IECacheList Lite
Author: Michael Curry
Date: October 27, 2004
Document Version: 1.3
Program Release Version: 1.0.2.0
Copyright (C) 2001-2004 by Exodus Development, Inc. All Rights
Reserved.
This software is available only in accordance with the terms of this license
agreement contained in License.html that was included
in the original distribution.
The current license agreement may be read online at http://www.exodus-dev.com/products/iecachelist/releases/1.0.2.0/License.html
if License.html was not included in the
distribution or cannot be located.
History
Jump to revision history.
Overview
IECacheList Lite is a utility that allows you to view the contents
of Internet Explorer's (IE) cache index.dat files for the currently logged in
user account.
Index.dat files are used by IE to manage the files that are
downloaded and stored in the temporary browser cache, and for other purposes
such as history, cookies, and other browser features.
IECacheList Lite is the 'freeware' personal edition of IECacheList
Pro, which is available for purchase from Exodus
Development, Inc. IECacheList
Pro features ability to search local and network drives for all index.dat
files, and is intended for business/commercial or forensic use. For more
information on IECacheList Pro capabilities and pricing, please visit this page:
www.exodus-dev.com/gateway.asp?cat=products&id=IECacheListPro
What's in Index.dat?
Index.dat files used by IE to track files that are stored and later used by
IE when browsing, such as cookies and temporary cached web pages, .gif and .jpeg
files, etc. These index.dat files are used to locate these files and to
determine whether the local copy is out of date.
Index.dat files contain information such as the date, time, and URL that was
visited, and a pointer to the location of the cached file associated with the
URL.
Many people have noticed that even though they have asked IE to delete cached files and history information, these index.dat files tend to
grow larger over time, and that they can accumulate lots of information about your
browsing habits even after clearing the cache and history. Some of the
reports contain more hysteria than useful information. Rather than assume
that this data accumulation is intentional, it is more likely that there are
bugs in the cache and history management code. I've noticed that the
information that remains is relatively insignificant in scope, so I cannot see
how it would benefit Microsoft to engineer this 'feature' into IE.
The
following Google search is a good place to start if you want to learn more.
http://www.google.com/search?q=index.dat+secret+OR+hidden
What does IECacheList Lite do?
IECacheList Lite inspects the currently logged in user's index.dat files, and displays any recognizable
information contained within that file. By default, it displays data from
the cache.
It can display information related to the cached files, cookies, and history
(the places you've visited). It displays the date, time and URL associated
with each record in the index.dat file.
Usage
This program is a command-line based program. That is, it is invoked
from a command prompt (or 'DOS Shell'). The output is sent to the console
window ('standard out' or 'stdout' for those who care).
In order to be useful, you may want to send the output to a file by using
the redirection operator ('>'') on the command line. This is done by
using a command similar to:
iecachelist -history > history.txt
After which, you can view the output by opening it in a text editor such as
notepad:
notepad history.txt
If you are
not familiar with console redirection, please refer to the online help for command.com
or cmd.exe, or see the following Google search:
http://www.google.com/search?q=dos+OR+command+redirection+stdout+OR+%22standard+out%22
Another option might be to 'pipe' the output to a sort utility or the more
command. The 'more' command pages the output one screen at a
time. This is done by using a command similar to:
iecachelist -his | more
The default command line string is:
-cache
Which will provide a listing of the index.dat files for the current user's IE
browser cache.
You can invoke IECacheList Lite with '-?' in order to see a summary of
available options (output in italics is generated by IECacheList Lite):
IECacheList Lite Version 1.0.2.0
Copyright (C) 2002-2004, Exodus Development, Inc. All Rights Reserved.
http://www.exodus-dev.com
Usage:
IECacheList [opt1... optn] SearchSpecification
Default arguments: -cache -history -cookies
---- Search Specifications ----
-his : Show history entries for current user.
-coo : Show cookie entries for current user.
-cac : Show cache entries for current user.
---- Other Features ----
-? : This usage info.
-locs : Show locations for local machine current user
[CSIDL_xxxx] entries.
-ver : Show program version and exit.
-v : Verbose output (show filenames in output).
Known Issues
- This version has been tested on the following systems and Internet
Explorer versions:
- Windows 98, Windows 2000, XP Pro
- Internet Explorer 5.5, 6.0
- US
English systems
- Some index.dat files may contain unexpected data; the program may report
errors similar to the following:
Error while processing record 216: offset 81152 in file Exception
ACCESS_VIOLATION (0xc0000005) at address 0x0040acc4. Skipping record...
These error messages, while annoying, should not cause any concern.
The program will continue with the next record in the file and display the
contents. In our research, the records that cause the error
message do not contain any useful information. We believe that this
problem has been resolved in most cases, but it is possible that some
index.dat files contain unexpected data.
If you encounter any of these errors, we would appreciate it if you could
report the following info using Exodus
Development's web-based contact form.
- OS version (Win95, Win98, WinXP, etc.) and service pack level
- Browser version (IE 5.5, 6.0, etc.) and service pack level
- IECacheList Lite Version (use IECacheList -v to see this)
It has come to our attention that some users are receiving the
following message when trying to run IECacheList Lite on NT 4 systems including
service pack 6 (SP6) with version 4.0 of shell32.dll:
"The procedure entry point SHGetSpecialFolderPathA could not
be located in the dynamic link library SHELL32.dll."
Apparently this occurs with Internet Explorer 4 that is the default version shipped with NT4. It may occur
even with IE 5 or later installed, due to the way that Internet Explorer's
installation works.
Microsoft's developer documentation states that version 4.71 of
SHELL32.DLL is required in order for SHGetSpecialFolderPathA to work, and
that NT 4.0 with IE 4.0 should have this version installed if the
"Desktop Update" was installed. We are
researching this issue and will issue an update as soon as possible.
If you are experiencing this problem, please check the Exodus support
forum at:
http://www.exodus-dev.com/forum
You can find specific information regarding this problem at:
http://www.exodus-dev.com/forum/topic.asp?TOPIC_ID=12
For your convenience, this information is reproduced here:
Apparently
this is due to an older version of Internet Explorer (4.0) that is the
default version installed with NT4. It may occur even with IE 5.01 and
higher installed, due to the way that Internet Explorer's installation
works (or doesn't work as the case may be.)
We recommend that you reinstall Internet Explorer, and include the
desktop (shell) enhancements in the installation (under the
"Customize" option) -- see below for more information.
Interestingly, Microsoft documents this problem in their NT4 Resource
Kit downloads page at:
http://www.microsoft.com/technet/prodtechnol/winntas/downloads/nt4sp4rk.mspx
quote:
"The procedure entry point SHGetSpecialFolderPathA could not be
located in Dynamic Link Library Shell32.dll"
This message means your Internet Explorer installation is
corrupt, or IE was not installed on your computer. To remedy this, you
must install or reinstall Internet Explorer and then restart the
Microsoft Windows NT 4.0 Resource Kit Support Tools setup program.
If you are experiencing this problem, please follow Microsoft's
recommended fix outlined in the above quote.
Background information:
Microsoft's developer documentation states that version 4.71 of
SHELL32.DLL is required in order for SHGetSpecialFolderPathA to work,
and that NT 4.0 with IE 4.0 should have this version installed.
Apparently, IECacheList Lite is not the only software to suffer from this
problem. See this google
search.
| Date |
Version |
Description |
| 2004.10.27 |
1.0.2.0 |
IECacheList Lite release fixes numerous bug
fixes. Simplified usage - works only with currently logged-in
user's index.dat files. |
| 2003.02.06 |
1.0.1.95 |
Fixed ACCESS_VIOLATION errors on XP systems,
when invoked with -? or -ver options |
| 2003.01.04 |
1.0.1.65 |
Fixed ACCESS_VIOLATION errors in known cases.
Added ability to search recursively starting with a symbolic loc name (CSIDL_XXX).
Added date and time output prefix on URL output.
Now decodes '%xx' encoded URLs for improved readability. |
| 2002.12.04 |
1.0.0.35 |
Fixed typos in usage info |
| 2002.11.20 |
1.0.0.29 |
Changed default options; fixed usage info -? handling |