Pages

Sunday, 10 December 2017

IRIS-H (alpha): Added LNK files "Console Data Block" structure parser

Quick Summary

Build Version: 0.0.1(alpha)
Change Type: feature update
Affected Components: API
Short Description: Parser for LNK files "Console Data Block" structure has been added. The parser will attempt to extract all relevant data stored in "Console Data Block" structures. The information about Console Window is stored in these structures.
Outstanding Tasks: None

Detailed Summary

IRIS-H Shell Link (.LNK) file parser has been updated to include data extraction routine for "Console Data Block" structuresThe ConsoleDataBlock structure specifies the display settings to use when a link target specifies an application that is run in a console window. Below are just some examples of data stored in these structures:

  • foreground and background text colors in the console window.
  • foreground and background text color in the console window popup.
  • console window buffer size.
  • console window size.
  • console window origins coordinates.
  • font information.
  • cursor information.
  • edit settings.
Below screenshot show an example of "Console Data Block" data extracted by IRIS-H.

IRIS-H report showing "Console Data Block" data