Win10
Win 10/11 related research
Project maintained by kacos2000 Hosted on GitHub Pages — Theme by mattgraham
Windows 10 - Notifications
- Definitions:
- A tile is an app’s representation on the Start menu. Every UWP app has a tile - sizes: small, medium, wide, and large.
- A badge provides status or summary info in the form of a system-provided glyph or a number from 1-99.
- A toast notification is a notification a UWP app sends to the user via a pop-up UI element (toast or banner). __________________________________
-
Time notifications were last seen by the user:
NTUSER.dat - \Software\Microsoft\Windows\CurrentVersion\Notifications - ValueName: TimestampWhenSeen Value:(Filetime) __________________________________ -
Notifications.sql
SQLite query to parse the Windows 10 Notifications Wpndatabase.
- Notifications.ps1
Powershell script to parse the Windows 10 Notifications Wpndatabase as well as information from the XML blobs: UPDATED - Toasts, Tiles & Badges now work ok (till proven otherwise) :) -
wpn.ps1
Powershell script to parse NTUSER.dat (\Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm) entries:
How the output of Notifications.ps1 & wpn.ps1 are linked together:
-
PushBackup.ps1
Powershell script to parse NTUSER.dat (Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup) entries:
-
PushBackup.sql
SQLite query to parse the (Windows 10 Notifications Wpndatabase) WNSPushChannel table.Comparison of the results of PushBackup.sql and PushBackup.ps1:
__________________________________ -
Microsoft Notifications Visualizer:
-
A very usefull app (MS Store) - Simply create a new document, and copy/paste the XML Blob from the database:
DB Browser for SQLite:
Visualizer Window:
-
Other Information:
- Database location: C:\Users\%username%\AppData\Local\Microsoft\Windows\Notifications\wpndatabase.db
- Backup (settings):
- NTUSER.DAT: Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup
- NTUSER.DAT: Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup
-
Image store location: C:\Users\%username%\AppData\Local\Microsoft\Windows\Notifications\wpnidm:
- NTUSER.DAT: Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm
- image: link image to application
- image folder view
- Expiration Date of Notification related to the image (Filetime):
- NTUSER.DAT: Software\Microsoft\Windows\CurrentVersion\PushNotifications\wpnidm
-
Typical XML blob structure:
Badge Tile Toast 
-
References:
- Microsoft Notifications Visualizer
- Toast content
- Toast content schema
- Tiles for UWP apps
- Badge notifications for UWP apps
- Notification delivery method
- Create adaptive tiles
- By default, tile and badge notifications expire three days after being downloaded. When a notification expires, the content is removed from the tile or queue and is no longer shown to the user.