https://github.com/n3rada/sharpnotesreader

A C# light executable that read Windows 11 Notes from TabState directory.
https://github.com/n3rada/sharpnotesreader

csharp execute-assembly forensics-tools notepad offensive-security red-team windows-11

Last synced: 4 months ago
JSON representation

A C# light executable that read Windows 11 Notes from TabState directory.

• Host: GitHub
• URL: https://github.com/n3rada/sharpnotesreader
• Owner: n3rada
• License: bsd-3-clause
• Created: 2024-09-04T20:29:43.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-06-24T18:01:45.000Z (6 months ago)
• Last Synced: 2025-08-23T06:33:39.509Z (4 months ago)
• Topics: csharp, execute-assembly, forensics-tools, notepad, offensive-security, red-team, windows-11
• Language: C#
• Homepage:
• Size: 108 KB
• Stars: 3
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# SharpNotesReader

`SharpNotesReader` is a tool designed to **extract unsaved notes from [Windows 11's Notepad](https://apps.microsoft.com/detail/9msmlrh6lzf3)** (`Notepad.exe`) session files. This feature allows quick-typed notes to persist even after the application is closed and reopened later. This tool lets you retrieve and read those unsaved files, providing insight into the hidden "`TabState`" files Notepad uses.

Many users rely on Notepad for tasks like quickly jotting down passwords or short notes:

![notes](./images/notes.png)

With a bit of trickery and a few lines of code, you can look into the stored note data located at `%localAppData%\Packages\Microsoft.WindowsNotepad_8wekyb3d8bbwe\LocalState\TabState` and extract the content:

![example](./images/example.png)

## Build Instruction

Open the solution (`.sln`) file with `Visual Studio`, and build the solution (`F7`). Executable will be located at `SharpNotesReader\bin\Release\SharpNotesReader.exe`.