Skip to content

Instantly share code, notes, and snippets.

@ariscop ariscop/names.py
Created Apr 5, 2015

Embed
What would you like to do?
from collections import defaultdict
TAG_TYPE_NULL = 0x1000
TAG_TYPE_BYTE = 0x2000
TAG_TYPE_WORD = 0x3000
TAG_TYPE_DWORD = 0x4000
TAG_TYPE_QWORD = 0x5000
TAG_TYPE_STRINGREF = 0x6000
TAG_TYPE_LIST = 0x7000
TAG_TYPE_STRING = 0x8000
TAG_TYPE_BINARY = 0x9000
types = {
TAG_TYPE_NULL: "NULL",
TAG_TYPE_BYTE: "BYTE",
TAG_TYPE_WORD: "WORD",
TAG_TYPE_DWORD: "DWORD",
TAG_TYPE_QWORD: "QWORD",
TAG_TYPE_STRINGREF: "STRINGREF",
TAG_TYPE_LIST: "LIST",
TAG_TYPE_STRING: "STRING",
TAG_TYPE_BINARY: "BINARY",
}
TAG_NULL = 0x0000
TAG_INCLUDE = 0x1001
TAG_GENERAL = 0x1002
TAG_MATCH_LOGIC_NOT = 0x1003
TAG_APPLY_ALL_SHIMS = 0x1004
TAG_USE_SERVICE_PACK_FILES = 0x1005
TAG_MITIGATION_OS = 0x1006
TAG_TRACE_PCA = 0x1007
TAG_INCLUDEEXCLUDEDLL = 0x1008
TAG_RAC_EVENT_OFF = 0x1009
TAG_TELEMETRY_OFF = 0x100a
TAG_SHIM_ENGINE_OFF = 0x100b
TAG_LAYER_PROPAGATION_OFF = 0x100c
TAG_FORCE_CACHE = 0x100d
TAG_MONITORING_OFF = 0x100e
TAG_QUIRK_OFF = 0x100f
TAG_ELEVATED_PROP_OFF = 0x1010
TAG_UPGRADE_ACTION_BLOCK_WEBSETUP = 0x1011
TAG_UPGRADE_ACTION_PROCEED_TO_MEDIASETUP = 0x1012
TAG_MATCH_MODE = 0x3001
TAG_QUIRK_COMPONENT_CODE_ID = 0x3002
TAG_QUIRK_CODE_ID = 0x3003
TAG_TAG = 0x3801
TAG_INDEX_TAG = 0x3802
TAG_INDEX_KEY = 0x3803
TAG_SIZE = 0x4001
TAG_OFFSET = 0x4002
TAG_CHECKSUM = 0x4003
TAG_SHIM_TAGID = 0x4004
TAG_PATCH_TAGID = 0x4005
TAG_MODULE_TYPE = 0x4006
TAG_VERDATEHI = 0x4007
TAG_VERDATELO = 0x4008
TAG_VERFILEOS = 0x4009
TAG_VERFILETYPE = 0x400a
TAG_PE_CHECKSUM = 0x400b
TAG_PREVOSMAJORVER = 0x400c
TAG_PREVOSMINORVER = 0x400d
TAG_PREVOSPLATFORMID = 0x400e
TAG_PREVOSBUILDNO = 0x400f
TAG_PROBLEMSEVERITY = 0x4010
TAG_LANGID = 0x4011
TAG_VER_LANGUAGE = 0x4012
TAG_ENGINE = 0x4014
TAG_HTMLHELPID = 0x4015
TAG_INDEX_FLAGS = 0x4016
TAG_FLAGS = 0x4017
TAG_DATA_VALUETYPE = 0x4018
TAG_DATA_DWORD = 0x4019
TAG_LAYER_TAGID = 0x401a
TAG_MSI_TRANSFORM_TAGID = 0x401b
TAG_LINKER_VERSION = 0x401c
TAG_LINK_DATE = 0x401d
TAG_UPTO_LINK_DATE = 0x401e
TAG_OS_SERVICE_PACK = 0x401f
TAG_FLAG_TAGID = 0x4020
TAG_RUNTIME_PLATFORM = 0x4021
TAG_OS_SKU = 0x4022
TAG_OS_PLATFORM = 0x4023
TAG_APP_NAME_RC_ID = 0x4024
TAG_VENDOR_NAME_RC_ID = 0x4025
TAG_SUMMARY_MSG_RC_ID = 0x4026
TAG_DESCRIPTION_RC_ID = 0x4028
TAG_PARAMETER1_RC_ID = 0x4029
TAG_CONTEXT_TAGID = 0x4030
TAG_EXE_WRAPPER = 0x4031
TAG_EXE_TYPE = 0x4032
TAG_FROM_LINK_DATE = 0x4033
TAG_REVISION_EQ = 0x4034
TAG_REVISION_LE = 0x4035
TAG_REVISION_GE = 0x4036
TAG_DATE_EQ = 0x4037
TAG_DATE_LE = 0x4038
TAG_DATE_GE = 0x4039
TAG_CPU_MODEL_EQ = 0x403a
TAG_CPU_MODEL_LE = 0x403b
TAG_CPU_MODEL_GE = 0x403c
TAG_CPU_FAMILY_EQ = 0x403d
TAG_CPU_FAMILY_LE = 0x403e
TAG_CPU_FAMILY_GE = 0x403f
TAG_CREATOR_REVISION_EQ = 0x4040
TAG_CREATOR_REVISION_LE = 0x4041
TAG_CREATOR_REVISION_GE = 0x4042
TAG_SIZE_OF_IMAGE = 0x4043
TAG_SHIM_CLASS = 0x4044
TAG_PACKAGEID_ARCHITECTURE = 0x4045
TAG_REINSTALL_UPGRADE_TYPE = 0x4046
TAG_BLOCK_UPGRADE_TYPE = 0x4047
TAG_ROUTING_MODE = 0x4048
TAG_OS_VERSION_VALUE = 0x4049
TAG_CRC_CHECKSUM = 0x404a
TAG_URL_ID = 0x404b
TAG_QUIRK_TAGID = 0x404c
TAG_MIGRATION_DATA_TYPE = 0x404e
TAG_UPGRADE_DATA = 0x404f
TAG_MIGRATION_DATA_TAGID = 0x4050
TAG_REG_VALUE_TYPE = 0x4051
TAG_REG_VALUE_DATA_DWORD = 0x4052
TAG_TEXT_ENCODING = 0x4053
TAG_TAGID = 0x4801
TAG_TIME = 0x5001
TAG_BIN_FILE_VERSION = 0x5002
TAG_BIN_PRODUCT_VERSION = 0x5003
TAG_MODTIME = 0x5004
TAG_FLAG_MASK_KERNEL = 0x5005
TAG_UPTO_BIN_PRODUCT_VERSION = 0x5006
TAG_DATA_QWORD = 0x5007
TAG_FLAG_MASK_USER = 0x5008
TAG_FLAGS_NTVDM1 = 0x5009
TAG_FLAGS_NTVDM2 = 0x500a
TAG_FLAGS_NTVDM3 = 0x500b
TAG_FLAG_MASK_SHELL = 0x500c
TAG_UPTO_BIN_FILE_VERSION = 0x500d
TAG_FLAG_MASK_FUSION = 0x500e
TAG_FLAG_PROCESSPARAM = 0x500f
TAG_FLAG_LUA = 0x5010
TAG_FLAG_INSTALL = 0x5011
TAG_FROM_BIN_PRODUCT_VERSION = 0x5012
TAG_FROM_BIN_FILE_VERSION = 0x5013
TAG_PACKAGEID_VERSION = 0x5014
TAG_FROM_PACKAGEID_VERSION = 0x5015
TAG_UPTO_PACKAGEID_VERSION = 0x5016
TAG_OSMAXVERSIONTESTED = 0x5017
TAG_FROM_OSMAXVERSIONTESTED = 0x5018
TAG_UPTO_OSMAXVERSIONTESTED = 0x5019
TAG_FLAG_MASK_WINRT = 0x501a
TAG_REG_VALUE_DATA_QWORD = 0x501b
TAG_QUIRK_ENABLED_UPTO_VERSION = 0x501c
TAG_NAME = 0x6001
TAG_DESCRIPTION = 0x6002
TAG_MODULE = 0x6003
TAG_API = 0x6004
TAG_VENDOR = 0x6005
TAG_APP_NAME = 0x6006
TAG_COMMAND_LINE = 0x6008
TAG_COMPANY_NAME = 0x6009
TAG_DLLFILE = 0x600a
TAG_WILDCARD_NAME = 0x600b
TAG_PRODUCT_NAME = 0x6010
TAG_PRODUCT_VERSION = 0x6011
TAG_FILE_DESCRIPTION = 0x6012
TAG_FILE_VERSION = 0x6013
TAG_ORIGINAL_FILENAME = 0x6014
TAG_INTERNAL_NAME = 0x6015
TAG_LEGAL_COPYRIGHT = 0x6016
TAG_16BIT_DESCRIPTION = 0x6017
TAG_APPHELP_DETAILS = 0x6018
TAG_LINK_URL = 0x6019
TAG_LINK_TEXT = 0x601a
TAG_APPHELP_TITLE = 0x601b
TAG_APPHELP_CONTACT = 0x601c
TAG_SXS_MANIFEST = 0x601d
TAG_DATA_STRING = 0x601e
TAG_MSI_TRANSFORM_FILE = 0x601f
TAG_16BIT_MODULE_NAME = 0x6020
TAG_LAYER_DISPLAYNAME = 0x6021
TAG_COMPILER_VERSION = 0x6022
TAG_ACTION_TYPE = 0x6023
TAG_EXPORT_NAME = 0x6024
TAG_VENDOR_ID = 0x6025
TAG_DEVICE_ID = 0x6026
TAG_SUB_VENDOR_ID = 0x6027
TAG_SUB_SYSTEM_ID = 0x6028
TAG_PACKAGEID_NAME = 0x6029
TAG_PACKAGEID_PUBLISHER = 0x602a
TAG_PACKAGEID_LANGUAGE = 0x602b
TAG_URL = 0x602c
TAG_MANUFACTURER = 0x602d
TAG_MODEL = 0x602e
TAG_DATE = 0x602f
TAG_REG_VALUE_NAME = 0x6030
TAG_REG_VALUE_DATA_SZ = 0x6031
TAG_MIGRATION_DATA_TEXT = 0x6032
TAG_DATABASE = 0x7001
TAG_LIBRARY = 0x7002
TAG_INEXCLUDE = 0x7003
TAG_SHIM = 0x7004
TAG_PATCH = 0x7005
TAG_APP = 0x7006
TAG_EXE = 0x7007
TAG_MATCHING_FILE = 0x7008
TAG_SHIM_REF = 0x7009
TAG_PATCH_REF = 0x700a
TAG_LAYER = 0x700b
TAG_FILE = 0x700c
TAG_APPHELP = 0x700d
TAG_LINK = 0x700e
TAG_DATA = 0x700f
TAG_MSI_TRANSFORM = 0x7010
TAG_MSI_TRANSFORM_REF = 0x7011
TAG_MSI_PACKAGE = 0x7012
TAG_FLAG = 0x7013
TAG_MSI_CUSTOM_ACTION = 0x7014
TAG_FLAG_REF = 0x7015
TAG_ACTION = 0x7016
TAG_LOOKUP = 0x7017
TAG_CONTEXT = 0x7018
TAG_CONTEXT_REF = 0x7019
TAG_KDEVICE = 0x701a
TAG_KDRIVER = 0x701c
TAG_MATCHING_DEVICE = 0x701e
TAG_ACPI = 0x701f
TAG_BIOS = 0x7020
TAG_CPU = 0x7021
TAG_OEM = 0x7022
TAG_KFLAG = 0x7023
TAG_KFLAG_REF = 0x7024
TAG_KSHIM = 0x7025
TAG_KSHIM_REF = 0x7026
TAG_REINSTALL_UPGRADE = 0x7027
TAG_KDATA = 0x7028
TAG_BLOCK_UPGRADE = 0x7029
TAG_SPC = 0x702a
TAG_QUIRK = 0x702b
TAG_QUIRK_REF = 0x702c
TAG_BIOS_BLOCK = 0x702d
TAG_MATCHING_INFO_BLOCK = 0x702e
TAG_DEVICE_BLOCK = 0x702f
TAG_MIGRATION_DATA = 0x7030
TAG_MIGRATION_DATA_REF = 0x7031
TAG_MATCHING_REG = 0x7032
TAG_MATCHING_TEXT = 0x7033
TAG_MACHINE_BLOCK = 0x7034
TAG_OS_UPGRADE = 0x7035
TAG_PACKAGE = 0x7036
TAG_STRINGTABLE = 0x7801
TAG_INDEXES = 0x7802
TAG_INDEX = 0x7803
TAG_STRINGTABLE_ITEM = 0x8801
TAG_PATCH_BITS = 0x9002
TAG_FILE_BITS = 0x9003
TAG_EXE_ID = 0x9004
TAG_DATA_BITS = 0x9005
TAG_MSI_PACKAGE_ID = 0x9006
TAG_DATABASE_ID = 0x9007
TAG_CONTEXT_PLATFORM_ID = 0x9008
TAG_CONTEXT_BRANCH_ID = 0x9009
TAG_FIX_ID = 0x9010
TAG_APP_ID = 0x9011
TAG_REG_VALUE_DATA_BINARY = 0x9012
TAG_TEXT = 0x9013
TAG_INDEX_BITS = 0x9801
names = defaultdict(lambda: "InvalidTag")
names.update({
TAG_NULL: "NULL",
TAG_INCLUDE: "INCLUDE",
TAG_GENERAL: "GENERAL",
TAG_MATCH_LOGIC_NOT: "MATCH_LOGIC_NOT",
TAG_APPLY_ALL_SHIMS: "APPLY_ALL_SHIMS",
TAG_USE_SERVICE_PACK_FILES: "USE_SERVICE_PACK_FILES",
TAG_MITIGATION_OS: "MITIGATION_OS",
TAG_TRACE_PCA: "TRACE_PCA",
TAG_INCLUDEEXCLUDEDLL: "INCLUDEEXCLUDEDLL",
TAG_RAC_EVENT_OFF: "RAC_EVENT_OFF",
TAG_TELEMETRY_OFF: "TELEMETRY_OFF",
TAG_SHIM_ENGINE_OFF: "SHIM_ENGINE_OFF",
TAG_LAYER_PROPAGATION_OFF: "LAYER_PROPAGATION_OFF",
TAG_FORCE_CACHE: "FORCE_CACHE",
TAG_MONITORING_OFF: "MONITORING_OFF",
TAG_QUIRK_OFF: "QUIRK_OFF",
TAG_ELEVATED_PROP_OFF: "ELEVATED_PROP_OFF",
TAG_UPGRADE_ACTION_BLOCK_WEBSETUP: "UPGRADE_ACTION_BLOCK_WEBSETUP",
TAG_UPGRADE_ACTION_PROCEED_TO_MEDIASETUP: "UPGRADE_ACTION_PROCEED_TO_MEDIASETUP",
TAG_MATCH_MODE: "MATCH_MODE",
TAG_QUIRK_COMPONENT_CODE_ID: "QUIRK_COMPONENT_CODE_ID",
TAG_QUIRK_CODE_ID: "QUIRK_CODE_ID",
TAG_TAG: "TAG",
TAG_INDEX_TAG: "INDEX_TAG",
TAG_INDEX_KEY: "INDEX_KEY",
TAG_SIZE: "SIZE",
TAG_OFFSET: "OFFSET",
TAG_CHECKSUM: "CHECKSUM",
TAG_SHIM_TAGID: "SHIM_TAGID",
TAG_PATCH_TAGID: "PATCH_TAGID",
TAG_MODULE_TYPE: "MODULE_TYPE",
TAG_VERDATEHI: "VERDATEHI",
TAG_VERDATELO: "VERDATELO",
TAG_VERFILEOS: "VERFILEOS",
TAG_VERFILETYPE: "VERFILETYPE",
TAG_PE_CHECKSUM: "PE_CHECKSUM",
TAG_PREVOSMAJORVER: "PREVOSMAJORVER",
TAG_PREVOSMINORVER: "PREVOSMINORVER",
TAG_PREVOSPLATFORMID: "PREVOSPLATFORMID",
TAG_PREVOSBUILDNO: "PREVOSBUILDNO",
TAG_PROBLEMSEVERITY: "PROBLEMSEVERITY",
TAG_LANGID: "LANGID",
TAG_VER_LANGUAGE: "VER_LANGUAGE",
TAG_ENGINE: "ENGINE",
TAG_HTMLHELPID: "HTMLHELPID",
TAG_INDEX_FLAGS: "INDEX_FLAGS",
TAG_FLAGS: "FLAGS",
TAG_DATA_VALUETYPE: "DATA_VALUETYPE",
TAG_DATA_DWORD: "DATA_DWORD",
TAG_LAYER_TAGID: "LAYER_TAGID",
TAG_MSI_TRANSFORM_TAGID: "MSI_TRANSFORM_TAGID",
TAG_LINKER_VERSION: "LINKER_VERSION",
TAG_LINK_DATE: "LINK_DATE",
TAG_UPTO_LINK_DATE: "UPTO_LINK_DATE",
TAG_OS_SERVICE_PACK: "OS_SERVICE_PACK",
TAG_FLAG_TAGID: "FLAG_TAGID",
TAG_RUNTIME_PLATFORM: "RUNTIME_PLATFORM",
TAG_OS_SKU: "OS_SKU",
TAG_OS_PLATFORM: "OS_PLATFORM",
TAG_APP_NAME_RC_ID: "APP_NAME_RC_ID",
TAG_VENDOR_NAME_RC_ID: "VENDOR_NAME_RC_ID",
TAG_SUMMARY_MSG_RC_ID: "SUMMARY_MSG_RC_ID",
TAG_DESCRIPTION_RC_ID: "DESCRIPTION_RC_ID",
TAG_PARAMETER1_RC_ID: "PARAMETER1_RC_ID",
TAG_CONTEXT_TAGID: "CONTEXT_TAGID",
TAG_EXE_WRAPPER: "EXE_WRAPPER",
TAG_EXE_TYPE: "EXE_TYPE",
TAG_FROM_LINK_DATE: "FROM_LINK_DATE",
TAG_REVISION_EQ: "REVISION_EQ",
TAG_REVISION_LE: "REVISION_LE",
TAG_REVISION_GE: "REVISION_GE",
TAG_DATE_EQ: "DATE_EQ",
TAG_DATE_LE: "DATE_LE",
TAG_DATE_GE: "DATE_GE",
TAG_CPU_MODEL_EQ: "CPU_MODEL_EQ",
TAG_CPU_MODEL_LE: "CPU_MODEL_LE",
TAG_CPU_MODEL_GE: "CPU_MODEL_GE",
TAG_CPU_FAMILY_EQ: "CPU_FAMILY_EQ",
TAG_CPU_FAMILY_LE: "CPU_FAMILY_LE",
TAG_CPU_FAMILY_GE: "CPU_FAMILY_GE",
TAG_CREATOR_REVISION_EQ: "CREATOR_REVISION_EQ",
TAG_CREATOR_REVISION_LE: "CREATOR_REVISION_LE",
TAG_CREATOR_REVISION_GE: "CREATOR_REVISION_GE",
TAG_SIZE_OF_IMAGE: "SIZE_OF_IMAGE",
TAG_SHIM_CLASS: "SHIM_CLASS",
TAG_PACKAGEID_ARCHITECTURE: "PACKAGEID_ARCHITECTURE",
TAG_REINSTALL_UPGRADE_TYPE: "REINSTALL_UPGRADE_TYPE",
TAG_BLOCK_UPGRADE_TYPE: "BLOCK_UPGRADE_TYPE",
TAG_ROUTING_MODE: "ROUTING_MODE",
TAG_OS_VERSION_VALUE: "OS_VERSION_VALUE",
TAG_CRC_CHECKSUM: "CRC_CHECKSUM",
TAG_URL_ID: "URL_ID",
TAG_QUIRK_TAGID: "QUIRK_TAGID",
TAG_MIGRATION_DATA_TYPE: "MIGRATION_DATA_TYPE",
TAG_UPGRADE_DATA: "UPGRADE_DATA",
TAG_MIGRATION_DATA_TAGID: "MIGRATION_DATA_TAGID",
TAG_REG_VALUE_TYPE: "REG_VALUE_TYPE",
TAG_REG_VALUE_DATA_DWORD: "REG_VALUE_DATA_DWORD",
TAG_TEXT_ENCODING: "TEXT_ENCODING",
TAG_TAGID: "TAGID",
TAG_TIME: "TIME",
TAG_BIN_FILE_VERSION: "BIN_FILE_VERSION",
TAG_BIN_PRODUCT_VERSION: "BIN_PRODUCT_VERSION",
TAG_MODTIME: "MODTIME",
TAG_FLAG_MASK_KERNEL: "FLAG_MASK_KERNEL",
TAG_UPTO_BIN_PRODUCT_VERSION: "UPTO_BIN_PRODUCT_VERSION",
TAG_DATA_QWORD: "DATA_QWORD",
TAG_FLAG_MASK_USER: "FLAG_MASK_USER",
TAG_FLAGS_NTVDM1: "FLAGS_NTVDM1",
TAG_FLAGS_NTVDM2: "FLAGS_NTVDM2",
TAG_FLAGS_NTVDM3: "FLAGS_NTVDM3",
TAG_FLAG_MASK_SHELL: "FLAG_MASK_SHELL",
TAG_UPTO_BIN_FILE_VERSION: "UPTO_BIN_FILE_VERSION",
TAG_FLAG_MASK_FUSION: "FLAG_MASK_FUSION",
TAG_FLAG_PROCESSPARAM: "FLAG_PROCESSPARAM",
TAG_FLAG_LUA: "FLAG_LUA",
TAG_FLAG_INSTALL: "FLAG_INSTALL",
TAG_FROM_BIN_PRODUCT_VERSION: "FROM_BIN_PRODUCT_VERSION",
TAG_FROM_BIN_FILE_VERSION: "FROM_BIN_FILE_VERSION",
TAG_PACKAGEID_VERSION: "PACKAGEID_VERSION",
TAG_FROM_PACKAGEID_VERSION: "FROM_PACKAGEID_VERSION",
TAG_UPTO_PACKAGEID_VERSION: "UPTO_PACKAGEID_VERSION",
TAG_OSMAXVERSIONTESTED: "OSMAXVERSIONTESTED",
TAG_FROM_OSMAXVERSIONTESTED: "FROM_OSMAXVERSIONTESTED",
TAG_UPTO_OSMAXVERSIONTESTED: "UPTO_OSMAXVERSIONTESTED",
TAG_FLAG_MASK_WINRT: "FLAG_MASK_WINRT",
TAG_REG_VALUE_DATA_QWORD: "REG_VALUE_DATA_QWORD",
TAG_QUIRK_ENABLED_UPTO_VERSION: "QUIRK_ENABLED_UPTO_VERSION",
TAG_NAME: "NAME",
TAG_DESCRIPTION: "DESCRIPTION",
TAG_MODULE: "MODULE",
TAG_API: "API",
TAG_VENDOR: "VENDOR",
TAG_APP_NAME: "APP_NAME",
TAG_COMMAND_LINE: "COMMAND_LINE",
TAG_COMPANY_NAME: "COMPANY_NAME",
TAG_DLLFILE: "DLLFILE",
TAG_WILDCARD_NAME: "WILDCARD_NAME",
TAG_PRODUCT_NAME: "PRODUCT_NAME",
TAG_PRODUCT_VERSION: "PRODUCT_VERSION",
TAG_FILE_DESCRIPTION: "FILE_DESCRIPTION",
TAG_FILE_VERSION: "FILE_VERSION",
TAG_ORIGINAL_FILENAME: "ORIGINAL_FILENAME",
TAG_INTERNAL_NAME: "INTERNAL_NAME",
TAG_LEGAL_COPYRIGHT: "LEGAL_COPYRIGHT",
TAG_16BIT_DESCRIPTION: "_16BIT_DESCRIPTION",
TAG_APPHELP_DETAILS: "APPHELP_DETAILS",
TAG_LINK_URL: "LINK_URL",
TAG_LINK_TEXT: "LINK_TEXT",
TAG_APPHELP_TITLE: "APPHELP_TITLE",
TAG_APPHELP_CONTACT: "APPHELP_CONTACT",
TAG_SXS_MANIFEST: "SXS_MANIFEST",
TAG_DATA_STRING: "DATA_STRING",
TAG_MSI_TRANSFORM_FILE: "MSI_TRANSFORM_FILE",
TAG_16BIT_MODULE_NAME: "_16BIT_MODULE_NAME",
TAG_LAYER_DISPLAYNAME: "LAYER_DISPLAYNAME",
TAG_COMPILER_VERSION: "COMPILER_VERSION",
TAG_ACTION_TYPE: "ACTION_TYPE",
TAG_EXPORT_NAME: "EXPORT_NAME",
TAG_VENDOR_ID: "VENDOR_ID",
TAG_DEVICE_ID: "DEVICE_ID",
TAG_SUB_VENDOR_ID: "SUB_VENDOR_ID",
TAG_SUB_SYSTEM_ID: "SUB_SYSTEM_ID",
TAG_PACKAGEID_NAME: "PACKAGEID_NAME",
TAG_PACKAGEID_PUBLISHER: "PACKAGEID_PUBLISHER",
TAG_PACKAGEID_LANGUAGE: "PACKAGEID_LANGUAGE",
TAG_URL: "URL",
TAG_MANUFACTURER: "MANUFACTURER",
TAG_MODEL: "MODEL",
TAG_DATE: "DATE",
TAG_REG_VALUE_NAME: "REG_VALUE_NAME",
TAG_REG_VALUE_DATA_SZ: "REG_VALUE_DATA_SZ",
TAG_MIGRATION_DATA_TEXT: "MIGRATION_DATA_TEXT",
TAG_DATABASE: "DATABASE",
TAG_LIBRARY: "LIBRARY",
TAG_INEXCLUDE: "INEXCLUDE",
TAG_SHIM: "SHIM",
TAG_PATCH: "PATCH",
TAG_APP: "APP",
TAG_EXE: "EXE",
TAG_MATCHING_FILE: "MATCHING_FILE",
TAG_SHIM_REF: "SHIM_REF",
TAG_PATCH_REF: "PATCH_REF",
TAG_LAYER: "LAYER",
TAG_FILE: "FILE",
TAG_APPHELP: "APPHELP",
TAG_LINK: "LINK",
TAG_DATA: "DATA",
TAG_MSI_TRANSFORM: "MSI_TRANSFORM",
TAG_MSI_TRANSFORM_REF: "MSI_TRANSFORM_REF",
TAG_MSI_PACKAGE: "MSI_PACKAGE",
TAG_FLAG: "FLAG",
TAG_MSI_CUSTOM_ACTION: "MSI_CUSTOM_ACTION",
TAG_FLAG_REF: "FLAG_REF",
TAG_ACTION: "ACTION",
TAG_LOOKUP: "LOOKUP",
TAG_CONTEXT: "CONTEXT",
TAG_CONTEXT_REF: "CONTEXT_REF",
TAG_KDEVICE: "KDEVICE",
TAG_KDRIVER: "KDRIVER",
TAG_MATCHING_DEVICE: "MATCHING_DEVICE",
TAG_ACPI: "ACPI",
TAG_BIOS: "BIOS",
TAG_CPU: "CPU",
TAG_OEM: "OEM",
TAG_KFLAG: "KFLAG",
TAG_KFLAG_REF: "KFLAG_REF",
TAG_KSHIM: "KSHIM",
TAG_KSHIM_REF: "KSHIM_REF",
TAG_REINSTALL_UPGRADE: "REINSTALL_UPGRADE",
TAG_KDATA: "KDATA",
TAG_BLOCK_UPGRADE: "BLOCK_UPGRADE",
TAG_SPC: "SPC",
TAG_QUIRK: "QUIRK",
TAG_QUIRK_REF: "QUIRK_REF",
TAG_BIOS_BLOCK: "BIOS_BLOCK",
TAG_MATCHING_INFO_BLOCK: "MATCHING_INFO_BLOCK",
TAG_DEVICE_BLOCK: "DEVICE_BLOCK",
TAG_MIGRATION_DATA: "MIGRATION_DATA",
TAG_MIGRATION_DATA_REF: "MIGRATION_DATA_REF",
TAG_MATCHING_REG: "MATCHING_REG",
TAG_MATCHING_TEXT: "MATCHING_TEXT",
TAG_MACHINE_BLOCK: "MACHINE_BLOCK",
TAG_OS_UPGRADE: "OS_UPGRADE",
TAG_PACKAGE: "PACKAGE",
TAG_STRINGTABLE: "STRINGTABLE",
TAG_INDEXES: "INDEXES",
TAG_INDEX: "INDEX",
TAG_STRINGTABLE_ITEM: "STRINGTABLE_ITEM",
TAG_PATCH_BITS: "PATCH_BITS",
TAG_FILE_BITS: "FILE_BITS",
TAG_EXE_ID: "EXE_ID",
TAG_DATA_BITS: "DATA_BITS",
TAG_MSI_PACKAGE_ID: "MSI_PACKAGE_ID",
TAG_DATABASE_ID: "DATABASE_ID",
TAG_CONTEXT_PLATFORM_ID: "CONTEXT_PLATFORM_ID",
TAG_CONTEXT_BRANCH_ID: "CONTEXT_BRANCH_ID",
TAG_FIX_ID: "FIX_ID",
TAG_APP_ID: "APP_ID",
TAG_REG_VALUE_DATA_BINARY: "REG_VALUE_DATA_BINARY",
TAG_TEXT: "TEXT",
TAG_INDEX_BITS: "INDEX_BITS",
})
#!/usr/bin/env python3
import sys
from struct import unpack, unpack_from, iter_unpack
from collections import namedtuple, defaultdict
from uuid import UUID
import xml.etree.ElementTree as ET
import xml.dom.minidom as md
from names import *
def element(name, attrib={}, text=None):
elem = ET.Element(name, attrib)
if not text is None:
elem.text = str(text)
return elem
def to_hex(data):
return ''.join('%02x' % x for x in data)
Header = namedtuple("SdbHeader", "unk1 unk2 magic")
stringtable_offset = None
def read_unknown(node, data, offset, end):
return 0
def read_null(node, data, offset, end):
return 2
def read_list(node, data, offset, end):
tag,length = unpack_from("<HI", data, offset)
node.set("length", str(length))
read_tag(node, data, offset + 6, offset + 6 + length)
return 6 + length
def read_stringtable(node, data, offset, end):
global stringtable_offset
stringtable_offset = offset
return read_list(node, data, offset, end)
def read_binary(node, data, offset, end):
tag,length = unpack_from("<HI", data, offset)
node.set("length", str(length))
node.text = ''.join(to_hex(data[offset+6:][:length]))
with open("/tmp/out/TAG_%s@%s" % (names[tag], hex(offset)), "wb") as out:
out.write(data[offset+6:][:length])
return 6 + length
def read_uuid(node, data, offset, end):
tag,length = unpack_from("<HI", data, offset)
node.text = "{%s}" % str(UUID(bytes=bytes(data[offset+6:][:length])))
return 6 + length
def read_index(node, data, offset, end):
tag,length = unpack_from("<HI", data, offset)
node.text = ''.join("%s, %s\n" % (key[::-1], offset) for key,offset in iter_unpack("<8sI", data[offset+6:][:length]))
return 6 + length
def read_string(node, data, offset, end):
tag,length = unpack_from("<HI", data, offset)
node.text = bytes(data[offset+6:][:length]).decode('utf-16').strip('\x00')
return 6 + length
def read_stringtable_item(node, data, offset, end):
node.set("strid", hex(offset - stringtable_offset))
return read_string(node, data, offset, end)
def read_word(node, data, offset, end):
tag, value = unpack_from("<HH", data, offset)
node.text = hex(value)
return 4
def read_tagname(node, data, offset, end):
tag, value = unpack_from("<HH", data, offset)
node.text = names[value]
return 4
def read_dword(node, data, offset, end):
tag, value = unpack_from("<HI", data, offset)
node.text = hex(value)
return 6
def read_qword(node, data, offset, end):
tag, value = unpack_from("<HQ", data, offset)
node.text = hex(value)
return 10
class parsers_dict(dict):
def __missing__(self, key):
if key & 0xF000 in self:
return self[key & 0xF000]
else:
raise KeyError(key)
parsers = parsers_dict()
parsers.update({
TAG_TYPE_NULL: read_null,
TAG_TYPE_WORD: read_word,
TAG_TYPE_DWORD: read_dword,
TAG_TYPE_QWORD: read_qword,
TAG_TYPE_STRINGREF: read_dword,
TAG_TYPE_LIST: read_list,
TAG_TYPE_STRING: read_string,
TAG_TYPE_BINARY: read_binary,
TAG_INDEX_TAG: read_tagname,
TAG_INDEX_KEY: read_tagname,
TAG_STRINGTABLE: read_stringtable,
TAG_STRINGTABLE_ITEM: read_stringtable_item,
TAG_FIX_ID: read_uuid,
TAG_EXE_ID: read_uuid,
TAG_APP_ID: read_uuid,
TAG_CONTEXT_BRANCH_ID: read_uuid,
TAG_CONTEXT_PLATFORM_ID: read_uuid,
TAG_MSI_PACKAGE_ID: read_uuid,
TAG_INDEX_BITS: read_index,
})
def read_tag(node, data, offset, end):
while(offset < end):
tag, = unpack_from("<H", data, offset)
child = element(names[tag], attrib={"type": types[tag & 0xF000], "tagid": hex(offset), "tag": hex(tag)})
size = parsers[tag](child, data, offset, end)
node.append(child)
if size == 0:
return
offset += size
#offset is word aligned
if offset % 2:
offset += 1
with open(sys.argv[1], "rb") as fd:
data = memoryview(fd.read())
header = Header(*unpack("<2I4s", data[0:0xC]))
root = element("Sdbf")
read_tag(root, data, 0xC, len(data)) #TAG_ROOT
for node in root.findall('.//*[@type="STRINGREF"]'):
item = root.find('./STRINGTABLE/STRINGTABLE_ITEM[@strid="%s"]' % node.text)
node.text = item.text
#pretty printing
print(md.parseString(ET.tostring(root)).toprettyxml())
#print(ET.tostring(root).decode())
@williballenthin

This comment has been minimized.

Copy link

commented Oct 8, 2015

recommend using the tempfile (and import os) module and replacing sdb.py line 50 with:

with open(os.path.join(tempfile.gettempdir(), "TAG_%s@%s" % (names[tag], hex(offset))), "wb") as out:

then script runs successfully on Windows.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.