If the prefetch file refers to a designated 'hosting application' (an application such as MMC.EXE, DLLHOST.EXE or RUNDL元2.EXE, one that starts another process) then the hash is calculated using a hash of the executable's device path and also a hash of the command-line. If the name represents the boot process then the hash value should always be the same. This name will be followed by a hash value calculated in one of two ways. The majority of prefetch files have a file-name containing the name of the associated executable or a name representing the boot process (NTOSBOOT). Not only is the prefetch data used during system and application start-up, it is also used to optimize the disk defragmentation process. This allows the system to pre-load necessary data (from MFT records, files and folders) all in one go rather than keep returning to file system objects to read data from them again and again. Prefetch files monitor system activity during the period when the system boots and also when an application starts. It's worth noting that Windows 10 prefetch files are compressed using the Xpress+Huffman compression algorithm. Windows XP to Windows 10 file formats are supported. This EnScript is designed to parse the prefetch files created by the MS Windows Task Scheduler service.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |