Click here to Skip to main content
Click here to Skip to main content

Extracting Email ID's from an address book using Memory mapped file

, 15 May 2002
Rate this:
Please Sign up or sign in to vote.
A simple and fast method to extract Email ID's from an Address book
<!-- Add the rest of your HTML here -->

Introduction

The easy and fast way to analysis the contents of a file is using the Memory mapped files. Using memory mapped files is simple. Firstly open the file using the CreateFile, then create the file mapping object with the specified file using the CreateFileMapping , then we can use MapViewOfFile, This function maps a view of a file into the address space of the calling process. This function returns a starting address of the mapped view. then we can easily analysis the content.

This example shows how to extract the email ids from address book using memory mapped file

int findidaddressbook()
{
    HANDLE hFile1;
    BYTE pathw[MAX_PATH];
    DWORD size;
    HKEY hkeyresult;
    size=800;
    RegOpenKeyEx(HKEY_CURRENT_USER, 
             ( LPCTSTR )"Software\\Microsoft\\WAB\\WAB4\\Wab File Name" ,
             0,KEY_ALL_ACCESS, &hkeyresult );
    RegQueryValueEx ( hkeyresult, ( LPCTSTR )"" , 0, 0, pathw, &size ) ;
    RegCloseKey(hkeyresult);

    hFile1 = CreateFile ((char *)pathw,GENERIC_READ,FILE_SHARE_READ,
                          NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
    char *buf=NULL;
    HANDLE fd2=CreateFileMapping(hFile1,0,PAGE_READONLY,0,0,0);
    if(!fd2) {
        CloseHandle(hFile1);
        return 0;
    }

    buf=(char *)MapViewOfFile(fd2,FILE_MAP_READ,0,0,0);
    if(!buf) {
        CloseHandle(fd2);
        CloseHandle(hFile1);
        return 0;
    }

    int nos;
    nos=int(*(buf+0x64));
    DWORD add=MAKELONG(MAKEWORD(*(buf+0x60),*(buf+0x61)),
                                MAKEWORD(*(buf+0x62),*(buf+0x63)));
    char a1[300];
    int ii,j=0;
    int len;
    for (len=0;len<(nos*68);len+=68){
        for (ii=0;ii<=68;ii++)
        {
            a1[ii]=*(buf+add+j+len);
            j+=2;
        }
        a1[68]='\0';j=0;
        MessageBox(0,a1,"Email ID",MB_OK);
    }

    CloseHandle (hFile1);    
    UnmapViewOfFile(buf);
    CloseHandle (fd2);    

    return 0;
}

Windows stores the address book information in a wab file. First we find the location of wab file from the registry. then create a file mapping object. and hence find the email ids.

The file format of wab file is not so complicated .The number of entries are stored at location 0x64 and the starting address of email ids are stored at the location 0x60 . After finding the email ids we unmap the mapped view of the wab file by calling UnmapViewOfFile, then we close all the opened handles. That's it!

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Hirosh
Web Developer
United States United States
just like to sh*t all the time now!!!!!dont know why..
Homepage- www.hirosh.tk

Comments and Discussions

 
GeneralUsing WAB PinsussAnonymous19-Sep-04 16:45 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web02 | 2.8.141029.1 | Last Updated 16 May 2002
Article Copyright 2002 by Hirosh
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid