData;
pData += pJob->pStrings[nString]->nLength * sizeof(wchar_t) + sizeof(WORD);
}
return pJob;
}
void DestroyJob(ATJobFile *pJob) {
delete []pJob->pHeader;
delete pJob;
}
int main() {
WIN32_FIND_DATA fdSearch;
char szWinDir[MAX_PATH];
ExpandEnvironmentStrings("%WINDIR%\\Tasks", szWinDir, sizeof(szWinDir));
SetCurrentDirectory(szWinDir);
HANDLE hFind = FindFirstFile("*.job", &fdSearch);
if (hFind != INVALID_HANDLE_VALUE) {
do {
ATJobFile *pJob = ReadJob(fdSearch.cFileName);
printf("Job %s\n", fdSearch.cFileName);
if (pJob->pParameters->nLength == NULL) {
wprintf(L"%s\n\n", pJob->pApplicationName->szString);
} else {
wprintf(L"%s %s\n\n", pJob->pApplicationName->szString, pJob->pParameters->szString);
}
DestroyJob(pJob);
} while (FindNextFile(hFind, &fdSearch));
}
return 0;
}