https://gist.github.com/inaz2/5fa3ca02f4e8204a7dd4d4b50fd0c13f
Shell32.dll {6DA736C9-DCDE-4651-82A8-56E4EF1D8DD7} CLSID_ScfFileExecute
Any class that extends the following methods render the classes ICON file (arbitrary file = potentially an SMB connection/hash relay)
public IExtractIconA, public IExtractIconW
QITABENT(CShellCmdFileIcon, IExtractIconA)
https://github.com/tongzx/nt5src/blob/master/Source/XPSP1/NT/shell/shell32/scffile.cpp
[Shell]
IconFile=
ANY CALL TO THIS FUNCTION COULD RESULT IN SMB connection / Cred relay PathParseIconLocation(szData);
ShellExecCommandFile
[Shell]
Command =
{ 3, SFC_IECommand},
Only calls Channel_QuickLaunch();
NO USER INPUT
{ 2, SFC_TrayCommand},
USER_INPUT = SHTCharToAnsi (Command)
hwnd, Msg, , wParam, lParam
PostMessage(g_hwndTray, TM_PRIVATECOMMAND, 0, USER_INPUT)
PostMessage TM_PRIVATECOMMAND
Can only be "ToggleDesktop" or "Explorer" https://github.com/tongzx/nt5src/blob/daad8a087a4e75422ec96b7911f1df4669989611/Source/XPSP1/NT/shell/explorer/tray.cpp#L5487
-------------------------
Channels Script
-------------------------
[Shell]
Command=3
IconFile=shdocvw.dll,-118
[IE]
Command=Channels
-------------------------
Show Desktop Script (equivilent: WINDOWS-KEY+D)
-------------------------
[Shell]
Command=2
IconFile=SHELL32.DLL,34
[Taskbar]
Command=ToggleDesktop
-------------------------
Display Explorer Script (equivilent: WINDOWS-KEY+E)
-------------------------
[Shell]
Command=2
IconFile=explorer.exe,1
[Taskbar]
Command=Explorer
PRIMARY SINKS OF INTEREST:
Load arbitrary value from an INI file
GetPrivateProfileString