Celeb Glow
news | March 06, 2026

What is inside a .lnk file? How does it work?

I noticed that windows does not show the size of folders, however the size of files. Creating a shortcut however seems to create a new folder by the looks, however it shows that it is actually a file, that just shares the same look as folders on the GUI.

After some quick research I found: Is a .lnk file a symbolic link or a junction?

Which seemed to confirm my first guess. There was also an answer suggesting to simply drag an .lnk file into a txt editor - I did so, but what disappointed as the txt inside the .lnk file was just not readable.

Now I am just curious, if there was a way to actually decypher the file and understand its inner workings. As much as I got thus far, it is just a simple reference to another file or folder. However considering its 2KB size, it seems to me being unexpectedly big.

So what is exactly in the file? How does the reference work? How does it open the file referenced and not the file itself, when selecting?

2

2 Answers

To understand "what exactly is in the file" take a look at the MS-SHLLINK specification. Also, these files are to be opened with a Hex Editor not a Text Editor.

I'm not sure if this would help but recently I've wanted to run the Network Troubleshooter in command line instead of running it manually when ever my wifi card jitters up. I managed to create a (lnk) shortcut of this troubleshooter in the Control Panel but I wanted to add a command to my .bat script. Here's what I did to look at that lnk file:

  1. I used HxD to take a look at what it runs. This is the whatthe HxD exported data looks like.

  2. Using my n00b skills and converting this string using this python script, I get this info:

    Identify and repair network problems %windir%\system32\Rundll32.exe ndfapi,NdfRunDllDiagnoseIncident

I can now copypasta that second line in cmd or in a .bat script of your choice.

To answer your question:

To inspect a .lnk file:

  1. Open the file with HxD, and save the data in a file.
  2. Run this python script to read only the string characters from that data file.

  3. Resulting output file from the python script displays information on what the .lnk does and which system files it access. For my example, the resulting output includes this command:

    %windir%\system32\Rundll32.exe ndfapi,NdfRunDllDiagnoseIncident

10

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like

Are the cards a one-time use?

How to install skyrim using wine?

Lost equipment quest?