From bfc74e9d1958397620f332f9c9ec3eeaf439a6ca Mon Sep 17 00:00:00 2001
From: WitherOrNot <damemem@gmail.com>
Date: Thu, 13 Feb 2025 18:56:24 -0500
Subject: [PATCH] Create README.md

---
 patterns/README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 patterns/README.md

diff --git a/patterns/README.md b/patterns/README.md
new file mode 100644
index 0000000..5e86e41
--- /dev/null
+++ b/patterns/README.md
@@ -0,0 +1,11 @@
+# ImHex Patterns
+
+You can use these pattern files with [ImHex](https://github.com/WerWolv/ImHex) to view contents of various SPP-related files.
+
+## Pattern List
+
+ - `variablebag` - For product key blobs in physical store/`cache.dat`
+ - `tokenstore` - For `tokens.dat`
+ - `win7_physstore`/`winmodern_physstore` - For decrypted Windows 7/Windows 8+ physical store
+
+Physical store can be decrypted with TSforge `/dump` option, ex. `tsforge /dump out.dat` on live system or `tsforge /dump out.dat in.dat` for physical store from offline system.