public ShellBagCDBurn(byte[] rawBytes)
{
ShortName = string.Empty;
PropertyStore = new PropertyStore();
ExtensionBlocks = new List <IExtensionBlock>();
FriendlyName = "CDBurn";
var index = 8; //reset index to after signature
index += 4; //skip 4 unknown
index += 4; //skip 4 unknown
index += 4; //skip 4 unknown
var chunks = new List <byte[]>();
while (index < rawBytes.Length)
{
var subshellitemdatasize = BitConverter.ToInt16(rawBytes, index);
index += 2;
if (subshellitemdatasize <= 0)
{
break;
}
if (subshellitemdatasize == 1)
{
//some kind of separator
index += 2;
}
else
{
chunks.Add(rawBytes.Skip(index).Take(subshellitemdatasize).ToArray());
index += subshellitemdatasize;
}
}
var oldIndex = index;
//if (chunks.Count != 2)
//{
// Debug.WriteLine(chunks.Count);
//}
foreach (var bytes in chunks)
{
index = 0;
var typeIndicator = bytes[index];
index += 1;
index += 1; //skip unknown empty value
var filesize = BitConverter.ToInt32(rawBytes, index);
index += 4;
FileSize = filesize;
var modDate =
Utils.ExtractDateTimeOffsetFromBytes(bytes.Skip(index).Take(4).ToArray());
LastModificationTime = modDate;
index += 4;
index += 2; //skip 2 bytes for file attributes
var len = 0;
var shortName = string.Empty;
//get position of beef0004
var beefPos = BitConverter.ToString(bytes).IndexOf("04-00-EF-BE", StringComparison.InvariantCulture) /
3;
beefPos = beefPos - 4; //add header back for beef
var strLen = beefPos - index;
if (typeIndicator == 0x35)
{
//unicode
var tempString = Encoding.Unicode.GetString(bytes, index, strLen - 2);
shortName = tempString;
index += strLen;
}
else
{
//ascii
while (bytes[index + len] != 0x0)
{
len += 1;
}
var tempBytes = new byte[len];
Array.Copy(bytes, index, tempBytes, 0, len);
index += len;
shortName = Encoding.ASCII.GetString(tempBytes);
}
ShortName = shortName;
while (bytes[index] == 0x0)
{
index += 1;
}
var extsize = BitConverter.ToInt16(bytes, index);
var signature = BitConverter.ToUInt32(bytes, index + 4);
//TODO does this need to check if its a 0xbeef?? regex?
var block = Utils.GetExtensionBlockFromBytes(signature, bytes.Skip(index).ToArray());
ExtensionBlocks.Add(block);
var beef0004 = block as Beef0004;
if (beef0004 != null)
{
CreatedOnTime = beef0004.CreatedOnTime;
LastAccessTime = beef0004.LastAccessTime;
Value = beef0004.LongName;
}
else
{
Value = "!!! Unable to determine Value !!!";
}
}
if (oldIndex + 5 < rawBytes.Length)
{
index = oldIndex + 2;
_extraBag = new ShellBag0X31(rawBytes.Skip(index).ToArray());
foreach (var ex in _extraBag.ExtensionBlocks)
{
ExtensionBlocks.Add(new BeefPlaceHolder(null));
}
}
}
public ShellBagCDBurn(byte[] rawBytes)
{
ShortName = string.Empty;
PropertyStore = new PropertyStore();
ExtensionBlocks = new List<IExtensionBlock>();
FriendlyName = "CDBurn";
int index = 8; //reset index to after signature
index += 4; //skip 4 unknown
index += 4; //skip 4 unknown
index += 4; //skip 4 unknown
var chunks = new List<byte[]>();
while (index < rawBytes.Length)
{
short subshellitemdatasize = BitConverter.ToInt16(rawBytes, index);
index += 2;
if (subshellitemdatasize <= 0)
{
break;
}
if (subshellitemdatasize == 1)
{
//some kind of separator
index += 2;
}
else
{
chunks.Add(rawBytes.Skip(index).Take(subshellitemdatasize).ToArray());
index += subshellitemdatasize;
}
}
var oldIndex = index;
//if (chunks.Count != 2)
//{
// Debug.WriteLine(chunks.Count);
//}
foreach (var bytes in chunks)
{
index = 0;
byte typeIndicator = bytes[index];
index += 1;
index += 1; //skip unknown empty value
int filesize = BitConverter.ToInt32(rawBytes, index);
index += 4;
FileSize = filesize;
DateTimeOffset? modDate =
Utils.ExtractDateTimeOffsetFromBytes(bytes.Skip(index).Take(4).ToArray());
LastModificationTime = modDate;
index += 4;
index += 2; //skip 2 bytes for file attributes
int len = 0;
string shortName = string.Empty;
//get position of beef0004
var beefPos = BitConverter.ToString(bytes).IndexOf("04-00-EF-BE", StringComparison.InvariantCulture) / 3;
beefPos = beefPos - 4; //add header back for beef
var strLen = beefPos - index;
if (typeIndicator == 0x35)
{
//unicode
var tempString = Encoding.Unicode.GetString(bytes,index, strLen - 2);
shortName = tempString;
index += strLen;
}
else
{
//ascii
while (bytes[index + len] != 0x0)
{
len += 1;
}
var tempBytes = new byte[len];
Array.Copy(bytes, index, tempBytes, 0, len);
index += len;
shortName = Encoding.ASCII.GetString(tempBytes);
}
ShortName = shortName;
while (bytes[index] == 0x0)
{
index += 1;
}
short extsize = BitConverter.ToInt16(bytes, index);
var signature = BitConverter.ToUInt32(bytes, index + 4);
//TODO does this need to check if its a 0xbeef?? regex?
var block = Utils.GetExtensionBlockFromBytes(signature, bytes.Skip(index).ToArray());
ExtensionBlocks.Add(block);
var beef0004 = block as Beef0004;
if (beef0004 != null)
{
CreatedOnTime = beef0004.CreatedOnTime;
LastAccessTime = beef0004.LastAccessTime;
Value = beef0004.LongName;
}
else
{
Value = "!!! Unable to determine Value !!!";
}
}
if (oldIndex+5 < rawBytes.Length)
{
index = oldIndex + 2;
_extraBag = new ShellBag0X31(rawBytes.Skip(index).ToArray());
foreach (var ex in _extraBag.ExtensionBlocks)
{
ExtensionBlocks.Add(new BeefPlaceHolder(null));
}
}
}
public LnkFile(byte[] rawBytes, string sourceFile)
{
RawBytes = rawBytes;
SourceFile = Path.GetFullPath(sourceFile);
var headerBytes = new byte[76];
Buffer.BlockCopy(rawBytes, 0, headerBytes, 0, 76);
Header = new Header(headerBytes);
var fi = new FileInfo(sourceFile);
SourceCreated = new DateTimeOffset(fi.CreationTimeUtc);
SourceModified = new DateTimeOffset(fi.LastWriteTimeUtc);
SourceAccessed = new DateTimeOffset(fi.LastAccessTimeUtc);
if (SourceCreated.Value.Year == 1601)
{
SourceCreated = null;
}
if (SourceModified.Value.Year == 1601)
{
SourceModified = null;
}
if (SourceAccessed.Value.Year == 1601)
{
SourceAccessed = null;
}
var index = 76;
TargetIDs = new List<ShellBag>();
if ((Header.DataFlags & Header.DataFlag.HasTargetIdList) == Header.DataFlag.HasTargetIdList)
{
//process shell items
var shellItemSize = BitConverter.ToInt16(rawBytes, index);
index += 2;
var shellItemBytes = new byte[shellItemSize];
Buffer.BlockCopy(rawBytes, index, shellItemBytes, 0, shellItemSize);
var shellItemsRaw = new List<byte[]>();
var shellItemIndex = 0;
while (shellItemIndex < shellItemBytes.Length)
{
var shellSize = BitConverter.ToUInt16(shellItemBytes, shellItemIndex);
if (shellSize == 0)
{
break;
}
var itemBytes = new byte[shellSize];
Buffer.BlockCopy(shellItemBytes, shellItemIndex, itemBytes, 0, shellSize);
shellItemsRaw.Add(itemBytes);
shellItemIndex += shellSize;
}
//TODO try catch and add placeholder for shellitem when exeption happens? or ?
foreach (var shellItem in shellItemsRaw)
{
switch (shellItem[2])
{
case 0x1f:
var f = new ShellBag0X1F(shellItem);
TargetIDs.Add(f);
break;
case 0x2f:
var ff = new ShellBag0X2F(shellItem);
TargetIDs.Add(ff);
break;
case 0x2e:
var ee = new ShellBag0X2E(shellItem);
TargetIDs.Add(ee);
break;
case 0xbd:
case 0x6e:
var bd = new ShellBagZipContents(shellItem);
TargetIDs.Add(bd);
break;
case 0xb1:
case 0x31:
case 0x35:
var d = new ShellBag0X31(shellItem);
TargetIDs.Add(d);
break;
case 0x36:
case 0x32:
var d2 = new ShellBag0X32(shellItem);
TargetIDs.Add(d2);
break;
case 0x00:
var v0 = new ShellBag0X00(shellItem);
TargetIDs.Add(v0);
break;
case 0x01:
var one = new ShellBag0X01(shellItem);
TargetIDs.Add(one);
break;
case 0x71:
var sevenone = new ShellBag0X71(shellItem);
TargetIDs.Add(sevenone);
break;
case 0x61:
var sixone = new ShellBag0X61(shellItem);
TargetIDs.Add(sixone);
break;
case 0xC3:
var c3 = new ShellBag0Xc3(shellItem);
TargetIDs.Add(c3);
break;
case 0x74:
case 0x77:
var sev = new ShellBag0X74(shellItem);
TargetIDs.Add(sev);
break;
case 0xae:
case 0xaa:
case 0x79:
var ae = new ShellBagZipContents(shellItem);
TargetIDs.Add(ae);
break;
case 0x41:
case 0x42:
case 0x43:
case 0x46:
case 0x47:
var forty = new ShellBag0X40(shellItem);
TargetIDs.Add(forty);
break;
default:
throw new Exception($"Unknown shell item ID: 0x{shellItem[2]:X}. Please send to [email protected] so support can be added.");
}
}
//TODO tie back extra block for SpecialFolderDataBlock and KnownFolderDataBlock??
index += shellItemSize;
}
if ((Header.DataFlags & Header.DataFlag.HasLinkInfo) == Header.DataFlag.HasLinkInfo)
{
var locationItemSize = BitConverter.ToInt32(rawBytes, index);
var locationBytes = new byte[locationItemSize];
Buffer.BlockCopy(rawBytes, index, locationBytes, 0, locationItemSize);
if (locationBytes.Length > 20)
{
var locationInfoHeaderSize = BitConverter.ToInt32(locationBytes, 4);
LocationFlags = (LocationFlag) BitConverter.ToInt32(locationBytes, 8);
var volOffset = BitConverter.ToInt32(locationBytes, 12);
var vbyteSize = BitConverter.ToInt32(locationBytes, volOffset);
var volBytes = new byte[vbyteSize];
Buffer.BlockCopy(locationBytes, volOffset, volBytes, 0, vbyteSize);
if (volOffset > 0)
{
VolumeInfo = new VolumeInfo(volBytes);
}
var localPathOffset = BitConverter.ToInt32(locationBytes, 16);
var networkShareOffset = BitConverter.ToInt32(locationBytes, 20);
if ((LocationFlags & LocationFlag.VolumeIdAndLocalBasePath) == LocationFlag.VolumeIdAndLocalBasePath)
{
LocalPath = Encoding.GetEncoding(1252)
.GetString(locationBytes, localPathOffset, locationBytes.Length - localPathOffset)
.Split('\0')
.First();
}
if ((LocationFlags & LocationFlag.CommonNetworkRelativeLinkAndPathSuffix) ==
LocationFlag.CommonNetworkRelativeLinkAndPathSuffix)
{
var networkShareSize = BitConverter.ToInt32(locationBytes, networkShareOffset);
var networkBytes = new byte[networkShareSize];
Buffer.BlockCopy(locationBytes, networkShareOffset, networkBytes, 0, networkShareSize);
NetworkShareInfo = new NetworkShareInfo(networkBytes);
}
var commonPathOffset = BitConverter.ToInt32(locationBytes, 24);
CommonPath = Encoding.GetEncoding(1252)
.GetString(locationBytes, commonPathOffset, locationBytes.Length - commonPathOffset)
.Split('\0')
.First();
if (locationInfoHeaderSize > 28)
{
var uniLocalOffset = BitConverter.ToInt32(locationBytes, 28);
var unicodeLocalPath = Encoding.Unicode.GetString(locationBytes, uniLocalOffset, locationBytes.Length - uniLocalOffset).Split('\0').First();
LocalPath = unicodeLocalPath;
}
if (locationInfoHeaderSize > 32)
{
var uniCommonOffset = BitConverter.ToInt32(locationBytes, 32);
var unicodeCommonPath = Encoding.Unicode.GetString(locationBytes, uniCommonOffset, locationBytes.Length - uniCommonOffset).Split('\0').First();
CommonPath = unicodeCommonPath;
}
}
index += locationItemSize;
}
if ((Header.DataFlags & Header.DataFlag.HasName) == Header.DataFlag.HasName)
{
var nameLen = BitConverter.ToInt16(rawBytes, index);
index += 2;
if ((Header.DataFlags & Header.DataFlag.IsUnicode) == Header.DataFlag.IsUnicode)
{
Name = Encoding.Unicode.GetString(rawBytes, index, nameLen*2);
index += nameLen;
}
else
{
Name = Encoding.GetEncoding(1252).GetString(rawBytes, index, nameLen);
}
index += nameLen;
}
if ((Header.DataFlags & Header.DataFlag.HasRelativePath) == Header.DataFlag.HasRelativePath)
{
var relLen = BitConverter.ToInt16(rawBytes, index);
index += 2;
if ((Header.DataFlags & Header.DataFlag.IsUnicode) == Header.DataFlag.IsUnicode)
{
RelativePath = Encoding.Unicode.GetString(rawBytes, index, relLen*2);
index += relLen;
}
else
{
RelativePath = Encoding.GetEncoding(1252).GetString(rawBytes, index, relLen);
}
index += relLen;
}
if ((Header.DataFlags & Header.DataFlag.HasWorkingDir) == Header.DataFlag.HasWorkingDir)
{
var workLen = BitConverter.ToInt16(rawBytes, index);
index += 2;
if ((Header.DataFlags & Header.DataFlag.IsUnicode) == Header.DataFlag.IsUnicode)
{
WorkingDirectory = Encoding.Unicode.GetString(rawBytes, index, workLen*2);
index += workLen;
}
else
{
WorkingDirectory = Encoding.GetEncoding(1252).GetString(rawBytes, index, workLen);
}
index += workLen;
}
if ((Header.DataFlags & Header.DataFlag.HasArguments) == Header.DataFlag.HasArguments)
{
var argLen = BitConverter.ToInt16(rawBytes, index);
index += 2;
if ((Header.DataFlags & Header.DataFlag.IsUnicode) == Header.DataFlag.IsUnicode)
{
Arguments = Encoding.Unicode.GetString(rawBytes, index, argLen*2);
index += argLen;
}
else
{
Arguments = Encoding.GetEncoding(1252).GetString(rawBytes, index, argLen);
}
index += argLen;
}
if ((Header.DataFlags & Header.DataFlag.HasIconLocation) == Header.DataFlag.HasIconLocation)
{
var icoLen = BitConverter.ToInt16(rawBytes, index);
index += 2;
if ((Header.DataFlags & Header.DataFlag.IsUnicode) == Header.DataFlag.IsUnicode)
{
IconLocation = Encoding.Unicode.GetString(rawBytes, index, icoLen*2);
index += icoLen;
}
else
{
IconLocation = Encoding.GetEncoding(1252).GetString(rawBytes, index, icoLen);
}
index += icoLen;
}
var extraByteBlocks = new List<byte[]>();
//extra blocks
while (index < rawBytes.Length)
{
var extraSize = BitConverter.ToInt32(rawBytes, index);
if (extraSize == 0)
{
break;
}
var extraBytes = new byte[extraSize];
Buffer.BlockCopy(rawBytes, index, extraBytes, 0, extraSize);
extraByteBlocks.Add(extraBytes);
index += extraSize;
}
ExtraBlocks = new List<ExtraDataBase>();
foreach (var extraBlock in extraByteBlocks)
{
var sig = (ExtraDataTypes) BitConverter.ToInt32(extraBlock, 4);
switch (sig)
{
case ExtraDataTypes.TrackerDataBlock:
var tb = new TrackerDataBaseBlock(extraBlock);
ExtraBlocks.Add(tb);
break;
case ExtraDataTypes.ConsoleDataBlock:
var cdb = new ConsoleDataBlock(extraBlock);
ExtraBlocks.Add(cdb);
break;
case ExtraDataTypes.ConsoleFeDataBlock:
var cfeb = new ConsoleFeDataBlock(extraBlock);
ExtraBlocks.Add(cfeb);
break;
case ExtraDataTypes.DarwinDataBlock:
var db = new DarwinDataBlock(extraBlock);
ExtraBlocks.Add(db);
break;
case ExtraDataTypes.EnvironmentVariableDataBlock:
var eb = new EnvironmentVariableDataBlock(extraBlock);
ExtraBlocks.Add(eb);
break;
case ExtraDataTypes.IconEnvironmentDataBlock:
var ib = new IconEnvironmentDataBlock(extraBlock);
ExtraBlocks.Add(ib);
break;
case ExtraDataTypes.KnownFolderDataBlock:
var kf = new KnownFolderDataBlock(extraBlock);
ExtraBlocks.Add(kf);
break;
case ExtraDataTypes.PropertyStoreDataBlock:
var ps = new PropertyStoreDataBlock(extraBlock);
ExtraBlocks.Add(ps);
break;
case ExtraDataTypes.ShimDataBlock:
var sd = new KnownFolderDataBlock(extraBlock);
ExtraBlocks.Add(sd);
break;
case ExtraDataTypes.SpecialFolderDataBlock:
var sf = new SpecialFolderDataBlock(extraBlock);
ExtraBlocks.Add(sf);
break;
case ExtraDataTypes.VistaAndAboveIdListDataBlock:
var vid = new VistaAndAboveIdListDataBlock(extraBlock);
ExtraBlocks.Add(vid);
break;
default:
throw new Exception(
$"Unknown extra data block signature: 0x{sig:X}. Please send lnk file to [email protected] so support can be added");
}
}
}
public VistaAndAboveIdListDataBlock(byte[] rawBytes)
{
Signature = ExtraDataTypes.VistaAndAboveIdListDataBlock;
Size = BitConverter.ToUInt32(rawBytes, 0);
var index = 8;
//process shell items
var shellItemSize = BitConverter.ToInt16(rawBytes, index);
var shellItemBytes = new byte[shellItemSize];
Buffer.BlockCopy(rawBytes, index, shellItemBytes, 0, shellItemSize);
var shellItemsRaw = new List<byte[]>();
var shellItemIndex = 0;
while (shellItemIndex < shellItemBytes.Length)
{
var shellSize = BitConverter.ToUInt16(shellItemBytes, shellItemIndex);
if (shellSize == 0)
{
break;
}
var itemBytes = new byte[shellSize];
Buffer.BlockCopy(shellItemBytes, shellItemIndex, itemBytes, 0, shellSize);
shellItemsRaw.Add(itemBytes);
shellItemIndex += shellSize;
}
TargetIDs = new List<ShellBag>();
foreach (var bytese in shellItemsRaw)
{
switch (bytese[2])
{
case 0x1f:
var f = new ShellBag0X1F(bytese);
TargetIDs.Add(f);
break;
case 0x2f:
var ff = new ShellBag0X2F(bytese);
TargetIDs.Add(ff);
break;
case 0x2e:
var ee = new ShellBag0X2E(bytese);
TargetIDs.Add(ee);
break;
case 0xb1:
case 0x31:
case 0x35:
var d = new ShellBag0X31(bytese);
TargetIDs.Add(d);
break;
case 0x32:
var d2 = new ShellBag0X32(bytese);
TargetIDs.Add(d2);
break;
case 0x00:
var v0 = new ShellBag0X00(bytese);
TargetIDs.Add(v0);
break;
case 0x01:
var one = new ShellBag0X01(bytese);
TargetIDs.Add(one);
break;
case 0x71:
var sevenone = new ShellBag0X71(bytese);
TargetIDs.Add(sevenone);
break;
case 0x61:
var sixone = new ShellBag0X61(bytese);
TargetIDs.Add(sixone);
break;
case 0xC3:
var c3 = new ShellBag0Xc3(bytese);
TargetIDs.Add(c3);
break;
case 0x74:
case 0x77:
var sev = new ShellBag0X74(bytese);
TargetIDs.Add(sev);
break;
case 0x41:
case 0x42:
case 0x43:
case 0x46:
case 0x47:
var forty = new ShellBag0X40(bytese);
TargetIDs.Add(forty);
break;
default:
throw new Exception($"Unknown item ID: 0x{bytese[2]:X}");
}
}
}
