Add MSI extraction and scanning

This commit is contained in:
Matt Nadareski
2020-10-28 22:51:33 -07:00
parent c0621a83cb
commit 2d2cff4d0e
4 changed files with 71 additions and 11 deletions

View File

@@ -28,6 +28,7 @@
<PackageReference Include="SharpCompress" Version="0.26.0" />
<PackageReference Include="UnshieldSharp" Version="1.4.2.3" />
<PackageReference Include="WiseUnpacker" Version="1.0.1" />
<PackageReference Include="wix-libs" Version="3.11.1" />
<PackageReference Include="zlib.net" Version="1.0.4" />
</ItemGroup>

View File

@@ -0,0 +1,55 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using LibMSPackN;
using Microsoft.Deployment.WindowsInstaller;
using Microsoft.Deployment.WindowsInstaller.Package;
namespace BurnOutSharp.FileType
{
internal class MSI
{
public static bool ShouldScan(byte[] magic)
{
if (magic.StartsWith(new byte[] { 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1 }))
return true;
return false;
}
// TODO: Add stream opening support
public static List<string> Scan(string file, bool includePosition = false)
{
List<string> protections = new List<string>();
// If the MSI file itself fails
try
{
string tempPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString());
Directory.CreateDirectory(tempPath);
using (Database msidb = new Database(file, DatabaseOpenMode.ReadOnly))
{
msidb.ExportAll(tempPath);
}
// Collect and format all found protections
var fileProtections = ProtectionFind.Scan(tempPath, includePosition);
protections = fileProtections.Select(kvp => kvp.Key.Substring(tempPath.Length) + ": " + kvp.Value.TrimEnd()).ToList();
// If temp directory cleanup fails
try
{
Directory.Delete(tempPath, true);
}
catch { }
}
catch { }
return protections;
}
}
}

View File

@@ -39,18 +39,18 @@ namespace BurnOutSharp.FileType
}
catch { }
}
// Collect and format all found protections
var fileProtections = ProtectionFind.Scan(tempPath, includePosition);
protections = fileProtections.Select(kvp => kvp.Key.Substring(tempPath.Length) + ": " + kvp.Value.TrimEnd()).ToList();
// If temp directory cleanup fails
try
{
Directory.Delete(tempPath, true);
}
catch { }
}
// Collect and format all found protections
var fileProtections = ProtectionFind.Scan(tempPath, includePosition);
protections = fileProtections.Select(kvp => kvp.Key.Substring(tempPath.Length) + ": " + kvp.Value.TrimEnd()).ToList();
// If temp directory cleanup fails
try
{
Directory.Delete(tempPath, true);
}
catch { }
}
catch { }

View File

@@ -444,6 +444,10 @@ namespace BurnOutSharp
if (file != null && MicrosoftCAB.ShouldScan(magic))
protections.AddRange(MicrosoftCAB.Scan(file, includePosition));
// MSI
if (file != null && MSI.ShouldScan(magic))
protections.AddRange(MSI.Scan(file, includePosition));
// MPQ archive
if (file != null && MPQ.ShouldScan(magic))
protections.AddRange(MPQ.Scan(file, includePosition));