matmaus / lnkparse3 Goto Github PK
View Code? Open in Web Editor NEWThis project forked from silascutler/lnkparse
Windows Shortcut file (LNK) parser
License: MIT License
This project forked from silascutler/lnkparse
Windows Shortcut file (LNK) parser
License: MIT License
Some MSI-generated shortcuts are shown in the explorer properties window with the location greyed out.
Example: example.zip
Apparently, those are called "Advertised shortcuts" and the actual link location has to do with the field DarwinDataUnicode in the DARWIN block. This has a format GUID(product code), string(component id), GUID(feature name)
where the GUIDs are Base85 encoded.
I would like to request if possible for the automatic decoding of this.
More info:
http://www.laurierhodes.info/?q=node/34
http://metadataconsulting.blogspot.com/2019/12/CSharp-Convert-a-GUID-to-a-Darwin-Descriptor-and-back.html
https://web.archive.org/web/20080323160816/http://support.microsoft.com/kb/243630
Would it be possible instead of printing the json to stdout to make a usable json object ?
LNK files can store the SID of the creating user account in the file. It seems that this may not currently be extracted. Is it possible to add support for extracting this artifact?
Sample LNK files:
Getting a lot of:
C:\Users\Asus-PC\AppData\Local\Programs\Python\Python37\lib\site-packages\LnkParse3\decorators.py:187: UserWarning: Invalid dostime: e1 50 ab 8b
warnings.warn(msg)
63 warnings for 166 links.
Is it by the design and I am supposed to use this?
with warnings.catch_warnings():
warnings.simplefilter("ignore")
Hi, I was looking at some new problems that I have with parsing Lnk files, and realized that I should have tried to get one of those branches merged before. I came across Lnk files that are tacking additional data at the very end of the file, after the Terminal Block. I created my own fork of LnkParse3 and had my way of handling it, and I saw that user wmetcalf also did. We took slightly different approaches, and I was wondering if you had a preference. I would be happy to clean my repository, or make a totally new branch to be able to open a proper pull request if you are interested. For reference, this is an example of a malicious file that would benefit from being able to get the content at the end of the normal structure. Just making sure again, please be aware that this file is malicious. :) https://bazaar.abuse.ch/sample/082d5935271abf58419fb5e9de83996bd2f840152de595afa7d08e4b98b1d203
If you are looking at the git diff from my repository, you will see that I also added handling for UnknownExtra. I see that you since added handling and a warning in extra_factory.py, but I think it would be useful to be able to access that data. For reference, this LNK file has a zip file in such undefined Extra data.
Thank you for your time and the awesome library!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.