dissect.target.plugins.os.windows.jumplist
¶
Module Contents¶
Classes¶
Parse Jump List AutomaticDestination file. |
|
Parse Jump List CustomDestination file. |
|
Jump List is a Windows feature introduced in Windows 7. |
Attributes¶
- dissect.target.plugins.os.windows.jumplist.log¶
- dissect.target.plugins.os.windows.jumplist.LNK_GUID = b'\x01\x14\x02\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00F'¶
- dissect.target.plugins.os.windows.jumplist.JumpListRecord¶
- dissect.target.plugins.os.windows.jumplist.custom_destination_def = Multiline-String¶
Show Value
""" struct header { int version; int unknown1; int unknown2; int value_type; } struct header_end { int number_of_entries; } struct header_end_0 { uint16 name_length; wchar name[name_length]; int number_of_entries; } struct footer { char magic[4]; } """
- dissect.target.plugins.os.windows.jumplist.c_custom_destination¶
- class dissect.target.plugins.os.windows.jumplist.JumpListFile(fh: BinaryIO, file_name: str)¶
- fh¶
- file_name¶
- application_type¶
- application_name¶
- abstract __iter__() Iterator[dissect.shellitem.lnk.Lnk] ¶
- property name: str¶
Return the name of the application.
- property id: str¶
Return the application identifier.
- property type: str¶
Return the type of the Jump List file.
- class dissect.target.plugins.os.windows.jumplist.AutomaticDestinationFile(fh: BinaryIO, file_name: str)¶
Bases:
JumpListFile
Parse Jump List AutomaticDestination file.
- ole¶
- __iter__() Iterator[dissect.shellitem.lnk.Lnk] ¶
- class dissect.target.plugins.os.windows.jumplist.CustomDestinationFile(fh: BinaryIO, file_name: str)¶
Bases:
JumpListFile
Parse Jump List CustomDestination file.
- MAGIC_FOOTER = 3133143979¶
- VERSIONS = [2]¶
- magic¶
- header¶
- version¶
- __iter__() Iterator[dissect.shellitem.lnk.Lnk] ¶
- class dissect.target.plugins.os.windows.jumplist.JumpListPlugin(target: dissect.target.Target)¶
Bases:
dissect.target.plugin.Plugin
Jump List is a Windows feature introduced in Windows 7.
It stores information about recently accessed applications and files.
References
- __namespace__ = 'jumplist'¶
Defines the plugin namespace.
- automatic_destinations = []¶
- custom_destinations = []¶
- check_compatible() None ¶
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- custom_destination() Iterator[JumpListRecord] ¶
Return the content of CustomDestination Windows Jump Lists.
These are created when a user pins an application or a file in a Jump List.
Yields JumpListRecord with fields:
type (string): Type of Jump List. application_id (string): ID of the application. application_name (string): Name of the application. lnk_path (path): Path of the link (.lnk) file. lnk_name (string): Name of the link (.lnk) file. lnk_mtime (datetime): Modification time of the link (.lnk) file. lnk_atime (datetime): Access time of the link (.lnk) file. lnk_ctime (datetime): Creation time of the link (.lnk) file. lnk_relativepath (path): Relative path of target file to the link (.lnk) file. lnk_workdir (path): Path of the working directory the link (.lnk) file will execute from. lnk_iconlocation (path): Path of the display icon used for the link (.lnk) file. lnk_arguments (string): Command-line arguments passed to the target (linked) file. local_base_path (string): Absolute path of the target (linked) file. common_path_suffix (string): Suffix of the local_base_path. lnk_full_path (string): Full path of the linked file. Made from local_base_path and common_path_suffix. lnk_net_name (string): Specifies a server share path; for example, "\\server\share". lnk_device_name (string): Specifies a device; for example, the drive letter "D:" machine_id (string): The NetBIOS name of the machine where the linked file was last known to reside. target_mtime (datetime): Modification time of the target (linked) file. target_atime (datetime): Access time of the target (linked) file. target_ctime (datetime): Creation time of the target (linked) file.
- automatic_destination() Iterator[JumpListRecord] ¶
Return the content of AutomaticDestination Windows Jump Lists.
These are created automatically when a user opens an application or file.
Yields JumpListRecord with fields:
type (string): Type of Jump List. application_id (string): ID of the application. application_name (string): Name of the application. lnk_path (path): Path of the link (.lnk) file. lnk_name (string): Name of the link (.lnk) file. lnk_mtime (datetime): Modification time of the link (.lnk) file. lnk_atime (datetime): Access time of the link (.lnk) file. lnk_ctime (datetime): Creation time of the link (.lnk) file. lnk_relativepath (path): Relative path of target file to the link (.lnk) file. lnk_workdir (path): Path of the working directory the link (.lnk) file will execute from. lnk_iconlocation (path): Path of the display icon used for the link (.lnk) file. lnk_arguments (string): Command-line arguments passed to the target (linked) file. local_base_path (string): Absolute path of the target (linked) file. common_path_suffix (string): Suffix of the local_base_path. lnk_full_path (string): Full path of the linked file. Made from local_base_path and common_path_suffix. lnk_net_name (string): Specifies a server share path; for example, "\\server\share". lnk_device_name (string): Specifies a device; for example, the drive letter "D:" machine_id (string): The NetBIOS name of the machine where the linked file was last known to reside. target_mtime (datetime): Modification time of the target (linked) file. target_atime (datetime): Access time of the target (linked) file. target_ctime (datetime): Creation time of the target (linked) file.