Parsing the Windows shortcut file format

I have been working on linux projects for a long time and have not come to the VC knowledge base. I 'd like to ask you a good question! Isn't it too late to worship your old age? (I don't mean it's not too late to celebrate the Year August 15 !! Hey hey)
Now, let's get down to the truth. We all know that the IShellLink interface can be used to obtain various attributes of shortcuts. There are many articles on the Internet. Now I want to analyze the format of the shortcut file and write a parsing program myself.
For ease of understanding, after each section is explained, the example data corresponding to the corresponding section of the shortcut is attached with content explanation. Here, the shortcut of Windows Media Player on the desktop is used as an example.

I. Overall file structure

Ii. File Header

For the file header structure, see the following table:

Offset	Size/Type	Description
0 h	1 dword	The value is always CH, which is the character "L"
4 h	16 bytes	GUID
① 14 h	1 dword	Flags is used to identify the optional attributes in the shortcut file. The following table separately explains the meaning of each bit.
② 18 h	1 dword	The properties of the target file, which will be explained later.
1ch	1 qword	File Creation Time
24 h	1 qword	File modification time
2ch	1 qword	Last file access time
34 h	1 dword	Target file length
38 h	1 dword	Number of custom icons,
3ch	1 dword	Display Mode of the target file during execution: 1. Normal display 2. Minimize 3. Maximize
40 h	1 dword	Hotkey
44 h	2 dword	It is unclear that the purpose value is usually 0.

① The flag starting with a 14 h offset indicates the optional attributes, as shown in the following table:

Bit	1 represents
0	Shell item id list
1	Point to a file or folder. If this bit is 0, point to another folder.
2	Description string exists
3	Relative Path
4	Working path exists
5	Command line parameters exist
6	Custom icon exists

② Target file attributes starting with 18 h offset:

Bit	1 represents
0	The destination file indicated by the shortcut has a read-only attribute.
1	The destination file indicated by the shortcut has a hidden attribute.
2	The shortcut indicates that the target file is a system file.
3	The target of the shortcut is the volume label.
4	The destination of the shortcut is a folder.
5	The shortcut indicates that the target file has been changed since the last archive.
6	The target file specified by the shortcut is encrypted.
7	The destination file attribute indicated by the shortcut is normal.
8	The destination file in the shortcut is temporary.
9	The target file referred to by the shortcut is a sparse file)
10	The destination file indicated by the shortcut has reparse point data)
11	The target file indicated by the shortcut is compressed.
12	The target file specified by the shortcut is offline.

Example:

The offset data is interpreted as the guid of the 0000 4c 00 00 character "L" 0004 01 14 02 00 shortcut. The value is fixed to 00 00 00 00 C0 00 00 00 00 00 460014 8F 00 00 00 flags. The comparison table shows that the target of the shell item id list is a file with a description string and the relative path is 0018, 20, 00, and 00, for details, refer to the preceding attributes. Table 001C 40 51 0A 0C file creation time ad cb C4 010024 C4 D8 A5 91 file modification time ad cb C4 01002C 00 33 16 74 file last access time f6 C7 C3 010034 00 20 01 00 file length 0038 00 00 00 00 00 number of custom icons 003C 01 00 00 00 00 the window is in normal status 0040 00 00 00 00 00 Hot Key 0044 00 00 00 00 00 it is unclear at the moment that the purpose value is usually 0 00 00 00

Iii. Shell item ID list segment
This parameter is available only when the 0th position of ○ 1 is in the file header. The first unsigned short integer indicates the total length of the item ID list segment. Followed by the SHITEMID structure. The SHITEMID is defined as follows:

    typedef struct _SHITEMID {         USHORT cb;         BYTE   abID[0];     } SHITEMID, * LPSHITEMID; 

Cb stores the size of the SHITEMID structure. AbID is the identifier of a variable-length object. For more information about the meaning, see MSDN. Because the beginning of the item ID list segment is the total length of this segment, you can skip this segment during reading without processing !! :)

Example: (the flags mark of the file header section shows that the shell item id list segment exists)

Offset Data Interpretation 004C 9c 00 item ID list total length (the starting address of the next section is 004E + 009C = 00EA) 004E 14 00 length of the first item ID 0050 1F 50 E0 4F first item ID content D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D0062 19 00 second item ID length 0064 23 43 3A 5C second item ID content 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F1 93007B 25 1277d 31 00 00 00 00 00 00 70 31 47 3B 31 00 50 72 6F 67 72 61 6D 20 46 69 6C 65 73 00 50 52 4F 47 52 41 7E 31 108a0 2C 127a2 31 00 00 00 00 00 70 31 47 3B 10 00 57 69 6E 64 6F 77 73 20 4D 65 64 69 61 20 50 6C 61 79 65 72 00 57 49 4E 44 4F 57 7E 32 127cc 1C 0000CE 32 00 20 01 00 95 2F A1 99 20 00 77 6D 70 6C 61 79 65 72 2E 65 78 65 00 hour E8 00 00 item ID list segment ended

Iv. File Location Information Section
A long integer at the beginning indicates the total length of this segment. When the 1st bits of ○ 1 in the file header are not set, this information is neither a file nor a folder, so this information is meaningless, therefore, the total length is 0. Let's take a look at the header of this section:
　

Offset	Size/Type	Description
0 h	1 dword	Total length of this segment
4 h	1 dword	Header Length, fixed to 1 Ch
8 h	1 dword	Flags indicates the volumes in which the file is valid. Here, only two lower-level files are used. The first bit indicates that the local volume is valid. The second position indicates that the network volume is valid. Otherwise, the network volume is invalid.
Ch	1 dword	Local volume information table