Skip to content

Instantly share code, notes, and snippets.

@ariscop

ariscop/names.py

Created June 9, 2015 21:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ariscop/f4826af0286e6fb430bb to your computer and use it in GitHub Desktop.
Save ariscop/f4826af0286e6fb430bb to your computer and use it in GitHub Desktop.
Download ZIP
dump sdb files as xml
Raw
names.py
from collections import defaultdict
TAG_TYPE_NULL = 0x1000
TAG_TYPE_BYTE = 0x2000
TAG_TYPE_WORD = 0x3000
TAG_TYPE_DWORD = 0x4000
TAG_TYPE_QWORD = 0x5000
TAG_TYPE_STRINGREF = 0x6000
TAG_TYPE_LIST = 0x7000
TAG_TYPE_STRING = 0x8000
TAG_TYPE_BINARY = 0x9000
types = {
TAG_TYPE_NULL: "NULL",
TAG_TYPE_BYTE: "BYTE",
TAG_TYPE_WORD: "WORD",
TAG_TYPE_DWORD: "DWORD",
TAG_TYPE_QWORD: "QWORD",
TAG_TYPE_STRINGREF: "STRINGREF",
TAG_TYPE_LIST: "LIST",
TAG_TYPE_STRING: "STRING",
TAG_TYPE_BINARY: "BINARY",
}
TAG_NULL = 0x0000
TAG_INCLUDE = 0x1001
TAG_GENERAL = 0x1002
TAG_MATCH_LOGIC_NOT = 0x1003
TAG_APPLY_ALL_SHIMS = 0x1004
TAG_USE_SERVICE_PACK_FILES = 0x1005
TAG_MITIGATION_OS = 0x1006
TAG_TRACE_PCA = 0x1007
TAG_INCLUDEEXCLUDEDLL = 0x1008
TAG_RAC_EVENT_OFF = 0x1009
TAG_TELEMETRY_OFF = 0x100a
TAG_SHIM_ENGINE_OFF = 0x100b
TAG_LAYER_PROPAGATION_OFF = 0x100c
TAG_FORCE_CACHE = 0x100d
TAG_MONITORING_OFF = 0x100e
TAG_QUIRK_OFF = 0x100f
TAG_ELEVATED_PROP_OFF = 0x1010
TAG_UPGRADE_ACTION_BLOCK_WEBSETUP = 0x1011
TAG_UPGRADE_ACTION_PROCEED_TO_MEDIASETUP = 0x1012
TAG_MATCH_MODE = 0x3001
TAG_QUIRK_COMPONENT_CODE_ID = 0x3002
TAG_QUIRK_CODE_ID = 0x3003
TAG_TAG = 0x3801
TAG_INDEX_TAG = 0x3802
TAG_INDEX_KEY = 0x3803
TAG_SIZE = 0x4001
TAG_OFFSET = 0x4002
TAG_CHECKSUM = 0x4003
TAG_SHIM_TAGID = 0x4004
TAG_PATCH_TAGID = 0x4005
TAG_MODULE_TYPE = 0x4006
TAG_VERDATEHI = 0x4007
TAG_VERDATELO = 0x4008
TAG_VERFILEOS = 0x4009
TAG_VERFILETYPE = 0x400a
TAG_PE_CHECKSUM = 0x400b
TAG_PREVOSMAJORVER = 0x400c
TAG_PREVOSMINORVER = 0x400d
TAG_PREVOSPLATFORMID = 0x400e
TAG_PREVOSBUILDNO = 0x400f
TAG_PROBLEMSEVERITY = 0x4010
TAG_LANGID = 0x4011
TAG_VER_LANGUAGE = 0x4012
TAG_ENGINE = 0x4014
TAG_HTMLHELPID = 0x4015
TAG_INDEX_FLAGS = 0x4016
TAG_FLAGS = 0x4017
TAG_DATA_VALUETYPE = 0x4018
TAG_DATA_DWORD = 0x4019
TAG_LAYER_TAGID = 0x401a
TAG_MSI_TRANSFORM_TAGID = 0x401b
TAG_LINKER_VERSION = 0x401c
TAG_LINK_DATE = 0x401d
TAG_UPTO_LINK_DATE = 0x401e
TAG_OS_SERVICE_PACK = 0x401f
TAG_FLAG_TAGID = 0x4020
TAG_RUNTIME_PLATFORM = 0x4021
TAG_OS_SKU = 0x4022
TAG_OS_PLATFORM = 0x4023
TAG_APP_NAME_RC_ID = 0x4024
TAG_VENDOR_NAME_RC_ID = 0x4025
TAG_SUMMARY_MSG_RC_ID = 0x4026
TAG_DESCRIPTION_RC_ID = 0x4028
TAG_PARAMETER1_RC_ID = 0x4029
TAG_CONTEXT_TAGID = 0x4030
TAG_EXE_WRAPPER = 0x4031
TAG_EXE_TYPE = 0x4032
TAG_FROM_LINK_DATE = 0x4033
TAG_REVISION_EQ = 0x4034
TAG_REVISION_LE = 0x4035
TAG_REVISION_GE = 0x4036
TAG_DATE_EQ = 0x4037
TAG_DATE_LE = 0x4038
TAG_DATE_GE = 0x4039
TAG_CPU_MODEL_EQ = 0x403a
TAG_CPU_MODEL_LE = 0x403b
TAG_CPU_MODEL_GE = 0x403c
TAG_CPU_FAMILY_EQ = 0x403d
TAG_CPU_FAMILY_LE = 0x403e
TAG_CPU_FAMILY_GE = 0x403f
TAG_CREATOR_REVISION_EQ = 0x4040
TAG_CREATOR_REVISION_LE = 0x4041
TAG_CREATOR_REVISION_GE = 0x4042
TAG_SIZE_OF_IMAGE = 0x4043
TAG_SHIM_CLASS = 0x4044
TAG_PACKAGEID_ARCHITECTURE = 0x4045
TAG_REINSTALL_UPGRADE_TYPE = 0x4046
TAG_BLOCK_UPGRADE_TYPE = 0x4047
TAG_ROUTING_MODE = 0x4048
TAG_OS_VERSION_VALUE = 0x4049
TAG_CRC_CHECKSUM = 0x404a
TAG_URL_ID = 0x404b
TAG_QUIRK_TAGID = 0x404c
TAG_MIGRATION_DATA_TYPE = 0x404e
TAG_UPGRADE_DATA = 0x404f
TAG_MIGRATION_DATA_TAGID = 0x4050
TAG_REG_VALUE_TYPE = 0x4051
TAG_REG_VALUE_DATA_DWORD = 0x4052
TAG_TEXT_ENCODING = 0x4053
TAG_TAGID = 0x4801
TAG_TIME = 0x5001
TAG_BIN_FILE_VERSION = 0x5002
TAG_BIN_PRODUCT_VERSION = 0x5003
TAG_MODTIME = 0x5004
TAG_FLAG_MASK_KERNEL = 0x5005
TAG_UPTO_BIN_PRODUCT_VERSION = 0x5006
TAG_DATA_QWORD = 0x5007
TAG_FLAG_MASK_USER = 0x5008
TAG_FLAGS_NTVDM1 = 0x5009
TAG_FLAGS_NTVDM2 = 0x500a
TAG_FLAGS_NTVDM3 = 0x500b
TAG_FLAG_MASK_SHELL = 0x500c
TAG_UPTO_BIN_FILE_VERSION = 0x500d
TAG_FLAG_MASK_FUSION = 0x500e
TAG_FLAG_PROCESSPARAM = 0x500f
TAG_FLAG_LUA = 0x5010
TAG_FLAG_INSTALL = 0x5011
TAG_FROM_BIN_PRODUCT_VERSION = 0x5012
TAG_FROM_BIN_FILE_VERSION = 0x5013
TAG_PACKAGEID_VERSION = 0x5014
TAG_FROM_PACKAGEID_VERSION = 0x5015
TAG_UPTO_PACKAGEID_VERSION = 0x5016
TAG_OSMAXVERSIONTESTED = 0x5017
TAG_FROM_OSMAXVERSIONTESTED = 0x5018
TAG_UPTO_OSMAXVERSIONTESTED = 0x5019
TAG_FLAG_MASK_WINRT = 0x501a
TAG_REG_VALUE_DATA_QWORD = 0x501b
TAG_QUIRK_ENABLED_UPTO_VERSION = 0x501c
TAG_NAME = 0x6001
TAG_DESCRIPTION = 0x6002
TAG_MODULE = 0x6003
TAG_API = 0x6004
TAG_VENDOR = 0x6005
TAG_APP_NAME = 0x6006
TAG_COMMAND_LINE = 0x6008
TAG_COMPANY_NAME = 0x6009
TAG_DLLFILE = 0x600a
TAG_WILDCARD_NAME = 0x600b
TAG_PRODUCT_NAME = 0x6010
TAG_PRODUCT_VERSION = 0x6011
TAG_FILE_DESCRIPTION = 0x6012
TAG_FILE_VERSION = 0x6013
TAG_ORIGINAL_FILENAME = 0x6014
TAG_INTERNAL_NAME = 0x6015
TAG_LEGAL_COPYRIGHT = 0x6016
TAG_16BIT_DESCRIPTION = 0x6017
TAG_APPHELP_DETAILS = 0x6018
TAG_LINK_URL = 0x6019
TAG_LINK_TEXT = 0x601a
TAG_APPHELP_TITLE = 0x601b
TAG_APPHELP_CONTACT = 0x601c
TAG_SXS_MANIFEST = 0x601d
TAG_DATA_STRING = 0x601e
TAG_MSI_TRANSFORM_FILE = 0x601f
TAG_16BIT_MODULE_NAME = 0x6020
TAG_LAYER_DISPLAYNAME = 0x6021
TAG_COMPILER_VERSION = 0x6022
TAG_ACTION_TYPE = 0x6023
TAG_EXPORT_NAME = 0x6024
TAG_VENDOR_ID = 0x6025
TAG_DEVICE_ID = 0x6026
TAG_SUB_VENDOR_ID = 0x6027
TAG_SUB_SYSTEM_ID = 0x6028
TAG_PACKAGEID_NAME = 0x6029
TAG_PACKAGEID_PUBLISHER = 0x602a
TAG_PACKAGEID_LANGUAGE = 0x602b
TAG_URL = 0x602c
TAG_MANUFACTURER = 0x602d
TAG_MODEL = 0x602e
TAG_DATE = 0x602f
TAG_REG_VALUE_NAME = 0x6030
TAG_REG_VALUE_DATA_SZ = 0x6031
TAG_MIGRATION_DATA_TEXT = 0x6032
TAG_DATABASE = 0x7001
TAG_LIBRARY = 0x7002
TAG_INEXCLUDE = 0x7003
TAG_SHIM = 0x7004
TAG_PATCH = 0x7005
TAG_APP = 0x7006
TAG_EXE = 0x7007
TAG_MATCHING_FILE = 0x7008
TAG_SHIM_REF = 0x7009
TAG_PATCH_REF = 0x700a
TAG_LAYER = 0x700b
TAG_FILE = 0x700c
TAG_APPHELP = 0x700d
TAG_LINK = 0x700e
TAG_DATA = 0x700f
TAG_MSI_TRANSFORM = 0x7010
TAG_MSI_TRANSFORM_REF = 0x7011
TAG_MSI_PACKAGE = 0x7012
TAG_FLAG = 0x7013
TAG_MSI_CUSTOM_ACTION = 0x7014
TAG_FLAG_REF = 0x7015
TAG_ACTION = 0x7016
TAG_LOOKUP = 0x7017
TAG_CONTEXT = 0x7018
TAG_CONTEXT_REF = 0x7019
TAG_KDEVICE = 0x701a
TAG_KDRIVER = 0x701c
TAG_MATCHING_DEVICE = 0x701e
TAG_ACPI = 0x701f
TAG_BIOS = 0x7020
TAG_CPU = 0x7021
TAG_OEM = 0x7022
TAG_KFLAG = 0x7023
TAG_KFLAG_REF = 0x7024
TAG_KSHIM = 0x7025
TAG_KSHIM_REF = 0x7026
TAG_REINSTALL_UPGRADE = 0x7027
TAG_KDATA = 0x7028
TAG_BLOCK_UPGRADE = 0x7029
TAG_SPC = 0x702a
TAG_QUIRK = 0x702b
TAG_QUIRK_REF = 0x702c
TAG_BIOS_BLOCK = 0x702d
TAG_MATCHING_INFO_BLOCK = 0x702e
TAG_DEVICE_BLOCK = 0x702f
TAG_MIGRATION_DATA = 0x7030
TAG_MIGRATION_DATA_REF = 0x7031
TAG_MATCHING_REG = 0x7032
TAG_MATCHING_TEXT = 0x7033
TAG_MACHINE_BLOCK = 0x7034
TAG_OS_UPGRADE = 0x7035
TAG_PACKAGE = 0x7036
TAG_STRINGTABLE = 0x7801
TAG_INDEXES = 0x7802
TAG_INDEX = 0x7803
TAG_STRINGTABLE_ITEM = 0x8801
TAG_PATCH_BITS = 0x9002
TAG_FILE_BITS = 0x9003
TAG_EXE_ID = 0x9004
TAG_DATA_BITS = 0x9005
TAG_MSI_PACKAGE_ID = 0x9006
TAG_DATABASE_ID = 0x9007
TAG_CONTEXT_PLATFORM_ID = 0x9008
TAG_CONTEXT_BRANCH_ID = 0x9009
TAG_FIX_ID = 0x9010
TAG_APP_ID = 0x9011
TAG_REG_VALUE_DATA_BINARY = 0x9012
TAG_TEXT = 0x9013
TAG_INDEX_BITS = 0x9801
names = defaultdict(lambda: "InvalidTag")
names.update({
TAG_NULL: "NULL",
TAG_INCLUDE: "INCLUDE",
TAG_GENERAL: "GENERAL",
TAG_MATCH_LOGIC_NOT: "MATCH_LOGIC_NOT",
TAG_APPLY_ALL_SHIMS: "APPLY_ALL_SHIMS",
TAG_USE_SERVICE_PACK_FILES: "USE_SERVICE_PACK_FILES",
TAG_MITIGATION_OS: "MITIGATION_OS",
TAG_TRACE_PCA: "TRACE_PCA",
TAG_INCLUDEEXCLUDEDLL: "INCLUDEEXCLUDEDLL",
TAG_RAC_EVENT_OFF: "RAC_EVENT_OFF",
TAG_TELEMETRY_OFF: "TELEMETRY_OFF",
TAG_SHIM_ENGINE_OFF: "SHIM_ENGINE_OFF",
TAG_LAYER_PROPAGATION_OFF: "LAYER_PROPAGATION_OFF",
TAG_FORCE_CACHE: "FORCE_CACHE",
TAG_MONITORING_OFF: "MONITORING_OFF",
TAG_QUIRK_OFF: "QUIRK_OFF",
TAG_ELEVATED_PROP_OFF: "ELEVATED_PROP_OFF",
TAG_UPGRADE_ACTION_BLOCK_WEBSETUP: "UPGRADE_ACTION_BLOCK_WEBSETUP",
TAG_UPGRADE_ACTION_PROCEED_TO_MEDIASETUP: "UPGRADE_ACTION_PROCEED_TO_MEDIASETUP",
TAG_MATCH_MODE: "MATCH_MODE",
TAG_QUIRK_COMPONENT_CODE_ID: "QUIRK_COMPONENT_CODE_ID",
TAG_QUIRK_CODE_ID: "QUIRK_CODE_ID",
TAG_TAG: "TAG",
TAG_INDEX_TAG: "INDEX_TAG",
TAG_INDEX_KEY: "INDEX_KEY",
TAG_SIZE: "SIZE",
TAG_OFFSET: "OFFSET",
TAG_CHECKSUM: "CHECKSUM",
TAG_SHIM_TAGID: "SHIM_TAGID",
TAG_PATCH_TAGID: "PATCH_TAGID",
TAG_MODULE_TYPE: "MODULE_TYPE",
TAG_VERDATEHI: "VERDATEHI",
TAG_VERDATELO: "VERDATELO",
TAG_VERFILEOS: "VERFILEOS",
TAG_VERFILETYPE: "VERFILETYPE",
TAG_PE_CHECKSUM: "PE_CHECKSUM",
TAG_PREVOSMAJORVER: "PREVOSMAJORVER",
TAG_PREVOSMINORVER: "PREVOSMINORVER",
TAG_PREVOSPLATFORMID: "PREVOSPLATFORMID",
TAG_PREVOSBUILDNO: "PREVOSBUILDNO",
TAG_PROBLEMSEVERITY: "PROBLEMSEVERITY",
TAG_LANGID: "LANGID",
TAG_VER_LANGUAGE: "VER_LANGUAGE",
TAG_ENGINE: "ENGINE",
TAG_HTMLHELPID: "HTMLHELPID",
TAG_INDEX_FLAGS: "INDEX_FLAGS",
TAG_FLAGS: "FLAGS",
TAG_DATA_VALUETYPE: "DATA_VALUETYPE",
TAG_DATA_DWORD: "DATA_DWORD",
TAG_LAYER_TAGID: "LAYER_TAGID",
TAG_MSI_TRANSFORM_TAGID: "MSI_TRANSFORM_TAGID",
TAG_LINKER_VERSION: "LINKER_VERSION",
TAG_LINK_DATE: "LINK_DATE",
TAG_UPTO_LINK_DATE: "UPTO_LINK_DATE",
TAG_OS_SERVICE_PACK: "OS_SERVICE_PACK",
TAG_FLAG_TAGID: "FLAG_TAGID",
TAG_RUNTIME_PLATFORM: "RUNTIME_PLATFORM",
TAG_OS_SKU: "OS_SKU",
TAG_OS_PLATFORM: "OS_PLATFORM",
TAG_APP_NAME_RC_ID: "APP_NAME_RC_ID",
TAG_VENDOR_NAME_RC_ID: "VENDOR_NAME_RC_ID",
TAG_SUMMARY_MSG_RC_ID: "SUMMARY_MSG_RC_ID",
TAG_DESCRIPTION_RC_ID: "DESCRIPTION_RC_ID",
TAG_PARAMETER1_RC_ID: "PARAMETER1_RC_ID",
TAG_CONTEXT_TAGID: "CONTEXT_TAGID",
TAG_EXE_WRAPPER: "EXE_WRAPPER",
TAG_EXE_TYPE: "EXE_TYPE",
TAG_FROM_LINK_DATE: "FROM_LINK_DATE",
TAG_REVISION_EQ: "REVISION_EQ",
TAG_REVISION_LE: "REVISION_LE",
TAG_REVISION_GE: "REVISION_GE",
TAG_DATE_EQ: "DATE_EQ",
TAG_DATE_LE: "DATE_LE",
TAG_DATE_GE: "DATE_GE",
TAG_CPU_MODEL_EQ: "CPU_MODEL_EQ",
TAG_CPU_MODEL_LE: "CPU_MODEL_LE",
TAG_CPU_MODEL_GE: "CPU_MODEL_GE",
TAG_CPU_FAMILY_EQ: "CPU_FAMILY_EQ",
TAG_CPU_FAMILY_LE: "CPU_FAMILY_LE",
TAG_CPU_FAMILY_GE: "CPU_FAMILY_GE",
TAG_CREATOR_REVISION_EQ: "CREATOR_REVISION_EQ",
TAG_CREATOR_REVISION_LE: "CREATOR_REVISION_LE",
TAG_CREATOR_REVISION_GE: "CREATOR_REVISION_GE",
TAG_SIZE_OF_IMAGE: "SIZE_OF_IMAGE",
TAG_SHIM_CLASS: "SHIM_CLASS",
TAG_PACKAGEID_ARCHITECTURE: "PACKAGEID_ARCHITECTURE",
TAG_REINSTALL_UPGRADE_TYPE: "REINSTALL_UPGRADE_TYPE",
TAG_BLOCK_UPGRADE_TYPE: "BLOCK_UPGRADE_TYPE",
TAG_ROUTING_MODE: "ROUTING_MODE",
TAG_OS_VERSION_VALUE: "OS_VERSION_VALUE",
TAG_CRC_CHECKSUM: "CRC_CHECKSUM",
TAG_URL_ID: "URL_ID",
TAG_QUIRK_TAGID: "QUIRK_TAGID",
TAG_MIGRATION_DATA_TYPE: "MIGRATION_DATA_TYPE",
TAG_UPGRADE_DATA: "UPGRADE_DATA",
TAG_MIGRATION_DATA_TAGID: "MIGRATION_DATA_TAGID",
TAG_REG_VALUE_TYPE: "REG_VALUE_TYPE",
TAG_REG_VALUE_DATA_DWORD: "REG_VALUE_DATA_DWORD",
TAG_TEXT_ENCODING: "TEXT_ENCODING",
TAG_TAGID: "TAGID",
TAG_TIME: "TIME",
TAG_BIN_FILE_VERSION: "BIN_FILE_VERSION",
TAG_BIN_PRODUCT_VERSION: "BIN_PRODUCT_VERSION",
TAG_MODTIME: "MODTIME",
TAG_FLAG_MASK_KERNEL: "FLAG_MASK_KERNEL",
TAG_UPTO_BIN_PRODUCT_VERSION: "UPTO_BIN_PRODUCT_VERSION",
TAG_DATA_QWORD: "DATA_QWORD",
TAG_FLAG_MASK_USER: "FLAG_MASK_USER",
TAG_FLAGS_NTVDM1: "FLAGS_NTVDM1",
TAG_FLAGS_NTVDM2: "FLAGS_NTVDM2",
TAG_FLAGS_NTVDM3: "FLAGS_NTVDM3",
TAG_FLAG_MASK_SHELL: "FLAG_MASK_SHELL",
TAG_UPTO_BIN_FILE_VERSION: "UPTO_BIN_FILE_VERSION",
TAG_FLAG_MASK_FUSION: "FLAG_MASK_FUSION",
TAG_FLAG_PROCESSPARAM: "FLAG_PROCESSPARAM",
TAG_FLAG_LUA: "FLAG_LUA",
TAG_FLAG_INSTALL: "FLAG_INSTALL",
TAG_FROM_BIN_PRODUCT_VERSION: "FROM_BIN_PRODUCT_VERSION",
TAG_FROM_BIN_FILE_VERSION: "FROM_BIN_FILE_VERSION",
TAG_PACKAGEID_VERSION: "PACKAGEID_VERSION",
TAG_FROM_PACKAGEID_VERSION: "FROM_PACKAGEID_VERSION",
TAG_UPTO_PACKAGEID_VERSION: "UPTO_PACKAGEID_VERSION",
TAG_OSMAXVERSIONTESTED: "OSMAXVERSIONTESTED",
TAG_FROM_OSMAXVERSIONTESTED: "FROM_OSMAXVERSIONTESTED",
TAG_UPTO_OSMAXVERSIONTESTED: "UPTO_OSMAXVERSIONTESTED",
TAG_FLAG_MASK_WINRT: "FLAG_MASK_WINRT",
TAG_REG_VALUE_DATA_QWORD: "REG_VALUE_DATA_QWORD",
TAG_QUIRK_ENABLED_UPTO_VERSION: "QUIRK_ENABLED_UPTO_VERSION",
TAG_NAME: "NAME",
TAG_DESCRIPTION: "DESCRIPTION",
TAG_MODULE: "MODULE",
TAG_API: "API",
TAG_VENDOR: "VENDOR",
TAG_APP_NAME: "APP_NAME",
TAG_COMMAND_LINE: "COMMAND_LINE",
TAG_COMPANY_NAME: "COMPANY_NAME",
TAG_DLLFILE: "DLLFILE",
TAG_WILDCARD_NAME: "WILDCARD_NAME",
TAG_PRODUCT_NAME: "PRODUCT_NAME",
TAG_PRODUCT_VERSION: "PRODUCT_VERSION",
TAG_FILE_DESCRIPTION: "FILE_DESCRIPTION",
TAG_FILE_VERSION: "FILE_VERSION",
TAG_ORIGINAL_FILENAME: "ORIGINAL_FILENAME",
TAG_INTERNAL_NAME: "INTERNAL_NAME",
TAG_LEGAL_COPYRIGHT: "LEGAL_COPYRIGHT",
TAG_16BIT_DESCRIPTION: "_16BIT_DESCRIPTION",
TAG_APPHELP_DETAILS: "APPHELP_DETAILS",
TAG_LINK_URL: "LINK_URL",
TAG_LINK_TEXT: "LINK_TEXT",
TAG_APPHELP_TITLE: "APPHELP_TITLE",
TAG_APPHELP_CONTACT: "APPHELP_CONTACT",
TAG_SXS_MANIFEST: "SXS_MANIFEST",
TAG_DATA_STRING: "DATA_STRING",
TAG_MSI_TRANSFORM_FILE: "MSI_TRANSFORM_FILE",
TAG_16BIT_MODULE_NAME: "_16BIT_MODULE_NAME",
TAG_LAYER_DISPLAYNAME: "LAYER_DISPLAYNAME",
TAG_COMPILER_VERSION: "COMPILER_VERSION",
TAG_ACTION_TYPE: "ACTION_TYPE",
TAG_EXPORT_NAME: "EXPORT_NAME",
TAG_VENDOR_ID: "VENDOR_ID",
TAG_DEVICE_ID: "DEVICE_ID",
TAG_SUB_VENDOR_ID: "SUB_VENDOR_ID",
TAG_SUB_SYSTEM_ID: "SUB_SYSTEM_ID",
TAG_PACKAGEID_NAME: "PACKAGEID_NAME",
TAG_PACKAGEID_PUBLISHER: "PACKAGEID_PUBLISHER",
TAG_PACKAGEID_LANGUAGE: "PACKAGEID_LANGUAGE",
TAG_URL: "URL",
TAG_MANUFACTURER: "MANUFACTURER",
TAG_MODEL: "MODEL",
TAG_DATE: "DATE",
TAG_REG_VALUE_NAME: "REG_VALUE_NAME",
TAG_REG_VALUE_DATA_SZ: "REG_VALUE_DATA_SZ",
TAG_MIGRATION_DATA_TEXT: "MIGRATION_DATA_TEXT",
TAG_DATABASE: "DATABASE",
TAG_LIBRARY: "LIBRARY",
TAG_INEXCLUDE: "INEXCLUDE",
TAG_SHIM: "SHIM",
TAG_PATCH: "PATCH",
TAG_APP: "APP",
TAG_EXE: "EXE",
TAG_MATCHING_FILE: "MATCHING_FILE",
TAG_SHIM_REF: "SHIM_REF",
TAG_PATCH_REF: "PATCH_REF",
TAG_LAYER: "LAYER",
TAG_FILE: "FILE",
TAG_APPHELP: "APPHELP",
TAG_LINK: "LINK",
TAG_DATA: "DATA",
TAG_MSI_TRANSFORM: "MSI_TRANSFORM",
TAG_MSI_TRANSFORM_REF: "MSI_TRANSFORM_REF",
TAG_MSI_PACKAGE: "MSI_PACKAGE",
TAG_FLAG: "FLAG",
TAG_MSI_CUSTOM_ACTION: "MSI_CUSTOM_ACTION",
TAG_FLAG_REF: "FLAG_REF",
TAG_ACTION: "ACTION",
TAG_LOOKUP: "LOOKUP",
TAG_CONTEXT: "CONTEXT",
TAG_CONTEXT_REF: "CONTEXT_REF",
TAG_KDEVICE: "KDEVICE",
TAG_KDRIVER: "KDRIVER",
TAG_MATCHING_DEVICE: "MATCHING_DEVICE",
TAG_ACPI: "ACPI",
TAG_BIOS: "BIOS",
TAG_CPU: "CPU",
TAG_OEM: "OEM",
TAG_KFLAG: "KFLAG",
TAG_KFLAG_REF: "KFLAG_REF",
TAG_KSHIM: "KSHIM",
TAG_KSHIM_REF: "KSHIM_REF",
TAG_REINSTALL_UPGRADE: "REINSTALL_UPGRADE",
TAG_KDATA: "KDATA",
TAG_BLOCK_UPGRADE: "BLOCK_UPGRADE",
TAG_SPC: "SPC",
TAG_QUIRK: "QUIRK",
TAG_QUIRK_REF: "QUIRK_REF",
TAG_BIOS_BLOCK: "BIOS_BLOCK",
TAG_MATCHING_INFO_BLOCK: "MATCHING_INFO_BLOCK",
TAG_DEVICE_BLOCK: "DEVICE_BLOCK",
TAG_MIGRATION_DATA: "MIGRATION_DATA",
TAG_MIGRATION_DATA_REF: "MIGRATION_DATA_REF",
TAG_MATCHING_REG: "MATCHING_REG",
TAG_MATCHING_TEXT: "MATCHING_TEXT",
TAG_MACHINE_BLOCK: "MACHINE_BLOCK",
TAG_OS_UPGRADE: "OS_UPGRADE",
TAG_PACKAGE: "PACKAGE",
TAG_STRINGTABLE: "STRINGTABLE",
TAG_INDEXES: "INDEXES",
TAG_INDEX: "INDEX",
TAG_STRINGTABLE_ITEM: "STRINGTABLE_ITEM",
TAG_PATCH_BITS: "PATCH_BITS",
TAG_FILE_BITS: "FILE_BITS",
TAG_EXE_ID: "EXE_ID",
TAG_DATA_BITS: "DATA_BITS",
TAG_MSI_PACKAGE_ID: "MSI_PACKAGE_ID",
TAG_DATABASE_ID: "DATABASE_ID",
TAG_CONTEXT_PLATFORM_ID: "CONTEXT_PLATFORM_ID",
TAG_CONTEXT_BRANCH_ID: "CONTEXT_BRANCH_ID",
TAG_FIX_ID: "FIX_ID",
TAG_APP_ID: "APP_ID",
TAG_REG_VALUE_DATA_BINARY: "REG_VALUE_DATA_BINARY",
TAG_TEXT: "TEXT",
TAG_INDEX_BITS: "INDEX_BITS",
})
Raw
sdb.py
#!/usr/bin/env python3
import sys
from struct import unpack, unpack_from, iter_unpack
from collections import namedtuple, defaultdict
from uuid import UUID
import xml.etree.ElementTree as ET
import xml.dom.minidom as md
from names import *
def element(name, attrib={}, text=None):
elem = ET.Element(name, attrib)
if not text is None:
elem.text = str(text)
return elem
def to_hex(data):
return ''.join('%02x' % x for x in data)
Header = namedtuple("SdbHeader", "unk1 unk2 magic")
stringtable_offset = None
def read_unknown(node, data, offset, end):
return 0
def read_null(node, data, offset, end):
return 2
def read_list(node, data, offset, end):
tag,length = unpack_from("<HI", data, offset)
node.set("length", str(length))
read_tag(node, data, offset + 6, offset + 6 + length)
return 6 + length
def read_stringtable(node, data, offset, end):
global stringtable_offset
stringtable_offset = offset
return read_list(node, data, offset, end)
def read_binary(node, data, offset, end):
tag,length = unpack_from("<HI", data, offset)
node.set("length", str(length))
node.text = ''.join(to_hex(data[offset+6:][:length]))
with open("/tmp/out/TAG_%s@%s" % (names[tag], hex(offset)), "wb") as out:
out.write(data[offset+6:][:length])
return 6 + length
def read_uuid(node, data, offset, end):
tag,length = unpack_from("<HI", data, offset)
node.text = "{%s}" % str(UUID(bytes=bytes(data[offset+6:][:length])))
return 6 + length
def read_index(node, data, offset, end):
tag,length = unpack_from("<HI", data, offset)
node.text = ''.join("%s, %s\n" % (key[::-1], offset) for key,offset in iter_unpack("<8sI", data[offset+6:][:length]))
return 6 + length
def read_string(node, data, offset, end):
tag,length = unpack_from("<HI", data, offset)
node.text = bytes(data[offset+6:][:length]).decode('utf-16').strip('\x00')
return 6 + length
def read_stringtable_item(node, data, offset, end):
node.set("strid", hex(offset - stringtable_offset))
return read_string(node, data, offset, end)
def read_word(node, data, offset, end):
tag, value = unpack_from("<HH", data, offset)
node.text = hex(value)
return 4
def read_tagname(node, data, offset, end):
tag, value = unpack_from("<HH", data, offset)
node.text = names[value]
return 4
def read_dword(node, data, offset, end):
tag, value = unpack_from("<HI", data, offset)
node.text = hex(value)
return 6
def read_qword(node, data, offset, end):
tag, value = unpack_from("<HQ", data, offset)
node.text = hex(value)
return 10
class parsers_dict(dict):
def __missing__(self, key):
if key & 0xF000 in self:
return self[key & 0xF000]
else:
raise KeyError(key)
parsers = parsers_dict()
parsers.update({
TAG_TYPE_NULL: read_null,
TAG_TYPE_WORD: read_word,
TAG_TYPE_DWORD: read_dword,
TAG_TYPE_QWORD: read_qword,
TAG_TYPE_STRINGREF: read_dword,
TAG_TYPE_LIST: read_list,
TAG_TYPE_STRING: read_string,
TAG_TYPE_BINARY: read_binary,
TAG_INDEX_TAG: read_tagname,
TAG_INDEX_KEY: read_tagname,
TAG_STRINGTABLE: read_stringtable,
TAG_STRINGTABLE_ITEM: read_stringtable_item,
TAG_FIX_ID: read_uuid,
TAG_EXE_ID: read_uuid,
TAG_APP_ID: read_uuid,
TAG_CONTEXT_BRANCH_ID: read_uuid,
TAG_CONTEXT_PLATFORM_ID: read_uuid,
TAG_MSI_PACKAGE_ID: read_uuid,
TAG_INDEX_BITS: read_index,
})
def read_tag(node, data, offset, end):
while(offset < end):
tag, = unpack_from("<H", data, offset)
child = element(names[tag], attrib={"type": types[tag & 0xF000], "tagid": hex(offset), "tag": hex(tag)})
size = parsers[tag](child, data, offset, end)
node.append(child)
if size == 0:
return
offset += size
#offset is word aligned
if offset % 2:
offset += 1
with open(sys.argv[1], "rb") as fd:
data = memoryview(fd.read())
header = Header(*unpack("<2I4s", data[0:0xC]))
root = element("Sdbf")
read_tag(root, data, 0xC, len(data)) #TAG_ROOT
for node in root.findall('.//*[@type="STRINGREF"]'):
item = root.find('./STRINGTABLE/STRINGTABLE_ITEM[@strid="%s"]' % node.text)
node.text = item.text
print(md.parseString(ET.tostring(root)).toprettyxml())
#print(ET.tostring(root).decode())
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment