Unpacking new CAB files (aka IPD aka PA30), used by .MSU

Here you can propose new features, make suggestions etc.

Moderators: white, Hacker, petermad, Stefan2

Post Reply
HAL 9000
Senior Member
Senior Member
Posts: 384
Joined: 2007-09-10, 13:05 UTC

Unpacking new CAB files (aka IPD aka PA30), used by .MSU

Post by *HAL 9000 »

Microsoft in Windows Vista introduced new CAB format extension, introducing binary diff, somethin like rsync.

It is called intra-package delta (IPD)

https://reverseengineering.stackexchange.com/questions/6228/how-do-the-internals-of-a-windows-update-security-patch-work

It *seems* that unless cross-patform support is required (like TotaCmd/Android) there is already Windows DLLs to unack those files.

See the following topic, especially last messages.
https://msfn.org/board/topic/171184-microsoft-ipd-intra-package-delta-compression-tool/?page=2

https://www.raxsoft.com/raxccm/software.php - here is binary implementation of IPD unpacking, sadly there is e-mail but no sources, one could read to easily grasp MS API calls sequence for unpacking.
User avatar
Horst.Epp
Power Member
Power Member
Posts: 6429
Joined: 2003-02-06, 17:36 UTC
Location: Germany

Post by *Horst.Epp »

In Windows 10 there is no problem to open such files with TC
even without any plugin.
Just Ctrl-Page-Down
Windows 11 Home x64 Version 23H2 (OS Build 22631.3296)
TC 11.03 x64 / x86
Everything 1.5.0.1371a (x64), Everything Toolbar 1.3.2, Listary Pro 6.3.0.69
QAP 11.6.3.2 x64
User avatar
Dalai
Power Member
Power Member
Posts: 9352
Joined: 2005-01-28, 22:17 UTC
Location: Meiningen (Südthüringen)

Post by *Dalai »

Since it's an AutoIt script, it can be decompiled with Exe2Aut. Doing this reveals that the script uses mspatcha.exe which seems to come from Windows SDK dated back to the XP days. The script also unpacks mspatcha.dll which is part of every Windows installation, which might make things easier (only if the functions exported by this DLL are properly documented).

Packer plugin programmers come forward and accept the challenge ;).

@Horst.Epp:
You can enter the MSUs and the CABs inside them alright. Inside the CAB you'll see files numbered from 0 to some number (depending on the patch), but that's about it. Neither are there pretty file names nor can the numbered files be entered like an archive. The latter two are the core of HAL's post.

Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64

Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
umbra
Power Member
Power Member
Posts: 871
Joined: 2012-01-14, 20:41 UTC

Post by *umbra »

Well,
7-zip does not support it yet either (and it was requested years ago). So I wouldn't expect Total7zip plugin to solve it any time soon. And I haven't seen any serious new or updated packer plugin lately.
Windows 7 Pro x64, Windows 10 Pro x64
Post Reply