Filter Handlers for Windows Search
Location:
HKLM\Software\Classes1
Classification:
| Criteria | Value |
|---|---|
| Permissions | Admin |
| Security context | System |
| Persistence type | Registry |
| Code type | DLL2 |
| Launch type | Automatic |
| Impact | Non-destructive |
| OS Version | All OS versions |
| Dependencies | OS only |
| Toolset | Scriptable |
Description:
Microsoft Windows Search uses filters to extract the content of items for inclusion in a full-text index. You can extend Windows Search to index new or proprietary file types by writing filters to extract the content, and property handlers to extract the properties of files.
References:
- https://docs.microsoft.com/en-us/windows/win32/search/-search-ifilter-about
- Sample open-sourced implementation
Credits:
See also:
https://twitter.com/0gtweet/status/1468548924600459267
Remarks:
-
It’s more complex. More information can be found at https://docs.microsoft.com/en-us/windows/win32/search/-search-ifilter-registering-filters ↩
-
COM ↩