I am trying to read the LNK file not the target of the shortcut. The following PowerShell code reads the target of the shortcut into the variable rather than the shortcut file itself.
Here is the code that I used to create the LNK:
New-Item -ItemType SymbolicLink -Path $env:USERPROFILE\Desktop -Name "test.lnk" -Value "C:\Windows\System32\alg.exe"
Here is the code to read the LNK:
$file_data = Get-Content -Encoding Byte $env:USERPROFILE\Desktop\test.lnk
$encoded = [System.Convert]::ToBase64String($file_data)
Here is the contents of the variable $encoded
PS C:\Users\Administrator> $encoded
TVqQAAMAAAA
I have truncated the content here, but TVqQAAMAAAA
is base64 for the first bytes of a Windows PE file: MZ.....
.
Here is the contents of the variable $file_data
:
PS C:\Users\Administrator> $file_data
77
90
144
I have truncated this, but 77 90
is enough to see that this is MZ
which is the magic bytes for a PE executable that is the target of the LNK not the LNK itself.
The first characters of the resulting data should be TAAAAAEUA
in base64 or 76 0 0 0 1 20 2 0
in integers if this has read what I need. These are the magic bytes for a LNK file.
How do I read the bytes of the shortcut itself into the variable?
CodePudding user response:
Your later edits inadvertently changed the premise of your question: you're confusing shortcut files (.lnk
) - a Windows (GUI) shell file format - with symbolic links - a file-system-level redirection to another file.
What your New-Item
call creates is a symbolic link, not a shortcut file, even though you happened to choose the same filename extension (.lnk
) - in other words: the resulting file-system entry is not valid shortcut file, and, due it being a symbolic link, accessing it with Get-Content
indeed transparently redirects to the target of the symbolic link and reads its content.
- To determine a given symbolic link's target path, you needn't read its content, just use something like
(Get-Item $env:USERPROFILE\Desktop\mylink).Target
This answer addresses the original form of your question, relating to - true - shortcut files (.lnk
), which can not be created with New-Item
(see this answer for how to create them via COM):
$file_data = Get-Content -Encoding Byte $env:USERPROFILE\Desktop\test.lnk
does read the .lnk
file itself (into an [object[]]
array of [byte]
instances), and not whatever executable the .lnk
file happens to point to.
Unlike with symbolic links or other NTFS reparse points, no transparent redirection happens when a shortcut file (.lnk
) is targeted, because to the file system such files are just regular files. It is the Windows (GUI) shell that interprets such files as pointing elsewhere (to an executable with arguments or to a document).
As an aside:
A more efficient way to read a file as raw bytes is to combine
-Encoding Byte
with-Raw
in aGet-Content
call, which reads the file as a whole in a single operation and returns a strongly typed[byte[]]
array.Also note that in PowerShell (Core) 7
-AsByteStream
must be used in lieu of-Encoding Byte
.