Created
August 3, 2022 23:52
-
-
Save c3rb3ru5d3d53c/f317e9b5196be475feaf277efb8f4af4 to your computer and use it in GitHub Desktop.
LNK Hex Pattern for ImHex
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // LNK Data Structures | |
| // https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-showwindow | |
| enum SHOWCOMMAND : u16 { | |
| SW_HIDE = 0x0000, | |
| SW_SHOWNORMAL = 0x0001, | |
| SW_SHOWMINIMIZED = 0x0002, | |
| SW_SHOWMAXIMIZED = 0x0003, | |
| SW_SHOWNOACTIVATE = 0x0004, | |
| SW_SHOW = 0x0005, | |
| SW_MINIMIZE = 0x0006, | |
| SW_SHOWMINNOACTIVE = 0x0007, | |
| SW_SHOWNA = 0x0008, | |
| SW_RESTORE = 0x009, | |
| SW_SHOWDEFAULT = 0x000A, | |
| SW_FORCEMINIMIZE = 0x000B | |
| }; | |
| // https://msdn.microsoft.com/en-us/library/windows/desktop/aa364939%28v=vs.85%29.aspx | |
| enum DRIVETYPE : u16 { | |
| DRIVE_UNKNOWN = 0x0000, | |
| DRIVE_NO_ROOT_DIR = 0x0001, | |
| DRIVE_REMOVABLE = 0x0002, | |
| DRIVE_FIXED = 0x0003, | |
| DRIVE_REMOTE = 0x0004, | |
| DRIVE_CDROM = 0x0005 | |
| }; | |
| // https://msdn.microsoft.com/en-us/library/windows/desktop/gg258117%28v=vs.85%29.aspx | |
| bitfield FileAttributes { | |
| FILE_ATTRIBUTE_READONLY : 1; | |
| FILE_ATTRIBUTE_HIDDEN : 1; | |
| FILE_ATTRIBUTE_SYSTEM : 1; | |
| FILE_ATTRIBUTE_VOLUME_LABEL : 1; | |
| FILE_ATTRIBUTE_DIRECTORY : 1; | |
| FILE_ATTRIBUTE_ARCHIVE : 1; | |
| FILE_ATTRIBUTE_NORMAL : 1; | |
| FILE_ATTRIBUTE_TEMPORARY : 1; | |
| FILE_ATTRIBUTE_SPARSE_FILE : 1; | |
| FILE_ATTRIBUTE_REPARSE_POINT : 1; | |
| FILE_ATTRIBUTE_COMPRESSED : 1; | |
| FILE_ATTRIBUTE_OFFLINE : 1; | |
| FILE_ATTRIBUTE_NOT_CONTENT_INDEXED : 1; | |
| FILE_ATTRIBUTE_ENCRYPTED : 1; | |
| FILE_ATTRIBUTE_INTEGRITY_STREAM : 1; | |
| FILE_ATTRIBUTE_VIRTUAL : 1; | |
| }; | |
| struct GUID { | |
| u8 b[16]; | |
| }; | |
| struct FILETIME { | |
| u32 dwLowDateTime; | |
| u32 dwHighDateTime; | |
| }; | |
| bitfield LinkFlags { | |
| HasLinkTargetIDList : 1; | |
| HasLinkInfo : 1; | |
| HasName : 1; | |
| HasRelativePath : 1; | |
| HasWorkingDir : 1; | |
| HasArguments : 1; | |
| HasIconLocation : 1; | |
| IsUnicode : 1; | |
| ForceNoLinkInfo : 1; | |
| HasExpString : 1; | |
| RunInSeparateProcess : 1; | |
| Unused1 : 1; | |
| HasDarwinID : 1; | |
| RunAsUser : 1; | |
| HasExpIcon : 1; | |
| NoPidlAlias : 1; | |
| Unused2 : 1; | |
| RunWithShimLayer : 1; | |
| ForceNoLinkTrack : 1; | |
| EnableTargetMetadata : 1; | |
| DisableLinkPathTracking : 1; | |
| DisableKnownFolderTracking : 1; | |
| DisableKnownFolderAlias : 1; | |
| AllowLinkToLink : 1; | |
| UnaliasOnSave : 1; | |
| PreferEnvironmentPath : 1; | |
| KeepLocalIDListForUNCTarget : 1; | |
| Unused : 5; | |
| }; | |
| struct LNKHeader { | |
| u32 HeaderSize; | |
| GUID LinkCLSID; | |
| LinkFlags sLinkFlags; | |
| FileAttributes sFileAttributes; | |
| FILETIME CreationTime; | |
| FILETIME AccessTime; | |
| FILETIME WriteTime; | |
| u32 FileSize; | |
| u32 IconIndex; | |
| SHOWCOMMAND ShowCommand; | |
| u16 HotKey; | |
| u16 Reserved1; | |
| u32 Reserved2; | |
| u32 Reserved3; | |
| }; | |
| LNKHeader lnkHeader @ 0x00; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment