dissect.shellitem

View on GitHub

A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows.

Installation

dissect.shellitem is available on PyPI.

$ pip install dissect.shellitem

This module is also automatically installed if you install the dissect package.

Usage

This package is a library with a few CLI tools, so you primarily interact with it from Python. For example, to open a LNK file for parsing:

from dissect.shellitem.lnk import Lnk

with open("/path/to/file.lnk", "rb") as fh:
    lnk = Lnk(fh)

    # Print the string representation of the parsed LNK file to see available fields
    print(lnk)

Tools

parse-lnk - CLI interface

Utility to parse LNK files.

parse-lnk [-h] [-v] paths [paths ...]

parse-lnk positional arguments

  • paths - Path to .lnk file(s). (default: None)

parse-lnk optional arguments

Reference

For more details, please refer to the API documentation of dissect.shellitem.