From 045fbbefa5a86e960dc28108f12424a58e45e790 Mon Sep 17 00:00:00 2001 From: Moshe Kaplan Date: Thu, 2 Feb 2017 16:31:09 -0500 Subject: [PATCH 1/3] Added Initial attempt at lnk_service --- lnk_service/LICENSE | 339 +++++++++++++++++++++++++ lnk_service/README.md | 12 + lnk_service/__init__.py | 1 + lnk_service/pylnker.py | 452 +++++++++++++++++++++++++++++++++ lnk_service/pylnker_service.py | 31 +++ 5 files changed, 835 insertions(+) create mode 100644 lnk_service/LICENSE create mode 100644 lnk_service/README.md create mode 100644 lnk_service/__init__.py create mode 100644 lnk_service/pylnker.py create mode 100644 lnk_service/pylnker_service.py diff --git a/lnk_service/LICENSE b/lnk_service/LICENSE new file mode 100644 index 00000000..ac4c4ef5 --- /dev/null +++ b/lnk_service/LICENSE @@ -0,0 +1,339 @@ +GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + {description} + Copyright (C) {year} {fullname} + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + {signature of Ty Coon}, 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. \ No newline at end of file diff --git a/lnk_service/README.md b/lnk_service/README.md new file mode 100644 index 00000000..f4f242b7 --- /dev/null +++ b/lnk_service/README.md @@ -0,0 +1,12 @@ +pylnker +======= + +This service parses Windows .lnk files. + +Original Python code is from: https://github.com/HarmJ0y/pylnker + +Heavily edited for use in crits by Moshe Kaplan +https://github.com/moshekaplan/pylnker + +Usage: + ./pylnker.py .LNK_FILE diff --git a/lnk_service/__init__.py b/lnk_service/__init__.py new file mode 100644 index 00000000..b91d4a5f --- /dev/null +++ b/lnk_service/__init__.py @@ -0,0 +1 @@ +from pylnker_service import LnkService \ No newline at end of file diff --git a/lnk_service/pylnker.py b/lnk_service/pylnker.py new file mode 100644 index 00000000..4c1d7ecf --- /dev/null +++ b/lnk_service/pylnker.py @@ -0,0 +1,452 @@ +#!/usr/bin/python + +# This is a quick and dirty port of lnk-parse-1.0.pl found here: +# https://code.google.com/p/revealertoolkit/source/browse/trunk/tools/lnk-parse-1.0.pl +# Windows LNK file parser - Jacob Cunningham - jakec76@users.sourceforge.net +# Based on the contents of the document: +# http://www.i2s-lab.com/Papers/The_Windows_Shortcut_File_Format.pdf +# v1.0 + +# LICENSE: GPL v2 + +import sys, struct, datetime, binascii + + +# HASH of flag attributes +flag_hash = [["",""] for _ in xrange(7)] +flag_hash[0][1] = "HAS SHELLIDLIST" +flag_hash[0][0] = "NO SHELLIDLIST" +flag_hash[1][1] = "POINTS TO FILE/DIR" +flag_hash[1][0] = "NOT POINT TO FILE/DIR" +flag_hash[2][1] = "HAS DESCRIPTION" +flag_hash[2][0] = "NO DESCRIPTION" +flag_hash[3][1] = "HAS RELATIVE PATH STRING" +flag_hash[3][0] = "NO RELATIVE PATH STRING" +flag_hash[4][1] = "HAS WORKING DIRECTORY" +flag_hash[4][0] = "NO WORKING DIRECTORY" +flag_hash[5][1] = "HAS CMD LINE ARGS" +flag_hash[5][0] = "NO CMD LINE ARGS" +flag_hash[6][1] = "HAS CUSTOM ICON" +flag_hash[6][0] = "NO CUSTOM ICON" + +# HASH of FileAttributes +file_hash = [["",""] for _ in xrange(15)] +file_hash[0][1] = "READ ONLY TARGET" +file_hash[1][1] = "HIDDEN TARGET" +file_hash[2][1] = "SYSTEM FILE TARGET" +file_hash[3][1] = "VOLUME LABEL TARGET (not possible)" +file_hash[4][1] = "DIRECTORY TARGET" +file_hash[5][1] = "ARCHIVE" +file_hash[6][1] = "NTFS EFS" +file_hash[7][1] = "NORMAL TARGET" +file_hash[8][1] = "TEMP. TARGET" +file_hash[9][1] = "SPARSE TARGET" +file_hash[10][1] = "REPARSE POINT DATA TARGET" +file_hash[11][1] = "COMPRESSED TARGET" +file_hash[12][1] = "TARGET OFFLINE" +file_hash[13][1] = "NOT_CONTENT_INDEXED" +file_hash[14][1] = "ENCRYPTED" + +#Hash of ShowWnd values +show_wnd_hash = [[""] for _ in xrange(11)] +show_wnd_hash[0] = "SW_HIDE" +show_wnd_hash[1] = "SW_NORMAL" +show_wnd_hash[2] = "SW_SHOWMINIMIZED" +show_wnd_hash[3] = "SW_SHOWMAXIMIZED" +show_wnd_hash[4] = "SW_SHOWNOACTIVE" +show_wnd_hash[5] = "SW_SHOW" +show_wnd_hash[6] = "SW_MINIMIZE" +show_wnd_hash[7] = "SW_SHOWMINNOACTIVE" +show_wnd_hash[8] = "SW_SHOWNA" +show_wnd_hash[9] = "SW_RESTORE" +show_wnd_hash[10] = "SW_SHOWDEFAULT" + +# Hash for Volume types +vol_type_hash = [[""] for _ in xrange(7)] +vol_type_hash[0] = "Unknown" +vol_type_hash[1] = "No root directory" +vol_type_hash[2] = "Removable (Floppy,Zip,USB,etc.)" +vol_type_hash[3] = "Fixed (Hard Disk)" +vol_type_hash[4] = "Remote (Network Drive)" +vol_type_hash[5] = "CD-ROM" +vol_type_hash[6] = "RAM Drive" + + +def reverse_hex(HEXDATE): + hexVals = [HEXDATE[i:i + 2] for i in xrange(0, 16, 2)] + reversedHexVals = hexVals[::-1] + return ''.join(reversedHexVals) + + +def assert_lnk_signature(f): + f.seek(0) + sig = f.read(4) + guid = f.read(16) + if sig != 'L\x00\x00\x00': + raise Exception("This is not a .lnk file.") + if guid != '\x01\x14\x02\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00F': + raise Exception("Cannot read this kind of .lnk file.") + + +# read COUNT bytes at LOC and unpack into binary +def read_unpack_bin(f, loc, count): + + # jump to the specified location + f.seek(loc) + + raw = f.read(count) + result = "" + + for b in raw: + result += ("{0:08b}".format(ord(b)))[::-1] + + return result + + +# read COUNT bytes at LOC and unpack into ascii +def read_unpack_ascii(f,loc,count): + + # jump to the specified location + f.seek(loc) + + # should interpret as ascii automagically + return f.read(count) + + +# read COUNT bytes at LOC +def read_unpack(f, loc, count): + + # jump to the specified location + f.seek(loc) + + raw = f.read(count) + result = "" + + for b in raw: + result += binascii.hexlify(b) + + return result + + +# Read a null terminated string from the specified location. +def read_null_term(f, loc): + + # jump to the start position + f.seek(loc) + + result = "" + b = f.read(1) + + while b != "\x00": + result += str(b) + b = f.read(1) + + return result + + +# adapted from pylink.py +def ms_time_to_unix(windows_time): + unix_time = windows_time / 10000000.0 - 11644473600 + return datetime.datetime.fromtimestamp(unix_time) + + +def add_info(f,loc): + + tmp_len_hex = reverse_hex(read_unpack(f,loc,1)) + tmp_len = 2 * int(tmp_len_hex, 16) + + loc += 1 + + if (tmp_len != 0): + tmp_string = read_unpack_ascii(f, loc, tmp_len) + now_loc = f.tell() + return (tmp_string, now_loc) + else: + now_loc = f.tell() + return (None, now_loc) + + +def parse_lnk(filename, f): + # Dictionary for storing all of the LNK's attributes + lnk_info = {} + lnk_info['filename'] = filename + + assert_lnk_signature(f) + + # get the flag bits + flags = read_unpack_bin(f,20,1) + flag_desc = list() + + # flags are only the first 7 bits + for cnt in xrange(len(flags)-1): + bit = int(flags[cnt]) + # grab the description for this bit + flag_desc.append(flag_hash[cnt][bit]) + + lnk_info['link flags'] = flag_desc + + # File Attributes 4bytes@18h = 24d + # Only a non-zero if "Flag bit 1" above is set to 1 + if flags[1]=="1": + file_attrib = read_unpack_bin(f,24,2) + lnk_info['file_attrib'] = file_hash[file_attrib.index("1")][1] + + # Create time 8bytes @ 1ch = 28 + create_time = int(reverse_hex(read_unpack(f,28,8)), 16) + if create_time != 0: + lnk_info['create_time'] = ms_time_to_unix(create_time) + else: + lnk_info['create_time'] = "Not set" + + # Access time 8 bytes@ 0x24 = 36D + access_time = int(reverse_hex(read_unpack(f,36,8)),16) + if access_time != 0: + lnk_info['access_time'] = ms_time_to_unix(access_time) + else: + lnk_info['access_time'] = "Not set" + + # Modified Time8b @ 0x2C = 44D + modified_time = int(reverse_hex(read_unpack(f,44,8)), 16) + if create_time != 0: + lnk_info['modified_time'] = ms_time_to_unix(modified_time) + else: + lnk_info['modified_time'] = "Not set" + + + # Target File length starts @ 34h = 52d + length_hex = reverse_hex(read_unpack(f,52,4)) + length = int(length_hex, 16) + lnk_info['target_length'] = length + + # Icon File info starts @ 38h = 56d + icon_index_hex = reverse_hex(read_unpack(f,56,4)) + icon_index = int(icon_index_hex, 16) + lnk_info['icon_index'] = icon_index + + # show windows starts @3Ch = 60d + show_wnd_hex = reverse_hex(read_unpack(f,60,1)) + show_wnd = int(show_wnd_hex, 16) + lnk_info['showwnd'] = show_wnd_hash[show_wnd] + + + # hot key starts @40h = 64d + hotkey_hex = reverse_hex(read_unpack(f,64,4)) + hotkey = int(hotkey_hex, 16) + lnk_info['hotkey'] = hotkey + + + #------------------------------------------------------------------------ + # End of Flag parsing + #------------------------------------------------------------------------ + + # get the number of items + items_hex = reverse_hex(read_unpack(f,76,2)) + items = int(items_hex, 16) + + list_end = 78 + items + + struct_start = list_end + first_off_off = struct_start + 4 + vol_flags_off = struct_start + 8 + local_vol_off = struct_start + 12 + base_path_off = struct_start + 16 + net_vol_off = struct_start + 20 + rem_path_off = struct_start + 24 + + # Structure length + struct_len_hex = reverse_hex(read_unpack(f,struct_start,4)) + struct_len = int(struct_len_hex, 16) + struct_end = struct_start + struct_len + + # First offset after struct - Should be 1C under normal circumstances + first_off = read_unpack(f,first_off_off,1) + + # File location flags + vol_flags = read_unpack_bin(f,vol_flags_off,1) + + lnk_info['target_location'] = "UNKNOWN" + # Local volume table + # Random garbage if bit0 is clear in volume flags + if vol_flags[:2] == "10": + lnk_info['target_location'] = 'local volume' + + # This is the offset of the local volume table within the + # File Info Location Structure + loc_vol_tab_off_hex = reverse_hex(read_unpack(f,local_vol_off,4)) + loc_vol_tab_off = int(loc_vol_tab_off_hex, 16) + + # This is the asolute start location of the local volume table + loc_vol_tab_start = loc_vol_tab_off + struct_start + + # This is the length of the local volume table + local_vol_len_hex = reverse_hex(read_unpack(f,loc_vol_tab_off+struct_start,4)) + local_vol_len = int(local_vol_len_hex, 16) + + # We now have enough info to + # Calculate the end of the local volume table. + local_vol_tab_end = loc_vol_tab_start + local_vol_len + + # This is the volume type + curr_tab_offset = loc_vol_tab_off + struct_start + 4 + vol_type_hex = reverse_hex(read_unpack(f,curr_tab_offset,4)) + vol_type = int(vol_type_hex, 16) + lnk_info['volume_type'] = vol_type_hash[vol_type] + + # Volume Serial Number + curr_tab_offset = loc_vol_tab_off + struct_start + 8 + vol_serial = reverse_hex(read_unpack(f,curr_tab_offset,4)) + lnk_info['volume_serial'] = vol_serial + + # Get the location, and length of the volume label + vol_label_loc = loc_vol_tab_off + struct_start + 16 + vol_label_len = local_vol_tab_end - vol_label_loc + vol_label = read_unpack_ascii(f,vol_label_loc,vol_label_len); + lnk_info['volume_label'] = vol_label + + #------------------------------------------------------------------------ + # This is the offset of the base path info within the + # File Info structure + #------------------------------------------------------------------------ + + base_path_off_hex = reverse_hex(read_unpack(f,base_path_off,4)) + base_path_off = struct_start + int(base_path_off_hex, 16) + + # Read base path data upto NULL term + base_path = read_null_term(f,base_path_off) + lnk_info['base_path'] = base_path + + # Network Volume Table + elif vol_flags[:2] == "01": + # TODO: test this section! + lnk_info['target_location'] = 'network share' + + net_vol_off_hex = reverse_hex(read_unpack(f,net_vol_off,4)) + net_vol_off = struct_start + int(net_vol_off_hex, 16) + net_vol_len_hex = reverse_hex(read_unpack(f,net_vol_off,4)) + #net_vol_len = struct_start + int(net_vol_len_hex, 16) + + # Network Share Name + net_share_name_off = net_vol_off + 8 + net_share_name_loc_hex = reverse_hex(read_unpack(f,net_share_name_off,4)) + net_share_name_loc = int(net_share_name_loc_hex, 16) + + if net_share_name_loc != 20: + raise Exception(" [!] Error: NSN ofset should always be 14h\n") + + net_share_name_loc = net_vol_off + net_share_name_loc + net_share_name = read_null_term(f,net_share_name_loc) + lnk_info['net_share_name'] = net_share_name + + # Mapped Network Drive Info + net_share_mdrive = net_vol_off + 12 + net_share_mdrive_hex = reverse_hex(read_unpack(f,net_share_mdrive,4)) + net_share_mdrive = int(net_share_mdrive_hex, 16) + + if(net_share_mdrive != 0): + net_share_mdrive = net_vol_off + net_share_mdrive + mapped_drive = read_null_term(f,net_share_mdrive) + lnk_info['mapped_drive'] = mapped_drive + + else: + raise Exception(" [!] Error: unknown volume flags") + + + # Remaining path + rem_path_off_hex = reverse_hex(read_unpack(f,rem_path_off,4)) + rem_path_off = struct_start +int(rem_path_off_hex, 16) + rem_data = read_null_term(f,rem_path_off); + lnk_info['remaining_path'] = rem_data + + #------------------------------------------------------------------------ + # End of FileInfo Structure + #------------------------------------------------------------------------ + + # The next starting location is the end of the structure + next_loc = struct_end + addnl_text = "" + + if flags[2]=="1": + addnl_text,next_loc = add_info(f,next_loc) + lnk_info['description'] = addnl_text + next_loc = next_loc + 1 + + if flags[3]=="1": + addnl_text,next_loc = add_info(f,next_loc) + lnk_info['relative_path'] = addnl_text.decode('utf-16be', errors='ignore') + next_loc = next_loc + 1 + + if flags[4]=="1": + addnl_text,next_loc = add_info(f,next_loc) + lnk_info['working_dir'] = addnl_text.decode('utf-16be', errors='ignore') + next_loc = next_loc + 1 + + if flags[5]=="1": + addnl_text,next_loc = add_info(f,next_loc) + lnk_info['command_line'] = addnl_text.decode('utf-16be', errors='ignore') + next_loc = next_loc + 1 + + if flags[6]=="1": + addnl_text,next_loc = add_info(f,next_loc) + lnk_info['icon_filename'] = addnl_text.decode('utf-16be', errors='ignore') + + return lnk_info + + +def format_output(lnk_info): + output = "" + output += "Lnk File: " + lnk_info['filename'] + "\n" + output += "Link Flags: " + " | ".join(lnk_info['link flags']) + "\n" + if 'file_attrib' in lnk_info: + output += "File Attributes: " + lnk_info['file_attrib'] + "\n" + output += "Create Time: " + str(lnk_info['create_time']) + "\n" + output += "Access Time: " + str(lnk_info['access_time']) + "\n" + output += "Modified Time: " + str(lnk_info['modified_time']) + "\n" + + output += "Target length: " + str(lnk_info['target_length']) + "\n" + output += "Icon Index: " + str(lnk_info['icon_index']) + "\n" + output += "ShowWnd: " + str(lnk_info['showwnd']) + "\n" + output += "HotKey: " + str(lnk_info['hotkey']) + "\n" + + output += "Target is on: %s\n" % lnk_info['target_location'] + if lnk_info['target_location'] == 'local volume': + output += "Volume Type: %s\n" % lnk_info['volume_type'] + output += "Volume Serial: " + str(lnk_info['volume_serial']) + "\n" + output += "Volume Label: " + str(lnk_info['volume_label']) + "\n" + output += "Base Path: " + str(lnk_info['base_path']) + "\n" + + if lnk_info['target_location'] == 'network share': + output += "Network Share Name: %s\n" % lnk_info['net_share_name'] + if 'mapped_drive' in lnk_info: + output += "Mapped Drive: %s\n" % lnk_info['mapped_drive'] + + output += "(App Path:) Remaining Path: "+str(lnk_info['remaining_path']) + "\n" + + # The following are optional fields: + if 'description' in lnk_info: + output += "Description: %s\n" % lnk_info['description'] + if 'relative_path' in lnk_info: + output += "Relative Path: %s\n" % lnk_info['relative_path'] + if 'working_dir' in lnk_info: + output += "Working Dir: %s\n" % lnk_info['working_dir'] + if 'command_line' in lnk_info: + output += "Command Line: %s\n" % lnk_info['command_line'] + if 'icon_filename' in lnk_info: + output += "Icon filename: %s\n" % lnk_info['icon_filename'] + + return output + +def usage(): + print "Usage: ./pylnker.py .LNK_FILE" + sys.exit(1) + + +if __name__ == "__main__": + + if len(sys.argv) != 2: + usage() + + filename = sys.argv[1] + + with open(filename, 'rb') as f: + lnk_info = parse_lnk(filename, f) + print format_output(lnk_info) \ No newline at end of file diff --git a/lnk_service/pylnker_service.py b/lnk_service/pylnker_service.py new file mode 100644 index 00000000..ce861b8e --- /dev/null +++ b/lnk_service/pylnker_service.py @@ -0,0 +1,31 @@ +from crits.services.core import Service + +from . import pylnker + +class LnkService(Service): + name = "LnkService" + version = "0.0.1" + supported_types = ['Sample'] + description = "Extracts the command from an LNK file" + + def run(self, obj, config): + fname = obj.filename + fh = obj.filedata + fh.seek(0) + try: + lnk_info = pylnker.parse_lnk(fname, fh) + + _add_result(self, "Target Location", lnk_info['target_location']) + if lnk_info['target_location'] == 'local volume': + _add_result(self, "Base Path", lnk_info['base_path']) + elif lnk_info['target_location'] == 'network share': + _add_result(self, "Network Share Name", lnk_info['net_share_name']) + + if 'command_line' in lnk_info: + _add_result(self, "Command Line", lnk_info['command_line']) + if 'icon_filename' in lnk_info: + _add_result(self, "Icon filename", lnk_info['icon_filename']) + + except Exception(e): + self._error("Cannot parse file: %s" % str(e)) + return \ No newline at end of file From 653bfad3222246e5d4886ba0d60e44e7abe09777 Mon Sep 17 00:00:00 2001 From: Moshe Kaplan Date: Mon, 6 Feb 2017 14:22:30 -0500 Subject: [PATCH 2/3] Fix function calls --- lnk_service/pylnker_service.py | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/lnk_service/pylnker_service.py b/lnk_service/pylnker_service.py index ce861b8e..e0f45eba 100644 --- a/lnk_service/pylnker_service.py +++ b/lnk_service/pylnker_service.py @@ -4,9 +4,9 @@ class LnkService(Service): name = "LnkService" - version = "0.0.1" + version = "0.1" supported_types = ['Sample'] - description = "Extracts the command from an LNK file" + description = "Parses features from an LNK file" def run(self, obj, config): fname = obj.filename @@ -14,18 +14,19 @@ def run(self, obj, config): fh.seek(0) try: lnk_info = pylnker.parse_lnk(fname, fh) - - _add_result(self, "Target Location", lnk_info['target_location']) + self._add_result("Target Location", lnk_info['target_location']) if lnk_info['target_location'] == 'local volume': - _add_result(self, "Base Path", lnk_info['base_path']) + self._add_result("Base Path", lnk_info['base_path']) elif lnk_info['target_location'] == 'network share': - _add_result(self, "Network Share Name", lnk_info['net_share_name']) + self._add_result("Network Share Name", lnk_info['net_share_name']) if 'command_line' in lnk_info: - _add_result(self, "Command Line", lnk_info['command_line']) + self._add_result("Command Line", lnk_info['command_line']) if 'icon_filename' in lnk_info: - _add_result(self, "Icon filename", lnk_info['icon_filename']) + self._add_result("Icon filename", lnk_info['icon_filename']) - except Exception(e): - self._error("Cannot parse file: %s" % str(e)) - return \ No newline at end of file + except Exception as E: + import traceback + tb = traceback.format_exc() + self._error("Cannot parse file: %s" % str(tb)) + return From a36bf8c3d0ad5cbf7d8285e4c22e55ddfb0d091b Mon Sep 17 00:00:00 2001 From: Moshe Kaplan Date: Tue, 7 Feb 2017 09:37:13 -0500 Subject: [PATCH 3/3] Remove GPLv2 License Only `pylnker.py` is licensed under GPL v2, not the rest of the Service. --- lnk_service/LICENSE | 339 -------------------------------------------- 1 file changed, 339 deletions(-) delete mode 100644 lnk_service/LICENSE diff --git a/lnk_service/LICENSE b/lnk_service/LICENSE deleted file mode 100644 index ac4c4ef5..00000000 --- a/lnk_service/LICENSE +++ /dev/null @@ -1,339 +0,0 @@ -GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - {description} - Copyright (C) {year} {fullname} - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - {signature of Ty Coon}, 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. \ No newline at end of file