Year of Python (YOP) – Week Twenty Six


Hello Reader!

This weeks script is a continuation of the week twenty three script that’s parsing the LNK file header.  It’s a short one this week, but we’re working on the ShowCommand portion of the header at file offset 60.  The Microsoft documentation describes this portion as:

“A 32-bit unsigned integer that specifies the expected window state of an application launched by the link.”

Now the values for this are different if you look at the Microsoft documentation versus the documentation written up by Joachim Metz.  For this part of the code I went with the official Microsoft docs, but it’s a trivial matter to modify the code to use the information from Joachim.  The overall difference is the number of identifiers this value represents.

The first part of the code is the function that parses the four bytes of data.  It compares the value with three possible outcomes.  The second part of the code replaces line 53 of the original week 23 script, which just prints out the return value from the function.

Like I said it’s a short one this week!


No Responses Yet to “Year of Python (YOP) – Week Twenty Six”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: