What is the key structural difference in a .lnk file that enables storing long command-line arguments?

The critical difference lies in the command-line arguments segment of the LNK file format. In a normal shortcut, this Unicode string is short, but the format itself does not impose a built-in length restriction. By manually manipulating the binary (e.g., using Delphi or PowerShell), an attacker can write a very long argument string into that segment. The `cmd` process reads the full string from the file, even though the default property viewer truncates it. The article's analysis of the LNK file header and segment offsets explains how each part (e.g., description, working path, command line) is parsed sequentially.