dissect.target.plugins.os.windows.lnk

Module Contents

Classes

LnkPlugin

Base class for plugins.

Attributes

LnkRecord

dissect.target.plugins.os.windows.lnk.LnkRecord

class dissect.target.plugins.os.windows.lnk.LnkPlugin(target: dissect.target.target.Target)

Bases: dissect.target.plugin.Plugin

Base class for plugins.

Plugins can optionally be namespaced by specifying the __namespace__ class attribute. Namespacing results in your plugin needing to be prefixed with this namespace when being called. For example, if your plugin has specified test as namespace and a function called example, you must call your plugin with test.example:

A Plugin class has the following private class attributes:

• __namespace__

• __record_descriptors__

With the following three being assigned in register():

• __plugin__

• __functions__

• __exports__

Additionally, the methods and attributes of Plugin receive more private attributes by using decorators.

The export() decorator adds the following private attributes

• __exported__

• __output__: Set with the export() decorator.

• __record__: Set with the export() decorator.

The internal() decorator and InternalPlugin set the __internal__ attribute. Finally. args() decorator sets the __args__ attribute.

Parameters:

target – The Target object to load the plugin for.

check_compatible() → None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

lnk(directory: str | None = None) → Iterator[LnkRecord]

Parse all .lnk files in /ProgramData, /Users, and /Windows or from a specified path in record format.

Yields a LnkRecord record with the following fields:

lnk_path (path): Path of the link (.lnk) file. lnk_name (string): Name of the link (.lnk) file. lnk_mtime (datetime): Modification time of the link (.lnk) file. lnk_atime (datetime): Access time of the link (.lnk) file. lnk_ctime (datetime): Creation time of the link (.lnk) file. lnk_relativepath (path): Relative path of target file to the link (.lnk) file. lnk_workdir (path): Path of the working directory the link (.lnk) file will execute from. lnk_iconlocation (path): Path of the display icon used for the link (.lnk) file. lnk_arguments (string): Command-line arguments passed to the target (linked) file. local_base_path (string): Absolute path of the target (linked) file. common_path_suffix (string): Suffix of the local_base_path. lnk_full_path (string): Full path of the linked file. Made from local_base_path and common_path_suffix. lnk_net_name (string): Specifies a server share path; for example, “\servershare”. lnk_device_name (string): Specifies a device; for example, the drive letter “D:” machine_id (string): The NetBIOS name of the machine where the linked file was last known to reside. target_mtime (datetime): Modification time of the target (linked) file. target_atime (datetime): Access time of the target (linked) file. target_ctime (datetime): Creation time of the target (linked) file.

lnk_entries(path: str | None = None) → Iterator[dissect.target.helpers.fsutil.TargetPath]