DEV Community

Excalibra
Excalibra

Posted on

IE Browser Compatibility View Settings Data Analysis

#ie #browser #analysis #compatability

Parsing Data for IE Browser Compatibility View Settings

Compatibility View Settings Registry Location:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData\UserFilter

Data Type:

REG_BINARY

Data Structure:

1. Data Header:

  • 8-byte prefix (fixed value: 411F00005308ADBA)
  • 4-byte URL count (stored in little-endian format)
  • 4-byte data segment length (includes its own length of 4 bytes, stored in little-endian format)
  • 4-byte separator (fixed value: 01000000)
  • 4-byte URL count (stored in little-endian format)

2. Data Body (repeats per URL):

  • 4-byte separator (fixed value: 0C000000)
  • 8-byte timestamp
  • 4-byte separator (fixed value: 01000000)
  • 2-byte URL length (stored in little-endian format)
  • URL string (encoded in Little-Endian UTF-16)

Example:

Command to Query the Registry: 

reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData" /v UserFilter
Enter fullscreen mode Exit fullscreen mode

Example Output: 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData
    UserFilter    REG_BINARY    411F00005308ADBA020000005C00000001000000020000000C00000034D173F7D675D801010000000900620061006900640075002E0063006F006D000C0000008F115EDCD775D801010000000D00310030002E003200330037002E003200300035002E0033003500
Enter fullscreen mode Exit fullscreen mode

Parsing the Example Data:

1. Data Header:

  • 411F00005308ADBA: 8-byte prefix (fixed value)
  • 02000000: 4-byte URL count (2 URLs, stored in little-endian)
  • 5C000000: 4-byte data segment length (92 bytes, including its own 4-byte length, stored in little-endian)
  • 01000000: 4-byte separator (fixed value)
  • 02000000: 4-byte URL count (2 URLs, stored in little-endian)

2. Data Body (repeats for each URL):

  • URL 1:

    • 0C000000: 4-byte separator (fixed value)
    • 34D173F7D675D801: 8-byte timestamp
    • 01000000: 4-byte separator (fixed value)
    • 0900: 2-byte URL length (9 characters, stored in little-endian)
    • 620061006900640075002E0063006F006D00: URL string (baidu.com, encoded in Little-Endian UTF-16)

  • URL 2:

    • 0C000000: 4-byte separator (fixed value)
    • 8F115EDCD775D801: 8-byte timestamp
    • 01000000: 4-byte separator (fixed value)
    • 0D00: 2-byte URL length (13 characters, stored in little-endian) 310030002E003200330037002E003200300035002E0033003500: URL string (10.237.205.35, encoded in Little-Endian UTF-16)

Top comments (0)

Read next

ben profile image

Oldie but goodie

Ben Halpern -

anmolbaranwal profile image

The Tech Stack for Building AI Apps in 2025

Anmol Baranwal -

abubakersiddique761 profile image

How to Build, Sell, and Market Apps That Actually Make Money

Abubaker Siddique -

astrodevil profile image

5 Must-Know Open-Source Tools for DevOps and MLOps Developers🔥🚀

Astrodevil -