dissect.shellitem¶
A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows.
Installation¶
dissect.shellitem
is available on PyPI.
$ pip install dissect.shellitem
This module is also automatically installed if you install the dissect
package.
Usage¶
This package is a library with a few CLI tools, so you primarily interact with it from Python. For example, to open a LNK file for parsing:
from dissect.shellitem.lnk import Lnk
with open("/path/to/file.lnk", "rb") as fh:
lnk = Lnk(fh)
# Print the string representation of the parsed LNK file to see available fields
print(lnk)
Tools¶
parse-lnk - CLI interface¶
Utility to parse LNK files.
parse-lnk [-h] [-v] paths [paths ...]
parse-lnk positional arguments¶
paths
- Path to .lnk file(s). (default:None
)
parse-lnk optional arguments¶
Reference¶
For more details, please refer to the API documentation of dissect.shellitem
.