Year of Python (YOP) – Week Twenty Four

15Jun15

Hello Reader!

This week we’re going to continue working on our LNK File Parser script.  We have two things we’ll be adding this week to how we are parsing the header portion of a LNK file.  If you look at last weeks post, there were some sections that we were just printing out the data to make sure it was there.

First, we need to add some additional modules to our script.  First is the UUID module so we can parse out the Link CLSID correctly.  Second is the BitArray module, which we’ll need to parse out the Link Flags and the File Attributes.

Now this week we introduce a new function, called lnk_flags, which handles the Link Flags.  What I’m doing here is taking this four byte value, and we parse out the individual bits.  Each bit refers to a flag that’s been set.  So I’m looking at which flag is set to a one, and we print out what the corresponding bit refers to.

The second item to mention is we take the 16 byte LinkCLSID value, and then pass it to the UUID module to get the correct output.

And finally we just updated our print statements to show the correct output.

Next week we’ll look at another function I created to parse out some other header data.

Until then!

https://github.com/CdtDelta/YOP

Advertisements


No Responses Yet to “Year of Python (YOP) – Week Twenty Four”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: