3.5. lf.win.shell.link — Shell link (.lnk) files¶
This module defines classes to work with Microsoft Windows shell link (.lnk, shortcut) files.
3.5.1. Inheritance Diagram¶
![digraph shell_link_property_classes {
fontname = "Courier New"
fontsize = 10
node [
fontname = "Courier New"
fontsize = 10
shape = "record"
]
edge [
arrowhead = "none"
arrowtail = "empty"
fontsize = 8
]
ExtraDataBlock [
label = "{ExtraDataBlock\l|size\lsig\l\l|}"
]
ConsoleProps [
label = "{ConsoleProps\l|\l|}"
]
ConsoleFEProps [
label = "{ConsoleFEProps\l|\l|}"
]
DarwinProps [
label = "{DarwinProps\l|\l|}"
]
ExpandableStringsDataBlock [
label = "{ExpandableStringsDataBlock\l|\l|}"
]
EnvironmentProps [
label = "{EnvironmentProps\l|\l|}"
]
IconEnvironmentProps [
label = "{IconEnvironmentProps\l|\l|}"
]
KnownFolderProps [
label = "{KnownFolderProps\l|\l|}"
]
PropertyStoreProps [
label = "{PropertyStoreProps\l|\l|}"
]
ShimProps [
label = "{ShimProps\l|\l|}"
]
SpecialFolderProps [
label = "{SpecialFolderProps\l|\l|}"
]
TrackerProps [
label = "{TrackerProps\l|\l|}"
]
VistaAndAboveIDListProps [
label = "{VistaAndAboveIDListProps\l|\l|}"
]
TerminalBlock [
label = "{TerminalBlock\l|\l|}"
]
ExtraDataBlock -> ConsoleProps;
ExtraDataBlock -> ConsoleFEProps;
ExtraDataBlock -> DarwinProps;
ExtraDataBlock -> ExpandableStringsDataBlock;
ExpandableStringsDataBlock -> EnvironmentProps;
ExpandableStringsDataBlock -> IconEnvironmentProps;
ExtraDataBlock -> KnownFolderProps;
ExtraDataBlock -> PropertyStoreProps;
ExtraDataBlock -> ShimProps;
ExtraDataBlock -> SpecialFolderProps;
ExtraDataBlock -> TrackerProps;
ExtraDataBlock -> VistaAndAboveIDListProps
ExtraDataBlock -> TerminalBlock
}](../../../_images/graphviz-6e9394a55e3963d16698b37b8c51bfbe3adb0a5c.png)
3.5.2. SHELL_LINK structures¶
- class lf.win.shell.link.ShellLink(stream, offset=None)¶
Represents a shell link (.lnk) file.
Parameters: - stream (IStream) – A stream that contains the link file.
- offset (int) – The start of the link file, in stream.
- header¶
- A ShellLinkHeader object.
- idlist¶
- An ITEMIDLIST describing the target (or None if not present).
- string_data¶
- An instance of a StringDataSet object.
- extra_data¶
- A list of ExtraDataBlock objects.
3.5.2.1. SHELL_LINK_HEADER structures¶
- class lf.win.shell.link.ShellLinkHeader¶
Represents a header from a shell link (.lnk) file.
- size¶
- The size of the header structure
- clsid¶
- The CLSID of the link.
- attrs¶
- An instance of FileAttributes describing the file attributes for the target.
- btime¶
- The creation time of the target.
- atime¶
- The last access time of the target.
- mtime¶
- The last modification time of the target.
- target_size¶
- The size of the target.
- icon_index¶
- The index of an icon.
- show_cmd¶
- The state of the window, if one is launched.
- vkcode¶
- The virtual keycode of the hotkey, used to activate the link.
- vkmod¶
- The modifiers to vkcode.
- classmethod from_stream(stream, offset=None)¶
Creates a ShellLinkHeader object from a stream.
Parameters: - stream (IStream) – A stream that contains the structure.
- offset (int) – The start of the structure in the stream.
Return type: Returns: The corresponding ShellLinkHeader object.
- classmethod from_ctype(ctype)¶
Creates a ShellLinkHeader object from a ctype.
Parameter: ctype (lf.win.shell.dtypes.ShellLinkHeader) – An instance of a ShellLinkHeader ctype. Return type: ShellLinkHeader Returns: The corresponding ShellLinkHeader object.
- class lf.win.shell.link.FileAttributes¶
Represents the file system attributes of a link target.
- read_only¶
- True if the target is read only.
- True if the target is hidden.
- system¶
- True if the target has the system attribute set.
- directory¶
- True if the target is a directory.
- archive¶
- True if the target has the archive attribute set.
- normal¶
- True if this is the only bit set.
- temp¶
- True if the target is a temp file.
- sparse¶
- True if the target is a sparse file.
- reparse_point¶
- True if the target is a reparse_point.
- compressed¶
- True if the target is compressed.
- offline¶
- True if the content of the target is not immediately available.
- not_content_indexed¶
- True if the content of the target needs indexing.
- encrypted¶
- True if the target is encrypted.
- class lf.win.shell.link.LinkFlags¶
Represents the LinkFlags structure from ShellLinkHeader.
- has_idlist¶
- True if the link has an ITEMIDLIST for the target.
- has_link_info¶
- True if the link has a LinkInfo structure.
- has_name¶
- True if the link has a NAME_STRING StringData structure.
- has_relative_path¶
- True if the link has a RELATIVE_PATH StringData structure.
- has_working_dir¶
- True if the link has a WORKING_DIR StringData structure.
- has_args¶
- True if the link has a COMMAND_LINE_ARGUMENTS StringData structure.
- has_icon_location¶
- True if the link has an ICON_LOCATION StringData structure.
- is_unicode¶
- True if the link has unicode encoded strings.
- force_no_link_info¶
- True if the LinkInfo structure should be ignored.
- has_exp_string¶
- True if the link has an EnvironmentVariableDataBlock structure.
- run_in_separate_proc¶
- True if the target is run in a separate VM.
- has_logo3_id¶
- Undefined.
- has_darwin_id¶
- True if the link has a DarwinDataBlock structure.
- run_as_user¶
- True if the target is run as a different user.
- has_exp_icon¶
- True if the link has an IconEnvironmentDataBlock structure.
- no_pidl_alias¶
- True if the file system locations is represented in the shell namespace.
- force_unc_name¶
- True if UNC naming is required.
- run_with_shim_layer¶
- True if the link has a ShimDataBlock structure.
- force_no_link_track¶
- True if the TrackerDataBlock structure should be ignored.
- enable_target_metadata¶
- True if the link has metadata about the target.
- disable_link_path_tracking¶
- True if the EnvironmentVariableDataBlock structure should be ignored.
- disable_known_folder_rel_tracking¶
- True if the SpecialFolderDataBlock and the KnownFolderDataBlock structures should be ignored.
- no_kf_alias¶
- True if the unaliased form of the known folder ID list should be used.
- allow_link_to_link¶
- True if the target can be another link.
- unalias_on_save¶
- True if unaliased form should be used when saving a link.
- prefer_environment_path¶
- True if path specified in the EnvironmentVariableDataBlock should be used to refer to the target.
- keep_local_idlist_for_unc_target¶
- True if the local path IDlist should be stored.
3.5.2.2. LINKINFO structures¶
- class lf.win.shell.link.LinkInfo¶
Represents a LinkInfo structure.
- size¶
- The size of the structure.
- vol_id_and_local_base_path¶
- Describes if the volume id and local base path are present.
- cnrl_and_path_suffix¶
- Describes if the Common Network Relative Link field is present.
- local_base_path_offset¶
- The relative offset of the local base path.
- cnrl_offset¶
- The relative offset of the CNRL.
- path_suffix_offset¶
- The relative offset of the common path suffix.
- local_base_path_offset_uni¶
- The unicode version of local_base_path_offset (or None if not present).
- path_suffix_offset_uni¶
- The unicode version of path_suffix_offset (or None if not present).
- local_base_path¶
- The local path prefix (or None if not present).
- local_base_path_uni¶
- The unicode version of local_base_path (or None if not present).
- path_suffix¶
- The field appended to local_base_path (or None if not present).
- path_suffix_uni¶
- The unicode version of path_suffix (or None if not present).
- class lf.win.shell.link.VolumeID¶
Represents a VolumeID structure.
- size¶
- The size of the volume id structure.
- drive_type¶
- The type of drive the target is stored on.
- drive_serial_num¶
- The serial number of the drive the target is on.
- volume_label_offset¶
- The relative offset of the volume label.
- volume_label_offset_uni¶
- The unicode version of volume_label_offset (or None if not present).
- volume_label¶
- The volume label of the drive the target is on.
- class lf.win.shell.link.CNRL¶
Represents a Common Network Relative Link structure.
- size¶
- The size of the CNRL structure.
- valid_device¶
- True if device_name_offset is valid.
- valid_net_type¶
- True if net_provider_type is valid.
- device_name_offset¶
- The relative offset of the device_name field.
- net_type¶
- Describes the type of network provider. See lf.win.consts.npt for a list of valid network provider type constants.
- net_name_offset_uni¶
- The unicode version of net_name_offset.
- device_name_offset_uni¶
- The unicode version of device_name_offset.
- net_name¶
- Specifies the server path.
- device_name¶
- Specifies the device.
- device_name_uni¶
- The unicode version of device_name.
3.5.2.3. STRING_DATA structures¶
- class lf.win.shell.link.StringDataSet¶
Represents a collection of StringData objects.
- name_str¶
- A StringData object describing the shortcut (or None if not present).
- rel_path¶
- A StringData object describing the path to the target, relative to the file that contains the link (or None if not present).
- working_dir¶
- A StringData object describing the working directory to use when activating/running the target (or None if not present).
- cmd_args¶
- A StringData object describing the command line arguments to use when activating/running the target (or None if not present).
- icon_location¶
- A StringData object describing the location of the icon to display for the link file (or None if not present).
- class lf.win.shell.link.StringData¶
Represents a StringData structure.
- size¶
- The size of the StringData structure in bytes.
- char_count¶
- The number of characters in the string.
- string¶
- The string associated with the structure.
- classmethod from_stream(stream, offset=None, is_unicode=True)¶
Creates a StringData object from a stream.
Parameters: - stream (IStream) – A stream that contains the structure.
- offset (int) – The start of the structure in the stream.
- is_unicode (bool) – If the string is in unicode (utf16-le)
Return type: Returns: The corresponding StringData object.
3.5.2.4. EXTRA_DATA structures¶
- class lf.win.shell.link.ExtraDataBlock¶
Base class for ExtraDataBlock subclasses.
- size¶
- The size of the structure in bytes.
- sig¶
- The signature field.
- data¶
An optional field that describes the data in the structure.
Note
Subclasses set this to None
- classmethod from_stream(stream, offset=None)¶
Creates a ExtraDataBlock from a stream.
Parameters: - stream (IStream) – A stream that contains the structure.
- offset (int) – The start of the structure in the stream.
Return type: Returns: The corresponding ExtraDataBlock object.
- class lf.win.shell.link.ConsoleProps¶
Represents a ConsoleProps structure.
- fill_attributes¶
- The foreground and background text colors for the console window.
- popup_fill_attributes¶
- The foreground and background text colors for the console window popup.
- font¶
- The font.
- input_buf_size¶
- The size of the input buffer.
- font_size¶
- The size (in pixels) of the font to use in the console window.
- font_family¶
- The family of the font to use in the console window.
- font_weight¶
- The stroke weight of the font to use in the console window.
- face_name¶
- The face name of the font to use in the console window.
- cursor_size¶
- The size of the cursor (in pixels) to use in the console window.
- full_screen¶
- Whether or not to open the console window in full screen mode.
- quick_edit¶
- True if the console window should be in quick edit mode.
- insert_mode¶
- Whether or not to enable insert mode in the console window.
- auto_position¶
- Whether or not to automatically position the console window.
- history_buf_size¶
- The number of characters to store in the history of the console window.
- history_buf_count¶
- The number of characters to store in the history of the console window.
- history_no_dup¶
- Whether or not duplicates are stored in the history buffers.
- color_table¶
- A tuple of the RGB colors used for text in the console window.
- classmethod from_stream(stream, offset=None)¶
Creates a ConsoleProps from a stream.
Parameters: - stream (IStream) – A stream that contains the structure.
- offset (int) – The start of the structure in the stream.
Return type: Returns: The corresponding ConsoleProps object.
- class lf.win.shell.link.ConsoleFEProps¶
Represents a ConsoleFEProps structure.
- code_page¶
- The code page LCID used to display text.
- classmethod from_stream(stream, offset=None)¶
Creates a ConsoleFEProps from a stream.
Parameters: - stream (IStream) – A stream that contains the structure.
- offset (int) – The start of the structure in the stream.
Return type: Returns: The corresponding ConsoleFEProps object.
- class lf.win.shell.link.DarwinProps¶
Represents a DarwinProps structure.
- darwin_data_ansi¶
- An application identifier.
- darwin_data_uni¶
- A unicode version of darwin_data_ansi.
- classmethod from_stream(stream, offset=None)¶
Creates a DarwinProps from a stream.
Parameters: - stream (IStream) – A stream that contains the structure.
- offset (int) – The start of the structure in the stream.
Return type: Returns: The corresponding DarwinProps object.
- class lf.win.shell.link.ExpandableStringsDataBlock¶
Base class for blocks that use environment variables.
- target_ansi¶
- A path that is constructed with environment variables.
- target_uni¶
- A unicode version of target_ansi
- classmethod from_stream(stream, offset=None)¶
Creates a ExpandableStringsDataBlock from a stream.
Parameters: - stream (IStream) – A stream that contains the structure.
- offset (int) – The start of the structure in the stream.
Return type: Returns: The corresponding ExpandableStringsDataBlock object.
- class lf.win.shell.link.EnvironmentProps¶
- Path to environment variable information.
- class lf.win.shell.link.IconEnvironmentProps¶
- Path to an icon encoded with environment variables.
- class lf.win.shell.link.KnownFolderProps¶
Represents a KnownFolderProps structure.
- kf_id¶
- A GUID for the folder.
- offset¶
- The index in the item id list of the known folder.
- classmethod from_stream(stream, offset=None)¶
Creates a KnownFolderProps from a stream.
Parameters: - stream (IStream) – A stream that contains the structure.
- offset (int) – The start of the structure in the stream.
Return type: Returns: The corresponding KnownFolderProps object.
- class lf.win.shell.link.PropertyStoreProps¶
Represents serialized property storage values.
- property_store¶
- A serialized property storage structure (currently not implemented).
- classmethod from_stream(stream, offset=None)¶
Creates a PropertyStoreProps from a stream.
Parameters: - stream (IStream) – A stream that contains the structure.
- offset (int) – The start of the structure in the stream.
Return type: Returns: The corresponding PropertyStoreProps object.
- class lf.win.shell.link.ShimProps¶
Specifies the name of a shim to use when activating/running the target.
- layer_name¶
- A unicode name of the shim layer.
- class lf.win.shell.link.SpecialFolderProps¶
Specifies the location of special folders in an item id list.
- sf_id¶
- The special folder identifier.
- offset¶
- The index in the item id list of the special folder.
- classmethod from_stream(stream, offset=None)¶
Creates a SpecialFolderProps from a stream.
Parameters: - stream (IStream) – A stream that contains the structure.
- offset (int) – The start of the structure in the stream.
Return type: Returns: The corresponding SpecialFolderProps object.
- class lf.win.shell.link.DomainRelativeObjId¶
Represents a domain relative object identifier (DROID).
- volume¶
- The volume field.
- object¶
- The object field.
- classmethod from_stream(stream, offset=None)¶
Creates a DomainRelativeObjId from a stream.
Parameters: - stream (IStream) – A stream that contains the structure.
- offset (int) – The start of the structure in the stream.
Return type: Returns: The corresponding DomainRelativeObjId object.
- classmethod from_ctype(ctype)¶
Creates a DomainRelativeObjId object from a ctype.
Parameter: ctype (lf.win.shell.dtypes.DomainRelativeObjId) – An instance of a DomainRelativeObjId ctype. Return type: DomainRelativeObjId Returns: The corresponding DomainRelativeObjId object.
- class lf.win.shell.link.TrackerProps¶
Data used to resolve a link target with the Link Tracking Service.
- length¶
- The length of the structure (excluding the size and signature).
- version¶
- The version field.
- machine_id¶
- The NetBIOS name of the machine the target was last known to reside on.
- droid¶
- A DomainRelativeObjId structure used to find the target.
- droid_birth¶
- A DomainRelativeObjId structure used to find the target.
- classmethod from_stream(stream, offset=None)¶
Creates a TrackerProps from a stream.
Parameters: - stream (IStream) – A stream that contains the structure.
- offset (int) – The start of the structure in the stream.
Return type: Returns: The corresponding TrackerProps object.
- class lf.win.shell.link.VistaAndAboveIDListProps¶
An alternative to an item id list.
- idlist¶
- An alternate item id list.
- classmethod from_stream(stream, offset=None)¶
Creates a VistaAndAboveIDListProps from a stream.
Parameters: - stream (IStream) – A stream that contains the structure.
- offset (int) – The start of the structure in the stream.
Return type: Returns: The corresponding VistaAndAboveIDListProps object.
- class lf.win.shell.link.TerminalBlock¶
- Represents a terminal block.
- class lf.win.shell.link.ExtraDataBlockFactory¶
Makes ExtraDataBlock (and subclass) objects.
- props_map¶
- A dictionary mapping variosu signature values to their corresponding object factories. Used by make_blocks().
- classmethod make_blocks(stream, offset=None)¶
Creates a series of ExtraDataBlock (or subclass) objects.
Parameters: - stream (IStream) – A stream that contains the structures.
- offset (int) – The start of the structures in the stream.
Return type: iterator
Returns: An iterator of the corresponding objects.