-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathGet-ShortcutProperties.ps1
115 lines (105 loc) · 4.23 KB
/
Get-ShortcutProperties.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
function Get-ShortcutProperties
{
<#
.SYNOPSIS
Get information about a Shortcut (.lnk file)
.DESCRIPTION
Get information about a Shortcut (.lnk file)
.PARAMETER Path
Path to the .lnk file to be analyzed
.EXAMPLE
Get-Shortcut -Path 'C:\C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\note.lnk'
.OUTPUTS
TargetPath : C:\Windows\notepad.exe
Target : notepad.exe
Arguments : Startup.txt
LinkName : note.lnk
LinkPath : C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
WindowStyle : Minimized (7)
IconLocation : C:\windows\notepad.exe,0
Description : Create a new textfile on startup
Attributes : -a-h-
Hotkey :
RunAsAdmin : False
.NOTES
Author: Beery, Christopher (https://github.com/zweilosec)
Created: 15 Jul 2022
Last Modified: 15 Jul 2022
#>
[CmdletBinding()]
param
(
[string]
$Path
)
begin
{
$obj = New-Object -ComObject WScript.Shell
function ConvertDecimaltoBinary
{
param($in)
[string]$a += [convert]::ToString([int32]$in,2)
return $a
}
}
process
{
if (Test-Path -Path $Path)
{
$ResolveFile = Resolve-Path -Path $Path
if ($ResolveFile.count -gt 1)
{
Write-Error -Message "ERROR: [$Path] resolves to more than 1 file."
}
else
{
Write-Verbose -Message "Getting details for $Path."
$ResolveFile = Get-Item -Path $ResolveFile -Force
if ($ResolveFile.Extension -eq '.lnk')
{
$link = $obj.CreateShortcut($ResolveFile.FullName)
Write-Verbose -Message "Testing if the shortcut runs as admin"
$AdminTest = [System.IO.File]::ReadAllBytes($Path)[0x15]
$binAdminTest = ConvertDecimaltoBinary -in $AdminTest
if ($binAdminTest.substring(1,1) -eq '1')
{
$AsAdmin = $True
}
else
{
$AsAdmin = $False
}
Write-Verbose "AsAdmin is $AsAdmin"
Write-Verbose "AdminTest is $binAdminTest"
$info = [PSCustomObject]@{
TargetPath = $link.TargetPath
Target = $(try {Split-Path -Path $link.TargetPath -Leaf } catch { '' })
Arguments = $link.Arguments
LinkName = $(try { Split-Path -Path $link.FullName -Leaf } catch { '' })
LinkPath = $(try { Split-Path -Path $link.FullName } catch { '' })
WindowStyle = $(Switch ($link.WindowStyle)
{
7 {"Minimized (7)"}
3 {"Maximized (3)"}
1 {"Default (1)"}
})
IconLocation = $link.IconLocation
Description = $link.Description
Attributes = $((Get-ItemProperty $Path).Mode)
Hotkey = $link.Hotkey
RunAsAdmin = $AsAdmin
}
Write-Output $info
}
else
{
Write-Error -Message 'File xtension is not .lnk'
}
}
}
else
{
Write-Error -Message "ERROR: File [$Path] does not exist"
}
}
}