Year of Python (YOP) – Week Twenty Six

29Jun15

Hello Reader!

This weeks script is a continuation of the week twenty three script that’s parsing the LNK file header.  It’s a short one this week, but we’re working on the ShowCommand portion of the header at file offset 60.  The Microsoft documentation describes this portion as:

“A 32-bit unsigned integer that specifies the expected window state of an application launched by the link.”

Now the values for this are different if you look at the Microsoft documentation versus the documentation written up by Joachim Metz.  For this part of the code I went with the official Microsoft docs, but it’s a trivial matter to modify the code to use the information from Joachim.  The overall difference is the number of identifiers this value represents.

The first part of the code is the function that parses the four bytes of data.  It compares the value with three possible outcomes.  The second part of the code replaces line 53 of the original week 23 script, which just prints out the return value from the function.

Like I said it’s a short one this week!

https://github.com/CdtDelta/YOP

Advertisements


No Responses Yet to “Year of Python (YOP) – Week Twenty Six”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: