Year of Python (YOP) – Week Twenty Five

22Jun15

Hello reader!

Today we come to part three of our Windows LNK File Header parsing script, which began with the YOP – Week 23 script.

For this weeks snippet, we’re looking at a function to parse out the attributes of the target file that the lnk file points to, and again we’ll be making use of the bitstring module to parse out the individual bit values for this section.  Now the attribute itself is four bytes in length, starting at file offset 24.

First up is the function, lnk_attrib, which creates a dictionary that refers to the different values depending on which bit flag is set.  Then, in the second part of the function, we parse out the bit values, and if we see a “1”, we print out that the corresponding bit value is set.

The second part is where we pull in the byte values, and then pull out the individual bit values of those bytes.

Finally in the third part, we pass the bit values to the lnk_attrib function, and print the results.

Overall not too different from last weeks script, we’re just looking at a different dictionary.

Until next week!

https://github.com/CdtDelta/YOP

Advertisements


No Responses Yet to “Year of Python (YOP) – Week Twenty Five”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: