lnk_parser
is a full rust implementation to parse windows LNK files. The parsed data could formatted to JSON, JSONL and CSV (default).
Start by adding the lib to your Cargo.toml
file as follows:
lnk_parser = "0.1.0"
or from the GitHub repo (latest updates):
lnk_parser = { git="https://github.com/AbdulRhmanAlfaifi/lnk_parser" }
Here is an example of using the lib to parse LNK file from path:
use std::fs::File;
fn main(){
// Open the LNK file
let file = File::open("samples\\WIN10\\1607_14393\\windows_generated.lnk").unwrap();
// Pass the `File` instance to `from_reader` function.
// `std::fs::File` implements `Read` & `Seek` traits.
let lnk_file = LNKParser::from_reader(file);
println!("{:?}", lnk_file);
}
sample output in JSON format:
{
"target_full_path": "C:\\Users\\u0041\\Desktop\\test\\test.txt",
"lnk_file_metadata": {
"full_path": "C:\\Users\\u0041\\Documents\\Projects\\LNKParser-rs\\samples\\WIN10\\1607_14393\\windows_generated.lnk",
"mtime": "2021-02-08T12:52:20Z",
"atime": "2021-02-13T19:14:07Z",
"ctime": "2021-02-08T12:52:13Z"
},
"shell_link_header": {
"file_attr": [
"ARCHIVE"
],
"mtime": "2021-02-08T12:41:58Z",
"atime": "2021-02-08T12:41:03Z",
"ctime": "2021-02-08T12:41:03Z",
"file_size": 4
},
"link_target_id_list": {
"id_list": [
{
"shell_item_data": {
"FileEntry": {
"is_file": false,
"file_size": 0,
"last_modified": "2021-02-08T12:46:24Z",
"file_attr_flags": [
"DIRECTORY"
],
"name": "test",
"extention_block": {
"ctime": "2021-02-08T12:46:24Z",
"atime": "2021-02-08T12:46:24Z",
"file_ref": {
"mft_entry": 91461,
"sequence_number": 3
},
"primary_name": "test"
}
}
}
},
{
"shell_item_data": {
"FileEntry": {
"is_file": true,
"file_size": 4,
"last_modified": "2021-02-08T12:42:00Z",
"file_attr_flags": [
"ARCHIVE"
],
"name": "test.txt",
"extention_block": {
"ctime": "2021-02-08T12:41:04Z",
"atime": "2021-02-08T12:41:04Z",
"file_ref": {
"mft_entry": 90070,
"sequence_number": 3
},
"primary_name": "test.txt"
}
}
}
}
]
},
"link_info": {
"volume_id": {
"drive_type": "DRIVE_FIXED",
"serial_number": "E02E-8A93"
},
"local_base_path": "C:\\Users\\u0041\\Desktop\\test\\test.txt"
},
"relative_path": "..\\..\\..\\..\\..\\Desktop\\test\\test.txt",
"working_dir": "C:\\Users\\u0041\\Desktop\\test",
"extra_data": {
"extra_data_blocks": [
{
"Tracker": {
"machine_id": "win10",
"file_droid": "BD4FAD74-6A0A-11EB-8ECF-5076AFA95947",
"file_droid_birth": "BD4FAD74-6A0A-11EB-8ECF-5076AFA95947",
"volume_droid": "00D2581C-4749-44BD-9381-9BDFADF8A9DE",
"volume_droid_birth": "00D2581C-4749-44BD-9381-9BDFADF8A9DE"
}
}
]
}
}
You can download the binary from the release section or from crates.io using the following command:
cargo install lnk_parser
That is it! you can execute as follows:
lnk_parser -h
I wrote a blog post explains the LNK file structure, you can check it out from here.