This talk will go through the code-level analysis that was performed during research on CVE-2020-0729 and discuss how the previously undocumented structures in Windows LNK files containing saved search data were constructed and how similar techniques can be used when analyzing undocumented or poorly documented binary file formats.