Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for detecting trailing non-LNK data #49

Open
wxsBSD opened this issue Jul 27, 2022 · 0 comments
Open

Support for detecting trailing non-LNK data #49

wxsBSD opened this issue Jul 27, 2022 · 0 comments
Labels
enhancement

Comments

@wxsBSD
Copy link

wxsBSD commented Jul 27, 2022

Some LNK files have data appended to the end. It would be useful if liblnk could detect that there is data at the end of the file and represent it as an offset value so it can be easily carved out. a8fac75d06cf1d4e30f9b118a962a24413d046dec622bd17dd594250252543e9 is one example of a LNK with a PE appended to the end of it. While easy to find the PE I have other examples with encrypted/compressed data on the end that are not easily recognizable.
@joachimmetz joachimmetz changed the title Support for overlay detection Support for detecting trailing non-LNK data Feb 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wxsBSD @joachimmetz