Created
April 5, 2015 00:07
-
-
Save ariscop/f24ffc95a7a1767f8f83 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from collections import defaultdict | |
TAG_TYPE_NULL = 0x1000 | |
TAG_TYPE_BYTE = 0x2000 | |
TAG_TYPE_WORD = 0x3000 | |
TAG_TYPE_DWORD = 0x4000 | |
TAG_TYPE_QWORD = 0x5000 | |
TAG_TYPE_STRINGREF = 0x6000 | |
TAG_TYPE_LIST = 0x7000 | |
TAG_TYPE_STRING = 0x8000 | |
TAG_TYPE_BINARY = 0x9000 | |
types = { | |
TAG_TYPE_NULL: "NULL", | |
TAG_TYPE_BYTE: "BYTE", | |
TAG_TYPE_WORD: "WORD", | |
TAG_TYPE_DWORD: "DWORD", | |
TAG_TYPE_QWORD: "QWORD", | |
TAG_TYPE_STRINGREF: "STRINGREF", | |
TAG_TYPE_LIST: "LIST", | |
TAG_TYPE_STRING: "STRING", | |
TAG_TYPE_BINARY: "BINARY", | |
} | |
TAG_NULL = 0x0000 | |
TAG_INCLUDE = 0x1001 | |
TAG_GENERAL = 0x1002 | |
TAG_MATCH_LOGIC_NOT = 0x1003 | |
TAG_APPLY_ALL_SHIMS = 0x1004 | |
TAG_USE_SERVICE_PACK_FILES = 0x1005 | |
TAG_MITIGATION_OS = 0x1006 | |
TAG_TRACE_PCA = 0x1007 | |
TAG_INCLUDEEXCLUDEDLL = 0x1008 | |
TAG_RAC_EVENT_OFF = 0x1009 | |
TAG_TELEMETRY_OFF = 0x100a | |
TAG_SHIM_ENGINE_OFF = 0x100b | |
TAG_LAYER_PROPAGATION_OFF = 0x100c | |
TAG_FORCE_CACHE = 0x100d | |
TAG_MONITORING_OFF = 0x100e | |
TAG_QUIRK_OFF = 0x100f | |
TAG_ELEVATED_PROP_OFF = 0x1010 | |
TAG_UPGRADE_ACTION_BLOCK_WEBSETUP = 0x1011 | |
TAG_UPGRADE_ACTION_PROCEED_TO_MEDIASETUP = 0x1012 | |
TAG_MATCH_MODE = 0x3001 | |
TAG_QUIRK_COMPONENT_CODE_ID = 0x3002 | |
TAG_QUIRK_CODE_ID = 0x3003 | |
TAG_TAG = 0x3801 | |
TAG_INDEX_TAG = 0x3802 | |
TAG_INDEX_KEY = 0x3803 | |
TAG_SIZE = 0x4001 | |
TAG_OFFSET = 0x4002 | |
TAG_CHECKSUM = 0x4003 | |
TAG_SHIM_TAGID = 0x4004 | |
TAG_PATCH_TAGID = 0x4005 | |
TAG_MODULE_TYPE = 0x4006 | |
TAG_VERDATEHI = 0x4007 | |
TAG_VERDATELO = 0x4008 | |
TAG_VERFILEOS = 0x4009 | |
TAG_VERFILETYPE = 0x400a | |
TAG_PE_CHECKSUM = 0x400b | |
TAG_PREVOSMAJORVER = 0x400c | |
TAG_PREVOSMINORVER = 0x400d | |
TAG_PREVOSPLATFORMID = 0x400e | |
TAG_PREVOSBUILDNO = 0x400f | |
TAG_PROBLEMSEVERITY = 0x4010 | |
TAG_LANGID = 0x4011 | |
TAG_VER_LANGUAGE = 0x4012 | |
TAG_ENGINE = 0x4014 | |
TAG_HTMLHELPID = 0x4015 | |
TAG_INDEX_FLAGS = 0x4016 | |
TAG_FLAGS = 0x4017 | |
TAG_DATA_VALUETYPE = 0x4018 | |
TAG_DATA_DWORD = 0x4019 | |
TAG_LAYER_TAGID = 0x401a | |
TAG_MSI_TRANSFORM_TAGID = 0x401b | |
TAG_LINKER_VERSION = 0x401c | |
TAG_LINK_DATE = 0x401d | |
TAG_UPTO_LINK_DATE = 0x401e | |
TAG_OS_SERVICE_PACK = 0x401f | |
TAG_FLAG_TAGID = 0x4020 | |
TAG_RUNTIME_PLATFORM = 0x4021 | |
TAG_OS_SKU = 0x4022 | |
TAG_OS_PLATFORM = 0x4023 | |
TAG_APP_NAME_RC_ID = 0x4024 | |
TAG_VENDOR_NAME_RC_ID = 0x4025 | |
TAG_SUMMARY_MSG_RC_ID = 0x4026 | |
TAG_DESCRIPTION_RC_ID = 0x4028 | |
TAG_PARAMETER1_RC_ID = 0x4029 | |
TAG_CONTEXT_TAGID = 0x4030 | |
TAG_EXE_WRAPPER = 0x4031 | |
TAG_EXE_TYPE = 0x4032 | |
TAG_FROM_LINK_DATE = 0x4033 | |
TAG_REVISION_EQ = 0x4034 | |
TAG_REVISION_LE = 0x4035 | |
TAG_REVISION_GE = 0x4036 | |
TAG_DATE_EQ = 0x4037 | |
TAG_DATE_LE = 0x4038 | |
TAG_DATE_GE = 0x4039 | |
TAG_CPU_MODEL_EQ = 0x403a | |
TAG_CPU_MODEL_LE = 0x403b | |
TAG_CPU_MODEL_GE = 0x403c | |
TAG_CPU_FAMILY_EQ = 0x403d | |
TAG_CPU_FAMILY_LE = 0x403e | |
TAG_CPU_FAMILY_GE = 0x403f | |
TAG_CREATOR_REVISION_EQ = 0x4040 | |
TAG_CREATOR_REVISION_LE = 0x4041 | |
TAG_CREATOR_REVISION_GE = 0x4042 | |
TAG_SIZE_OF_IMAGE = 0x4043 | |
TAG_SHIM_CLASS = 0x4044 | |
TAG_PACKAGEID_ARCHITECTURE = 0x4045 | |
TAG_REINSTALL_UPGRADE_TYPE = 0x4046 | |
TAG_BLOCK_UPGRADE_TYPE = 0x4047 | |
TAG_ROUTING_MODE = 0x4048 | |
TAG_OS_VERSION_VALUE = 0x4049 | |
TAG_CRC_CHECKSUM = 0x404a | |
TAG_URL_ID = 0x404b | |
TAG_QUIRK_TAGID = 0x404c | |
TAG_MIGRATION_DATA_TYPE = 0x404e | |
TAG_UPGRADE_DATA = 0x404f | |
TAG_MIGRATION_DATA_TAGID = 0x4050 | |
TAG_REG_VALUE_TYPE = 0x4051 | |
TAG_REG_VALUE_DATA_DWORD = 0x4052 | |
TAG_TEXT_ENCODING = 0x4053 | |
TAG_TAGID = 0x4801 | |
TAG_TIME = 0x5001 | |
TAG_BIN_FILE_VERSION = 0x5002 | |
TAG_BIN_PRODUCT_VERSION = 0x5003 | |
TAG_MODTIME = 0x5004 | |
TAG_FLAG_MASK_KERNEL = 0x5005 | |
TAG_UPTO_BIN_PRODUCT_VERSION = 0x5006 | |
TAG_DATA_QWORD = 0x5007 | |
TAG_FLAG_MASK_USER = 0x5008 | |
TAG_FLAGS_NTVDM1 = 0x5009 | |
TAG_FLAGS_NTVDM2 = 0x500a | |
TAG_FLAGS_NTVDM3 = 0x500b | |
TAG_FLAG_MASK_SHELL = 0x500c | |
TAG_UPTO_BIN_FILE_VERSION = 0x500d | |
TAG_FLAG_MASK_FUSION = 0x500e | |
TAG_FLAG_PROCESSPARAM = 0x500f | |
TAG_FLAG_LUA = 0x5010 | |
TAG_FLAG_INSTALL = 0x5011 | |
TAG_FROM_BIN_PRODUCT_VERSION = 0x5012 | |
TAG_FROM_BIN_FILE_VERSION = 0x5013 | |
TAG_PACKAGEID_VERSION = 0x5014 | |
TAG_FROM_PACKAGEID_VERSION = 0x5015 | |
TAG_UPTO_PACKAGEID_VERSION = 0x5016 | |
TAG_OSMAXVERSIONTESTED = 0x5017 | |
TAG_FROM_OSMAXVERSIONTESTED = 0x5018 | |
TAG_UPTO_OSMAXVERSIONTESTED = 0x5019 | |
TAG_FLAG_MASK_WINRT = 0x501a | |
TAG_REG_VALUE_DATA_QWORD = 0x501b | |
TAG_QUIRK_ENABLED_UPTO_VERSION = 0x501c | |
TAG_NAME = 0x6001 | |
TAG_DESCRIPTION = 0x6002 | |
TAG_MODULE = 0x6003 | |
TAG_API = 0x6004 | |
TAG_VENDOR = 0x6005 | |
TAG_APP_NAME = 0x6006 | |
TAG_COMMAND_LINE = 0x6008 | |
TAG_COMPANY_NAME = 0x6009 | |
TAG_DLLFILE = 0x600a | |
TAG_WILDCARD_NAME = 0x600b | |
TAG_PRODUCT_NAME = 0x6010 | |
TAG_PRODUCT_VERSION = 0x6011 | |
TAG_FILE_DESCRIPTION = 0x6012 | |
TAG_FILE_VERSION = 0x6013 | |
TAG_ORIGINAL_FILENAME = 0x6014 | |
TAG_INTERNAL_NAME = 0x6015 | |
TAG_LEGAL_COPYRIGHT = 0x6016 | |
TAG_16BIT_DESCRIPTION = 0x6017 | |
TAG_APPHELP_DETAILS = 0x6018 | |
TAG_LINK_URL = 0x6019 | |
TAG_LINK_TEXT = 0x601a | |
TAG_APPHELP_TITLE = 0x601b | |
TAG_APPHELP_CONTACT = 0x601c | |
TAG_SXS_MANIFEST = 0x601d | |
TAG_DATA_STRING = 0x601e | |
TAG_MSI_TRANSFORM_FILE = 0x601f | |
TAG_16BIT_MODULE_NAME = 0x6020 | |
TAG_LAYER_DISPLAYNAME = 0x6021 | |
TAG_COMPILER_VERSION = 0x6022 | |
TAG_ACTION_TYPE = 0x6023 | |
TAG_EXPORT_NAME = 0x6024 | |
TAG_VENDOR_ID = 0x6025 | |
TAG_DEVICE_ID = 0x6026 | |
TAG_SUB_VENDOR_ID = 0x6027 | |
TAG_SUB_SYSTEM_ID = 0x6028 | |
TAG_PACKAGEID_NAME = 0x6029 | |
TAG_PACKAGEID_PUBLISHER = 0x602a | |
TAG_PACKAGEID_LANGUAGE = 0x602b | |
TAG_URL = 0x602c | |
TAG_MANUFACTURER = 0x602d | |
TAG_MODEL = 0x602e | |
TAG_DATE = 0x602f | |
TAG_REG_VALUE_NAME = 0x6030 | |
TAG_REG_VALUE_DATA_SZ = 0x6031 | |
TAG_MIGRATION_DATA_TEXT = 0x6032 | |
TAG_DATABASE = 0x7001 | |
TAG_LIBRARY = 0x7002 | |
TAG_INEXCLUDE = 0x7003 | |
TAG_SHIM = 0x7004 | |
TAG_PATCH = 0x7005 | |
TAG_APP = 0x7006 | |
TAG_EXE = 0x7007 | |
TAG_MATCHING_FILE = 0x7008 | |
TAG_SHIM_REF = 0x7009 | |
TAG_PATCH_REF = 0x700a | |
TAG_LAYER = 0x700b | |
TAG_FILE = 0x700c | |
TAG_APPHELP = 0x700d | |
TAG_LINK = 0x700e | |
TAG_DATA = 0x700f | |
TAG_MSI_TRANSFORM = 0x7010 | |
TAG_MSI_TRANSFORM_REF = 0x7011 | |
TAG_MSI_PACKAGE = 0x7012 | |
TAG_FLAG = 0x7013 | |
TAG_MSI_CUSTOM_ACTION = 0x7014 | |
TAG_FLAG_REF = 0x7015 | |
TAG_ACTION = 0x7016 | |
TAG_LOOKUP = 0x7017 | |
TAG_CONTEXT = 0x7018 | |
TAG_CONTEXT_REF = 0x7019 | |
TAG_KDEVICE = 0x701a | |
TAG_KDRIVER = 0x701c | |
TAG_MATCHING_DEVICE = 0x701e | |
TAG_ACPI = 0x701f | |
TAG_BIOS = 0x7020 | |
TAG_CPU = 0x7021 | |
TAG_OEM = 0x7022 | |
TAG_KFLAG = 0x7023 | |
TAG_KFLAG_REF = 0x7024 | |
TAG_KSHIM = 0x7025 | |
TAG_KSHIM_REF = 0x7026 | |
TAG_REINSTALL_UPGRADE = 0x7027 | |
TAG_KDATA = 0x7028 | |
TAG_BLOCK_UPGRADE = 0x7029 | |
TAG_SPC = 0x702a | |
TAG_QUIRK = 0x702b | |
TAG_QUIRK_REF = 0x702c | |
TAG_BIOS_BLOCK = 0x702d | |
TAG_MATCHING_INFO_BLOCK = 0x702e | |
TAG_DEVICE_BLOCK = 0x702f | |
TAG_MIGRATION_DATA = 0x7030 | |
TAG_MIGRATION_DATA_REF = 0x7031 | |
TAG_MATCHING_REG = 0x7032 | |
TAG_MATCHING_TEXT = 0x7033 | |
TAG_MACHINE_BLOCK = 0x7034 | |
TAG_OS_UPGRADE = 0x7035 | |
TAG_PACKAGE = 0x7036 | |
TAG_STRINGTABLE = 0x7801 | |
TAG_INDEXES = 0x7802 | |
TAG_INDEX = 0x7803 | |
TAG_STRINGTABLE_ITEM = 0x8801 | |
TAG_PATCH_BITS = 0x9002 | |
TAG_FILE_BITS = 0x9003 | |
TAG_EXE_ID = 0x9004 | |
TAG_DATA_BITS = 0x9005 | |
TAG_MSI_PACKAGE_ID = 0x9006 | |
TAG_DATABASE_ID = 0x9007 | |
TAG_CONTEXT_PLATFORM_ID = 0x9008 | |
TAG_CONTEXT_BRANCH_ID = 0x9009 | |
TAG_FIX_ID = 0x9010 | |
TAG_APP_ID = 0x9011 | |
TAG_REG_VALUE_DATA_BINARY = 0x9012 | |
TAG_TEXT = 0x9013 | |
TAG_INDEX_BITS = 0x9801 | |
names = defaultdict(lambda: "InvalidTag") | |
names.update({ | |
TAG_NULL: "NULL", | |
TAG_INCLUDE: "INCLUDE", | |
TAG_GENERAL: "GENERAL", | |
TAG_MATCH_LOGIC_NOT: "MATCH_LOGIC_NOT", | |
TAG_APPLY_ALL_SHIMS: "APPLY_ALL_SHIMS", | |
TAG_USE_SERVICE_PACK_FILES: "USE_SERVICE_PACK_FILES", | |
TAG_MITIGATION_OS: "MITIGATION_OS", | |
TAG_TRACE_PCA: "TRACE_PCA", | |
TAG_INCLUDEEXCLUDEDLL: "INCLUDEEXCLUDEDLL", | |
TAG_RAC_EVENT_OFF: "RAC_EVENT_OFF", | |
TAG_TELEMETRY_OFF: "TELEMETRY_OFF", | |
TAG_SHIM_ENGINE_OFF: "SHIM_ENGINE_OFF", | |
TAG_LAYER_PROPAGATION_OFF: "LAYER_PROPAGATION_OFF", | |
TAG_FORCE_CACHE: "FORCE_CACHE", | |
TAG_MONITORING_OFF: "MONITORING_OFF", | |
TAG_QUIRK_OFF: "QUIRK_OFF", | |
TAG_ELEVATED_PROP_OFF: "ELEVATED_PROP_OFF", | |
TAG_UPGRADE_ACTION_BLOCK_WEBSETUP: "UPGRADE_ACTION_BLOCK_WEBSETUP", | |
TAG_UPGRADE_ACTION_PROCEED_TO_MEDIASETUP: "UPGRADE_ACTION_PROCEED_TO_MEDIASETUP", | |
TAG_MATCH_MODE: "MATCH_MODE", | |
TAG_QUIRK_COMPONENT_CODE_ID: "QUIRK_COMPONENT_CODE_ID", | |
TAG_QUIRK_CODE_ID: "QUIRK_CODE_ID", | |
TAG_TAG: "TAG", | |
TAG_INDEX_TAG: "INDEX_TAG", | |
TAG_INDEX_KEY: "INDEX_KEY", | |
TAG_SIZE: "SIZE", | |
TAG_OFFSET: "OFFSET", | |
TAG_CHECKSUM: "CHECKSUM", | |
TAG_SHIM_TAGID: "SHIM_TAGID", | |
TAG_PATCH_TAGID: "PATCH_TAGID", | |
TAG_MODULE_TYPE: "MODULE_TYPE", | |
TAG_VERDATEHI: "VERDATEHI", | |
TAG_VERDATELO: "VERDATELO", | |
TAG_VERFILEOS: "VERFILEOS", | |
TAG_VERFILETYPE: "VERFILETYPE", | |
TAG_PE_CHECKSUM: "PE_CHECKSUM", | |
TAG_PREVOSMAJORVER: "PREVOSMAJORVER", | |
TAG_PREVOSMINORVER: "PREVOSMINORVER", | |
TAG_PREVOSPLATFORMID: "PREVOSPLATFORMID", | |
TAG_PREVOSBUILDNO: "PREVOSBUILDNO", | |
TAG_PROBLEMSEVERITY: "PROBLEMSEVERITY", | |
TAG_LANGID: "LANGID", | |
TAG_VER_LANGUAGE: "VER_LANGUAGE", | |
TAG_ENGINE: "ENGINE", | |
TAG_HTMLHELPID: "HTMLHELPID", | |
TAG_INDEX_FLAGS: "INDEX_FLAGS", | |
TAG_FLAGS: "FLAGS", | |
TAG_DATA_VALUETYPE: "DATA_VALUETYPE", | |
TAG_DATA_DWORD: "DATA_DWORD", | |
TAG_LAYER_TAGID: "LAYER_TAGID", | |
TAG_MSI_TRANSFORM_TAGID: "MSI_TRANSFORM_TAGID", | |
TAG_LINKER_VERSION: "LINKER_VERSION", | |
TAG_LINK_DATE: "LINK_DATE", | |
TAG_UPTO_LINK_DATE: "UPTO_LINK_DATE", | |
TAG_OS_SERVICE_PACK: "OS_SERVICE_PACK", | |
TAG_FLAG_TAGID: "FLAG_TAGID", | |
TAG_RUNTIME_PLATFORM: "RUNTIME_PLATFORM", | |
TAG_OS_SKU: "OS_SKU", | |
TAG_OS_PLATFORM: "OS_PLATFORM", | |
TAG_APP_NAME_RC_ID: "APP_NAME_RC_ID", | |
TAG_VENDOR_NAME_RC_ID: "VENDOR_NAME_RC_ID", | |
TAG_SUMMARY_MSG_RC_ID: "SUMMARY_MSG_RC_ID", | |
TAG_DESCRIPTION_RC_ID: "DESCRIPTION_RC_ID", | |
TAG_PARAMETER1_RC_ID: "PARAMETER1_RC_ID", | |
TAG_CONTEXT_TAGID: "CONTEXT_TAGID", | |
TAG_EXE_WRAPPER: "EXE_WRAPPER", | |
TAG_EXE_TYPE: "EXE_TYPE", | |
TAG_FROM_LINK_DATE: "FROM_LINK_DATE", | |
TAG_REVISION_EQ: "REVISION_EQ", | |
TAG_REVISION_LE: "REVISION_LE", | |
TAG_REVISION_GE: "REVISION_GE", | |
TAG_DATE_EQ: "DATE_EQ", | |
TAG_DATE_LE: "DATE_LE", | |
TAG_DATE_GE: "DATE_GE", | |
TAG_CPU_MODEL_EQ: "CPU_MODEL_EQ", | |
TAG_CPU_MODEL_LE: "CPU_MODEL_LE", | |
TAG_CPU_MODEL_GE: "CPU_MODEL_GE", | |
TAG_CPU_FAMILY_EQ: "CPU_FAMILY_EQ", | |
TAG_CPU_FAMILY_LE: "CPU_FAMILY_LE", | |
TAG_CPU_FAMILY_GE: "CPU_FAMILY_GE", | |
TAG_CREATOR_REVISION_EQ: "CREATOR_REVISION_EQ", | |
TAG_CREATOR_REVISION_LE: "CREATOR_REVISION_LE", | |
TAG_CREATOR_REVISION_GE: "CREATOR_REVISION_GE", | |
TAG_SIZE_OF_IMAGE: "SIZE_OF_IMAGE", | |
TAG_SHIM_CLASS: "SHIM_CLASS", | |
TAG_PACKAGEID_ARCHITECTURE: "PACKAGEID_ARCHITECTURE", | |
TAG_REINSTALL_UPGRADE_TYPE: "REINSTALL_UPGRADE_TYPE", | |
TAG_BLOCK_UPGRADE_TYPE: "BLOCK_UPGRADE_TYPE", | |
TAG_ROUTING_MODE: "ROUTING_MODE", | |
TAG_OS_VERSION_VALUE: "OS_VERSION_VALUE", | |
TAG_CRC_CHECKSUM: "CRC_CHECKSUM", | |
TAG_URL_ID: "URL_ID", | |
TAG_QUIRK_TAGID: "QUIRK_TAGID", | |
TAG_MIGRATION_DATA_TYPE: "MIGRATION_DATA_TYPE", | |
TAG_UPGRADE_DATA: "UPGRADE_DATA", | |
TAG_MIGRATION_DATA_TAGID: "MIGRATION_DATA_TAGID", | |
TAG_REG_VALUE_TYPE: "REG_VALUE_TYPE", | |
TAG_REG_VALUE_DATA_DWORD: "REG_VALUE_DATA_DWORD", | |
TAG_TEXT_ENCODING: "TEXT_ENCODING", | |
TAG_TAGID: "TAGID", | |
TAG_TIME: "TIME", | |
TAG_BIN_FILE_VERSION: "BIN_FILE_VERSION", | |
TAG_BIN_PRODUCT_VERSION: "BIN_PRODUCT_VERSION", | |
TAG_MODTIME: "MODTIME", | |
TAG_FLAG_MASK_KERNEL: "FLAG_MASK_KERNEL", | |
TAG_UPTO_BIN_PRODUCT_VERSION: "UPTO_BIN_PRODUCT_VERSION", | |
TAG_DATA_QWORD: "DATA_QWORD", | |
TAG_FLAG_MASK_USER: "FLAG_MASK_USER", | |
TAG_FLAGS_NTVDM1: "FLAGS_NTVDM1", | |
TAG_FLAGS_NTVDM2: "FLAGS_NTVDM2", | |
TAG_FLAGS_NTVDM3: "FLAGS_NTVDM3", | |
TAG_FLAG_MASK_SHELL: "FLAG_MASK_SHELL", | |
TAG_UPTO_BIN_FILE_VERSION: "UPTO_BIN_FILE_VERSION", | |
TAG_FLAG_MASK_FUSION: "FLAG_MASK_FUSION", | |
TAG_FLAG_PROCESSPARAM: "FLAG_PROCESSPARAM", | |
TAG_FLAG_LUA: "FLAG_LUA", | |
TAG_FLAG_INSTALL: "FLAG_INSTALL", | |
TAG_FROM_BIN_PRODUCT_VERSION: "FROM_BIN_PRODUCT_VERSION", | |
TAG_FROM_BIN_FILE_VERSION: "FROM_BIN_FILE_VERSION", | |
TAG_PACKAGEID_VERSION: "PACKAGEID_VERSION", | |
TAG_FROM_PACKAGEID_VERSION: "FROM_PACKAGEID_VERSION", | |
TAG_UPTO_PACKAGEID_VERSION: "UPTO_PACKAGEID_VERSION", | |
TAG_OSMAXVERSIONTESTED: "OSMAXVERSIONTESTED", | |
TAG_FROM_OSMAXVERSIONTESTED: "FROM_OSMAXVERSIONTESTED", | |
TAG_UPTO_OSMAXVERSIONTESTED: "UPTO_OSMAXVERSIONTESTED", | |
TAG_FLAG_MASK_WINRT: "FLAG_MASK_WINRT", | |
TAG_REG_VALUE_DATA_QWORD: "REG_VALUE_DATA_QWORD", | |
TAG_QUIRK_ENABLED_UPTO_VERSION: "QUIRK_ENABLED_UPTO_VERSION", | |
TAG_NAME: "NAME", | |
TAG_DESCRIPTION: "DESCRIPTION", | |
TAG_MODULE: "MODULE", | |
TAG_API: "API", | |
TAG_VENDOR: "VENDOR", | |
TAG_APP_NAME: "APP_NAME", | |
TAG_COMMAND_LINE: "COMMAND_LINE", | |
TAG_COMPANY_NAME: "COMPANY_NAME", | |
TAG_DLLFILE: "DLLFILE", | |
TAG_WILDCARD_NAME: "WILDCARD_NAME", | |
TAG_PRODUCT_NAME: "PRODUCT_NAME", | |
TAG_PRODUCT_VERSION: "PRODUCT_VERSION", | |
TAG_FILE_DESCRIPTION: "FILE_DESCRIPTION", | |
TAG_FILE_VERSION: "FILE_VERSION", | |
TAG_ORIGINAL_FILENAME: "ORIGINAL_FILENAME", | |
TAG_INTERNAL_NAME: "INTERNAL_NAME", | |
TAG_LEGAL_COPYRIGHT: "LEGAL_COPYRIGHT", | |
TAG_16BIT_DESCRIPTION: "_16BIT_DESCRIPTION", | |
TAG_APPHELP_DETAILS: "APPHELP_DETAILS", | |
TAG_LINK_URL: "LINK_URL", | |
TAG_LINK_TEXT: "LINK_TEXT", | |
TAG_APPHELP_TITLE: "APPHELP_TITLE", | |
TAG_APPHELP_CONTACT: "APPHELP_CONTACT", | |
TAG_SXS_MANIFEST: "SXS_MANIFEST", | |
TAG_DATA_STRING: "DATA_STRING", | |
TAG_MSI_TRANSFORM_FILE: "MSI_TRANSFORM_FILE", | |
TAG_16BIT_MODULE_NAME: "_16BIT_MODULE_NAME", | |
TAG_LAYER_DISPLAYNAME: "LAYER_DISPLAYNAME", | |
TAG_COMPILER_VERSION: "COMPILER_VERSION", | |
TAG_ACTION_TYPE: "ACTION_TYPE", | |
TAG_EXPORT_NAME: "EXPORT_NAME", | |
TAG_VENDOR_ID: "VENDOR_ID", | |
TAG_DEVICE_ID: "DEVICE_ID", | |
TAG_SUB_VENDOR_ID: "SUB_VENDOR_ID", | |
TAG_SUB_SYSTEM_ID: "SUB_SYSTEM_ID", | |
TAG_PACKAGEID_NAME: "PACKAGEID_NAME", | |
TAG_PACKAGEID_PUBLISHER: "PACKAGEID_PUBLISHER", | |
TAG_PACKAGEID_LANGUAGE: "PACKAGEID_LANGUAGE", | |
TAG_URL: "URL", | |
TAG_MANUFACTURER: "MANUFACTURER", | |
TAG_MODEL: "MODEL", | |
TAG_DATE: "DATE", | |
TAG_REG_VALUE_NAME: "REG_VALUE_NAME", | |
TAG_REG_VALUE_DATA_SZ: "REG_VALUE_DATA_SZ", | |
TAG_MIGRATION_DATA_TEXT: "MIGRATION_DATA_TEXT", | |
TAG_DATABASE: "DATABASE", | |
TAG_LIBRARY: "LIBRARY", | |
TAG_INEXCLUDE: "INEXCLUDE", | |
TAG_SHIM: "SHIM", | |
TAG_PATCH: "PATCH", | |
TAG_APP: "APP", | |
TAG_EXE: "EXE", | |
TAG_MATCHING_FILE: "MATCHING_FILE", | |
TAG_SHIM_REF: "SHIM_REF", | |
TAG_PATCH_REF: "PATCH_REF", | |
TAG_LAYER: "LAYER", | |
TAG_FILE: "FILE", | |
TAG_APPHELP: "APPHELP", | |
TAG_LINK: "LINK", | |
TAG_DATA: "DATA", | |
TAG_MSI_TRANSFORM: "MSI_TRANSFORM", | |
TAG_MSI_TRANSFORM_REF: "MSI_TRANSFORM_REF", | |
TAG_MSI_PACKAGE: "MSI_PACKAGE", | |
TAG_FLAG: "FLAG", | |
TAG_MSI_CUSTOM_ACTION: "MSI_CUSTOM_ACTION", | |
TAG_FLAG_REF: "FLAG_REF", | |
TAG_ACTION: "ACTION", | |
TAG_LOOKUP: "LOOKUP", | |
TAG_CONTEXT: "CONTEXT", | |
TAG_CONTEXT_REF: "CONTEXT_REF", | |
TAG_KDEVICE: "KDEVICE", | |
TAG_KDRIVER: "KDRIVER", | |
TAG_MATCHING_DEVICE: "MATCHING_DEVICE", | |
TAG_ACPI: "ACPI", | |
TAG_BIOS: "BIOS", | |
TAG_CPU: "CPU", | |
TAG_OEM: "OEM", | |
TAG_KFLAG: "KFLAG", | |
TAG_KFLAG_REF: "KFLAG_REF", | |
TAG_KSHIM: "KSHIM", | |
TAG_KSHIM_REF: "KSHIM_REF", | |
TAG_REINSTALL_UPGRADE: "REINSTALL_UPGRADE", | |
TAG_KDATA: "KDATA", | |
TAG_BLOCK_UPGRADE: "BLOCK_UPGRADE", | |
TAG_SPC: "SPC", | |
TAG_QUIRK: "QUIRK", | |
TAG_QUIRK_REF: "QUIRK_REF", | |
TAG_BIOS_BLOCK: "BIOS_BLOCK", | |
TAG_MATCHING_INFO_BLOCK: "MATCHING_INFO_BLOCK", | |
TAG_DEVICE_BLOCK: "DEVICE_BLOCK", | |
TAG_MIGRATION_DATA: "MIGRATION_DATA", | |
TAG_MIGRATION_DATA_REF: "MIGRATION_DATA_REF", | |
TAG_MATCHING_REG: "MATCHING_REG", | |
TAG_MATCHING_TEXT: "MATCHING_TEXT", | |
TAG_MACHINE_BLOCK: "MACHINE_BLOCK", | |
TAG_OS_UPGRADE: "OS_UPGRADE", | |
TAG_PACKAGE: "PACKAGE", | |
TAG_STRINGTABLE: "STRINGTABLE", | |
TAG_INDEXES: "INDEXES", | |
TAG_INDEX: "INDEX", | |
TAG_STRINGTABLE_ITEM: "STRINGTABLE_ITEM", | |
TAG_PATCH_BITS: "PATCH_BITS", | |
TAG_FILE_BITS: "FILE_BITS", | |
TAG_EXE_ID: "EXE_ID", | |
TAG_DATA_BITS: "DATA_BITS", | |
TAG_MSI_PACKAGE_ID: "MSI_PACKAGE_ID", | |
TAG_DATABASE_ID: "DATABASE_ID", | |
TAG_CONTEXT_PLATFORM_ID: "CONTEXT_PLATFORM_ID", | |
TAG_CONTEXT_BRANCH_ID: "CONTEXT_BRANCH_ID", | |
TAG_FIX_ID: "FIX_ID", | |
TAG_APP_ID: "APP_ID", | |
TAG_REG_VALUE_DATA_BINARY: "REG_VALUE_DATA_BINARY", | |
TAG_TEXT: "TEXT", | |
TAG_INDEX_BITS: "INDEX_BITS", | |
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import sys | |
from struct import unpack, unpack_from, iter_unpack | |
from collections import namedtuple, defaultdict | |
from uuid import UUID | |
import xml.etree.ElementTree as ET | |
import xml.dom.minidom as md | |
from names import * | |
def element(name, attrib={}, text=None): | |
elem = ET.Element(name, attrib) | |
if not text is None: | |
elem.text = str(text) | |
return elem | |
def to_hex(data): | |
return ''.join('%02x' % x for x in data) | |
Header = namedtuple("SdbHeader", "unk1 unk2 magic") | |
stringtable_offset = None | |
def read_unknown(node, data, offset, end): | |
return 0 | |
def read_null(node, data, offset, end): | |
return 2 | |
def read_list(node, data, offset, end): | |
tag,length = unpack_from("<HI", data, offset) | |
node.set("length", str(length)) | |
read_tag(node, data, offset + 6, offset + 6 + length) | |
return 6 + length | |
def read_stringtable(node, data, offset, end): | |
global stringtable_offset | |
stringtable_offset = offset | |
return read_list(node, data, offset, end) | |
def read_binary(node, data, offset, end): | |
tag,length = unpack_from("<HI", data, offset) | |
node.set("length", str(length)) | |
node.text = ''.join(to_hex(data[offset+6:][:length])) | |
with open("/tmp/out/TAG_%s@%s" % (names[tag], hex(offset)), "wb") as out: | |
out.write(data[offset+6:][:length]) | |
return 6 + length | |
def read_uuid(node, data, offset, end): | |
tag,length = unpack_from("<HI", data, offset) | |
node.text = "{%s}" % str(UUID(bytes=bytes(data[offset+6:][:length]))) | |
return 6 + length | |
def read_index(node, data, offset, end): | |
tag,length = unpack_from("<HI", data, offset) | |
node.text = ''.join("%s, %s\n" % (key[::-1], offset) for key,offset in iter_unpack("<8sI", data[offset+6:][:length])) | |
return 6 + length | |
def read_string(node, data, offset, end): | |
tag,length = unpack_from("<HI", data, offset) | |
node.text = bytes(data[offset+6:][:length]).decode('utf-16').strip('\x00') | |
return 6 + length | |
def read_stringtable_item(node, data, offset, end): | |
node.set("strid", hex(offset - stringtable_offset)) | |
return read_string(node, data, offset, end) | |
def read_word(node, data, offset, end): | |
tag, value = unpack_from("<HH", data, offset) | |
node.text = hex(value) | |
return 4 | |
def read_tagname(node, data, offset, end): | |
tag, value = unpack_from("<HH", data, offset) | |
node.text = names[value] | |
return 4 | |
def read_dword(node, data, offset, end): | |
tag, value = unpack_from("<HI", data, offset) | |
node.text = hex(value) | |
return 6 | |
def read_qword(node, data, offset, end): | |
tag, value = unpack_from("<HQ", data, offset) | |
node.text = hex(value) | |
return 10 | |
class parsers_dict(dict): | |
def __missing__(self, key): | |
if key & 0xF000 in self: | |
return self[key & 0xF000] | |
else: | |
raise KeyError(key) | |
parsers = parsers_dict() | |
parsers.update({ | |
TAG_TYPE_NULL: read_null, | |
TAG_TYPE_WORD: read_word, | |
TAG_TYPE_DWORD: read_dword, | |
TAG_TYPE_QWORD: read_qword, | |
TAG_TYPE_STRINGREF: read_dword, | |
TAG_TYPE_LIST: read_list, | |
TAG_TYPE_STRING: read_string, | |
TAG_TYPE_BINARY: read_binary, | |
TAG_INDEX_TAG: read_tagname, | |
TAG_INDEX_KEY: read_tagname, | |
TAG_STRINGTABLE: read_stringtable, | |
TAG_STRINGTABLE_ITEM: read_stringtable_item, | |
TAG_FIX_ID: read_uuid, | |
TAG_EXE_ID: read_uuid, | |
TAG_APP_ID: read_uuid, | |
TAG_CONTEXT_BRANCH_ID: read_uuid, | |
TAG_CONTEXT_PLATFORM_ID: read_uuid, | |
TAG_MSI_PACKAGE_ID: read_uuid, | |
TAG_INDEX_BITS: read_index, | |
}) | |
def read_tag(node, data, offset, end): | |
while(offset < end): | |
tag, = unpack_from("<H", data, offset) | |
child = element(names[tag], attrib={"type": types[tag & 0xF000], "tagid": hex(offset), "tag": hex(tag)}) | |
size = parsers[tag](child, data, offset, end) | |
node.append(child) | |
if size == 0: | |
return | |
offset += size | |
#offset is word aligned | |
if offset % 2: | |
offset += 1 | |
with open(sys.argv[1], "rb") as fd: | |
data = memoryview(fd.read()) | |
header = Header(*unpack("<2I4s", data[0:0xC])) | |
root = element("Sdbf") | |
read_tag(root, data, 0xC, len(data)) #TAG_ROOT | |
for node in root.findall('.//*[@type="STRINGREF"]'): | |
item = root.find('./STRINGTABLE/STRINGTABLE_ITEM[@strid="%s"]' % node.text) | |
node.text = item.text | |
#pretty printing | |
print(md.parseString(ET.tostring(root)).toprettyxml()) | |
#print(ET.tostring(root).decode()) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
recommend using the
tempfile
(andimport os
) module and replacingsdb.py
line 50 with:then script runs successfully on Windows.