mirror of
https://github.com/SabreTools/BinaryObjectScanner.git
synced 2026-07-08 18:06:34 +00:00
Add MSI extraction and scanning
This commit is contained in:
@@ -28,6 +28,7 @@
|
||||
<PackageReference Include="SharpCompress" Version="0.26.0" />
|
||||
<PackageReference Include="UnshieldSharp" Version="1.4.2.3" />
|
||||
<PackageReference Include="WiseUnpacker" Version="1.0.1" />
|
||||
<PackageReference Include="wix-libs" Version="3.11.1" />
|
||||
<PackageReference Include="zlib.net" Version="1.0.4" />
|
||||
</ItemGroup>
|
||||
|
||||
|
||||
55
BurnOutSharp/FileType/MSI.cs
Normal file
55
BurnOutSharp/FileType/MSI.cs
Normal file
@@ -0,0 +1,55 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using LibMSPackN;
|
||||
using Microsoft.Deployment.WindowsInstaller;
|
||||
using Microsoft.Deployment.WindowsInstaller.Package;
|
||||
|
||||
namespace BurnOutSharp.FileType
|
||||
{
|
||||
internal class MSI
|
||||
{
|
||||
public static bool ShouldScan(byte[] magic)
|
||||
{
|
||||
if (magic.StartsWith(new byte[] { 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1 }))
|
||||
return true;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
// TODO: Add stream opening support
|
||||
public static List<string> Scan(string file, bool includePosition = false)
|
||||
{
|
||||
List<string> protections = new List<string>();
|
||||
|
||||
// If the MSI file itself fails
|
||||
try
|
||||
{
|
||||
string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
|
||||
Directory.CreateDirectory(tempPath);
|
||||
|
||||
using (Database msidb = new Database(file, DatabaseOpenMode.ReadOnly))
|
||||
{
|
||||
msidb.ExportAll(tempPath);
|
||||
}
|
||||
|
||||
// Collect and format all found protections
|
||||
var fileProtections = ProtectionFind.Scan(tempPath, includePosition);
|
||||
protections = fileProtections.Select(kvp => kvp.Key.Substring(tempPath.Length) + ": " + kvp.Value.TrimEnd()).ToList();
|
||||
|
||||
// If temp directory cleanup fails
|
||||
try
|
||||
{
|
||||
Directory.Delete(tempPath, true);
|
||||
}
|
||||
catch { }
|
||||
}
|
||||
catch { }
|
||||
|
||||
return protections;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -39,18 +39,18 @@ namespace BurnOutSharp.FileType
|
||||
}
|
||||
catch { }
|
||||
}
|
||||
|
||||
// Collect and format all found protections
|
||||
var fileProtections = ProtectionFind.Scan(tempPath, includePosition);
|
||||
protections = fileProtections.Select(kvp => kvp.Key.Substring(tempPath.Length) + ": " + kvp.Value.TrimEnd()).ToList();
|
||||
|
||||
// If temp directory cleanup fails
|
||||
try
|
||||
{
|
||||
Directory.Delete(tempPath, true);
|
||||
}
|
||||
catch { }
|
||||
}
|
||||
|
||||
// Collect and format all found protections
|
||||
var fileProtections = ProtectionFind.Scan(tempPath, includePosition);
|
||||
protections = fileProtections.Select(kvp => kvp.Key.Substring(tempPath.Length) + ": " + kvp.Value.TrimEnd()).ToList();
|
||||
|
||||
// If temp directory cleanup fails
|
||||
try
|
||||
{
|
||||
Directory.Delete(tempPath, true);
|
||||
}
|
||||
catch { }
|
||||
}
|
||||
catch { }
|
||||
|
||||
|
||||
@@ -444,6 +444,10 @@ namespace BurnOutSharp
|
||||
if (file != null && MicrosoftCAB.ShouldScan(magic))
|
||||
protections.AddRange(MicrosoftCAB.Scan(file, includePosition));
|
||||
|
||||
// MSI
|
||||
if (file != null && MSI.ShouldScan(magic))
|
||||
protections.AddRange(MSI.Scan(file, includePosition));
|
||||
|
||||
// MPQ archive
|
||||
if (file != null && MPQ.ShouldScan(magic))
|
||||
protections.AddRange(MPQ.Scan(file, includePosition));
|
||||
|
||||
Reference in New Issue
Block a user