Navigation

3.1. lf.win.shell.objects — Objects for Windows shell artifacts

This module provides support for common Windows shell artifacts.

class lf.win.shell.objects.SHITEMID

Represents a SHITEMID structure.

size
The size of the SHITEMID structure. (calculated)
cb
The count of bytes of the structure. (extracted)
abID
An application defined BLOB of data.
id
An alias for the abID attribute.
classmethod from_stream(stream, offset=None)

Creates a SHITEMID from a stream.

Parameters:
  • stream (lf.dec.IStream) – A stream that contains the structure.
  • offset (int) – The start of the structure in stream
Return type:

SHITEMID
Returns:

The corresponding SHITEMID object.
class lf.win.shell.objects.ITEMIDLIST

Represents an ITEMIDLIST structure.

mkid
A list of SHITEMID structures.
classmethod from_stream(stream, offset=None, max_bytes=None)

Creates an ITEMIDLIST from a stream.

Parameters:
  • stream (lf.dec.IStream) – A stream that contains the structure.
  • offset (int) – The start of the structure in stream
  • max_bytes (int) – The maximum number of bytes to read from the stream. If this is None then it is ignored.
Return type:

ITEMIDLIST
Returns:

The corresponding ITEMIDLIST object.

Previous topic

3. Windows Shell Artifacts

Next topic

3.2. lf.win.shell.consts.csidl — Constants for CSIDLs

This Page

Navigation

© Copyright 2010, Michael Murr <mmurr@codeforensics.net>. Created using Sphinx 0.6.5.