olliencc/CITDB2.h Secret

## CITDB2.h
typedef struct _CIT_HEADER {
    WORD    MajorVersion;
    WORD    MinorVersion;
    DWORD   Size;                   /* Size of the entire buffer */
    FILETIME    CurrentTimeLocal;   /* Maybe the time when the saved CIT was last updated? */
    DWORD   Crc32;                  /* Crc32 of the entire buffer, skipping this field */
    DWORD   EntrySize;
    DWORD   EntryCount;
    DWORD   EntryDataOffset;
    DWORD   SystemDataSize;
    DWORD   SystemDataOffset;
    DWORD   BaseUseDataSize;
    DWORD   BaseUseDataOffset;
    FILETIME    StartTimeLocal;     /* Presumably when the aggregation started */
    FILETIME    PeriodStartLocal;   /* Presumably the starting point of the aggregation period */
    DWORD   AggregationPeriodInS;   /* Presumably the duration over which this data was gathered
                                     * Always 604800 (7 days) */
    DWORD   BitPeriodInS;           /* Presumably the amount of seconds a single bit represents
                                     * Always 3600 (1 hour) */
    DWORD   SingleBitmapSize;       /* This appears to be the sizes of the Stats buffers, always 21 */
    DWORD   _Unk0;                  /* Always 0x00000100? */
    DWORD   HeaderSize;
    DWORD   _Unk1;                  /* Always 0x00000000? */
} CIT_HEADER;

typedef struct _CIT_PERSISTED {
    DWORD   BitmapsOffset;          /* Array of Offset and Size (DWORD, DWORD) */
    DWORD   BitmapsSize;
    DWORD   SpanStatsOffset;        /* Array of Count and Duration (DWORD, DWORD) */
    DWORD   SpanStatsSize;
    DWORD   StatsOffset;            /* Array of WORD */
    DWORD   StatsSize;
} CIT_PERSISTED;

typedef struct _CIT_ENTRY {
    DWORD   ProgramDataOffset;      /* Offset to CIT_PROGRAM_DATA */
    DWORD   UseDataOffset;          /* Offset to CIT_PERSISTED */
    DWORD   ProgramDataSize;
    DWORD   UseDataSize;
} CIT_ENTRY;

typedef struct _CIT_PROGRAM_DATA {
    DWORD   FilePathOffset;         /* Offset to UTF-16-LE file path string */
    DWORD   FilePathSize;           /* strlen of string */
    DWORD   CommandLineOffset;      /* Offset to UTF-16-LE command line string */
    DWORD   CommandLineSize;        /* strlen of string */
    DWORD   PeTimeDateStamp;        /* aka Extra1 */
    DWORD   PeCheckSum;             /* aka Extra2 */
    DWORD   Extra3;                 /* aka Extra3, some flag from PROCESSINFO struct */
} CIT_PROGRAM_DATA;
	typedef struct _CIT_HEADER {
	WORD MajorVersion;
	WORD MinorVersion;
	DWORD Size; /* Size of the entire buffer */
	FILETIME CurrentTimeLocal; /* Maybe the time when the saved CIT was last updated? */
	DWORD Crc32; /* Crc32 of the entire buffer, skipping this field */
	DWORD EntrySize;
	DWORD EntryCount;
	DWORD EntryDataOffset;
	DWORD SystemDataSize;
	DWORD SystemDataOffset;
	DWORD BaseUseDataSize;
	DWORD BaseUseDataOffset;
	FILETIME StartTimeLocal; /* Presumably when the aggregation started */
	FILETIME PeriodStartLocal; /* Presumably the starting point of the aggregation period */
	DWORD AggregationPeriodInS; /* Presumably the duration over which this data was gathered
	* Always 604800 (7 days) */
	DWORD BitPeriodInS; /* Presumably the amount of seconds a single bit represents
	* Always 3600 (1 hour) */
	DWORD SingleBitmapSize; /* This appears to be the sizes of the Stats buffers, always 21 */
	DWORD _Unk0; /* Always 0x00000100? */
	DWORD HeaderSize;
	DWORD _Unk1; /* Always 0x00000000? */
	} CIT_HEADER;

	typedef struct _CIT_PERSISTED {
	DWORD BitmapsOffset; /* Array of Offset and Size (DWORD, DWORD) */
	DWORD BitmapsSize;
	DWORD SpanStatsOffset; /* Array of Count and Duration (DWORD, DWORD) */
	DWORD SpanStatsSize;
	DWORD StatsOffset; /* Array of WORD */
	DWORD StatsSize;
	} CIT_PERSISTED;

	typedef struct _CIT_ENTRY {
	DWORD ProgramDataOffset; /* Offset to CIT_PROGRAM_DATA */
	DWORD UseDataOffset; /* Offset to CIT_PERSISTED */
	DWORD ProgramDataSize;
	DWORD UseDataSize;
	} CIT_ENTRY;

	typedef struct _CIT_PROGRAM_DATA {
	DWORD FilePathOffset; /* Offset to UTF-16-LE file path string */
	DWORD FilePathSize; /* strlen of string */
	DWORD CommandLineOffset; /* Offset to UTF-16-LE command line string */
	DWORD CommandLineSize; /* strlen of string */
	DWORD PeTimeDateStamp; /* aka Extra1 */
	DWORD PeCheckSum; /* aka Extra2 */
	DWORD Extra3; /* aka Extra3, some flag from PROCESSINFO struct */
	} CIT_PROGRAM_DATA;