NSIS unpacker?

[icfu]

I think that MultiArc doesn't search *at all* when SFX header is not skipped, that's why exact IDPOS values are needed to open the corresponding archives.

Icfu

[TychoBarfy]

If you want to IDENTIFY an archive as NSIS you have to use a SPECIFIC string. Your ID string will simply match all Exes...

But show me one exe with 33 D2 8B, 55 8B EC 83 or 55 8B EC at IDPOS 1024
which is not a NSIS exe.

I couldn't find any. If you'll find one, tell me. I'm sure you will not find any.

I think the 90% success rate comes from the IDPOS=8 and SkipSFXHeader=1 scheme I mentioned above.

I don't use this because I have less hits.

All IDPOS values for the ID "NullsoftInst" I have found can be calculated using this formula in hex format:
O=8+512*n (O=Offset)

There exist not only some with "NullsoftInst" but allso with "NullSoftInst".

[icfu]

But show me one exe with 33 D2 8B, 55 8B EC 83 or 55 8B EC at IDPOS 1024
which is not a NSIS exe.

I couldn't find any. If you'll find one, tell me. I'm sure you will not find any.

First hit on my PC: Several InstallShield packers with 55 8B EC at offset 0x400...

I don't use this because I have less hits.

Please retest with a clean multiarc.ini. This one for example opens your Sylpheed-2.2.4-win32_setup.exe so you don't need the IDPOS=51208 anymore...

There exist not only some with "NullsoftInst" but allso with "NullSoftInst".

I don't have found any of these here. If such archives exist, maybe someone has tried to make them unique or it was a bug in a former NSIS version. Who knows.

Icfu

[TychoBarfy]

2icfu, ok you convinced me.

Made it like this now.

I put the NSIS_SkipSfxHeader section to the end, the old or buggy
ones with NullSoftInst to the top without IDPOS.

Code: Select all

; -----------------------------------------------------------------------
[NSIS_Old]
Description="7-Zip 3.40 NSIS Old"
Archiver=PATHTO\7z.exe
Extension=exe_NSIS,exe
BatchUnpack=1
ID=4E 75 6C 6C 53 6F 66 74 49 6E 73 74
Start="^-------------------"
End="^-------------------"
Format0="yyyy tt dd hh mm ss aaaaa zzzzzzzzzzzz pppppppppppp n*256"
SkipLIST=1
List=%P l %AQA
Extract=%P e -y %AQA @%LQ
ExtractWithPath=%P x -y %AQA @%LQ

[NSIS]
Description="7-Zip 3.40 NSIS"
Archiver=PATHTO\7z.exe
Extension=exe_NSIS,exe
BatchUnpack=1
ID=4E 75 6C 6C 73 6F 66 74 49 6E 73 74
IDPOS=21000, 21512, 23560, 25096, 26632, 32264, 34824, 36360, 38408, 41480, 45576, 47112, 47624, 50696
Start="^-------------------"
End="^-------------------"
Format0="yyyy tt dd hh mm ss aaaaa zzzzzzzzzzzz pppppppppppp n*256"
SkipLIST=1
List=%P l %AQA
Extract=%P e -y %AQA @%LQ
ExtractWithPath=%P x -y %AQA @%LQ

[NSIS_SkipSfxHeader]
Description="7-Zip 3.40 NSIS SkipSfxHeader"
Archiver=PATHTO\7z.exe
Extension=exe_NSIS,exe
SkipSfxHeader=1
BatchUnpack=1
ID=4E 75 6C 6C 73 6F 66 74 49 6E 73 74
IDPOS=8
Start="^-------------------"
End="^-------------------"
Format0="yyyy tt dd hh mm ss aaaaa zzzzzzzzzzzz pppppppppppp n*256"
SkipLIST=1
List=%P l %AQA
Extract=%P e -y %AQA @%LQ
ExtractWithPath=%P x -y %AQA @%LQ
; -----------------------------------------------------------------------

However, if I need it sometimes I take my big pincers:

Code: Select all

; -----------------------------------------------------------------------
[7Z_NSIS]
Description="7-Zip 3.40 NSIS hard core ;)"
Archiver=PATHTO\7z.exe
Extension=exe_NSIS,exe
ID=33 D2 8B, 55 8B EC 83, 55 8B EC
IDPOS=1024
BatchUnpack=1
Start="^-------------------"
End="^-------------------"
Format0="yyyy tt dd hh mm ss aaaaa zzzzzzzzzzzz pppppppppppp n*256"
SkipLIST=1
List=%P l %AQA
Extract=%P e -y %AQA @%LQ
ExtractWithPath=%P x -y %AQA @%LQ
; -----------------------------------------------------------------------

[XPEHOPE3KA]

2TychoBarfy
Neither of your addons supports taskswitchxp, while icfu's does.

Heh, because you left ; in the second section

[TychoBarfy]

Uuups, sorry. Corrected this

[deus-ex]

I think that MultiArc doesn't search *at all* when SFX header is not skipped, that's why exact IDPOS values are needed to open the corresponding archives.

IDPOS is also required with SkipSfxHeader option. I tried your NSIS-SkipSfxHeader example without IDPOS= line without any success. What would be usefull is an option to either tell Multiarc to scan the whole file for ID's and/or adjust the size of bytes to search through. I stick with the IDPOS-only version as i prefer the speed advantage.

I came across one file (Firedepartment 3 - Demo installer) which contains both an MS-CAB file (MSCF) and an NSIS-pack as well. Since the CAB file is located in front of the NSIS-pack one can only open the CAB archive. Only way to get arround this was to add extension <exe> to the Packer section in wincmd.ini. Backdraw with that is that other exe-functions (open Pkzip-SFX, Resource-plugin) stop to work.


Two additional values for NSIS IDPOS-string:

Code: Select all

37896, 103432

Since i'm currently in give-away-mode here's an german translation for MultiArc made by me wich actualy doesn't suck (no internet-autotranslation-crappola), including adjusted/centered strings where appropriate:

Code: Select all

begin 644 deus-ex - Multiarc_Deutsch.uha
M54A!!GD.:/',U/OL_*HS-4RDAYV\W``E076@W_PM;Y7,&&`NE;R@`#IW_ET7
M<\(Y@MY8N=/_2*DCQ>^Q+<B/M7$%E5?&QCN0M]*/!/^L7SY_A"<TGZSX@CY3
MUK4S^&OWK0!X$AP9J/.L$D*_'*S9ZF>NB0/N'?*(L=VL-S]7;MEKTJW6Q4;;
MLMYQ17MHFPXNX)K]BN#033:4%X_T7#FS>8%')H[#C[T^Q`.'CD-Q1[C',J0A
MXY#,5-VQ"FAB0TOTXQ="+2PJ0P%^J4IEE5(Y]`4[=U/K@4KVA$OYXBQH[QN^
M^JB^F3X;5BJ_PZ9J(?[5$O`M^3$8`&X`E,0T:2"H?[(0=;@&]_D:PB0I,TXG
MJRFV;3$$?%TL!^>U>\/PX%I=DB&QF41+9\$^"ZR9%9#U,TLQ?-4P>HHL=)00
M>GU)NIGB&C;@H';3);Y/CE$\DQ:^0B=F.)ZH6QY;'#&X1R@I=Q"ZB,J"&T1[
M_`!=3H*FCA6Y%Z.0ZH^4;)J;H!4/OC&R<8>(^.^V?8N)5##U_5/B/58]!XG`
MC?,UX5;@-MFO4CUI4T^/P"#M?H&FE:&&.A/CX(:8WAN7KT)'B"!4LS;H3<+'
M:X`IXKUSW(:K6>G:U%5[T\J(U_'\B883R>]T5Q&"2:=_9*CYW&1UW[FPA_6R
ME'#!F7>^:IKBD`J3D?0W'Q_@RU#C+/`38Y&IN=9THO81.D_R!`O[0."P.,U$
M7;4[(Z1OYDP"T6W/WM:$(D_E3_ES7:\QHN2'P+#TG$=UIKUGV9&DTFMHZP(^
M9<DBSH.(-E'LMD>RM%)LV@)F]Y$^9UM4N4X\[6_Z'1WS0K5,I.7UF;E)&7JV
M-A,MZ\')^^32:NA<)6J`@W3:SO3!FM-[%D3!@8J4V+=BOM%E=V"-*,\N`-1Y
M&.!M9U89*,*ZYAEK0BS5:K+CFT!2J0O"I'W.D%L+2'2<PZI0'B.G^<,4;J-_
M3C@7_IQ_VD@OQ57#_RGZ!Z-3<4JA[P@86C\W&^QMA07HFF*W*W'3N!B.WH]#
MLW(&AY;1@MOTV`68E8>P6Y\3.0-FP]6CN3E[V^.*WMJ:3W-D>Y(R5?MN[5MK
M'6.FP],!2,!G$IW0,6A'DZ[+?4$<B+F#*AJ:XWTX"@!W<`'>\H:V(&@=[YRO
M@51.GV@7?<_3^1-JB1/L;$=4OZ3S%W*%.L%%V@2;^#.ZH$78R;%85$8_!1E=
M.O,\O\X6NC1OJ+3Z^TT&=R(*0:,H]4X4%>W1+J%RQT[5@2>#4Z(4ZEVW:M_^
M]SZF6030"JDOD"QA<V^*O`+8$#,EG+RJ=>[H96N`6FB7>BSV?R>S2ZT?7F*?
M>YC/;<E"P;G?RE[2Y"]YN4HP"O_G9=8R_--2W(&VFPNY<\RHG"`>X4@N2D1T
M8DFP')Q^!8EDBSYTA$#@=SOL`OH#M!-<VSUWZB''Q?DB<%BO=!'=LQ21S_$5
MI?>PI\Z1ZO0\(762R*R3Y1EP7<??(HFQ!^BL2<L12%T@N^=M1);K2)4B5[5T
MSD?JMR;C_V17(%=1<)G,48+C[8=VG='I21[D+JUTOP.N)KCNHU>8-\MXLY5P
M6JVUQ;:-H9'?=VJ,<TQLN\]:VTWJL=3-&V?S$\^\_W"G7\.*\^&PC.=%KE@V
MQY]$1>CIY>`KO4\R$>S.&`\[PI_.8S'5.IB;<#^J1>6"IK;^1F[Q+3N(G9LT
M2M'*ITL$"1:]ULKU7>)T1((8^%NKU`]30VL\HR,?`"K_@T@ML*\K&Y,;#EO4
MK!'$&56\%437":1<C.*G;V5(E$N`Y.)N@="YP9-MATV1%;@=VI&.=Q;TJ;%3
MM\S:Y!U,_<=JD:(G7-;I(>\`9TO<W+6APL54>$8R6Q4<VMK!*U(L!,Q"^U(A
M/-_`L&YOWS)E`KG5]YLA'I`J2T&&'T-IK!.HT8.9V(DCU!\X]J8GD<6^G!:7
MF@686IP*YP7T4'[F2:BDL3@'F;&5<,XMS+^@9R[,RR(C*/0T/N7%6_\VA8+V
MYX&NWC[.&)SZ;J"[M-;0+-B=8/5YQ&=U\KEC^N_)^:4)OF<B#)/7:Q:=``&;
M*@.V5,$M`'GY+QM%@XQ!0-28FS*!;F+W(.CQ,Z]7NA37CO@P`(=,:5D?*=M%
M"4$>XY4OH#RD+*.CW66!H+N^/MT.:QEZ$5,L[@-,[D7[!5G,@HH0.'&IN)GM
M+>;1HD[Y&S"EZUQ;FINU#$NN:28G")\^AV@$/EJ>$]54MX@P\Z`VQ-(=/?CF
ME`^Q%+S!Z4.#R3#()3^(8\XQVK^433,?O012B//S'T?I0J]<:+[AA=UXQ56-
M>%5]^/UR0S40;2DJ/?9$"<2WCE^)%M5UDR1'V0/-D$<`KYH8CB",/S>LW4#2
MXK<!>QN]S,AXQ$9]&,7E"N/`W)*#6*$N+L=6ZWVQ%G/VI5F[@_<'0>L80Q&?
MPU2$CLI8-\PY"164#S8JZ/OK;%F`<L<10)+T0K[WC-"Z]=/7W(`PRQZ:.UC(
MOX-,PZ%J!PU*=[M'GR@:UM]>XEZPHJ]^W`MO]E;9X]]-(.NJ"%59RI_?^I3/
M=9O2BMXI8SC2KCZ5*,7R03Q.Z.[NN!'':A:%("K!B*>A2QRJV%@4GP-I]6N
M38@R\;,I*:/5TM(OG1['-TS8P,&?*@ZSNF5RV4]2U4J<E$4W<\\PG94Y!SD6
M8[U*@4!(I$V!Z-HYM,W1,+&9I&P+!0!?]7=(I*YISBV)7Y4PRWCPLZM$?2<Y
DCIP.<=9,E?%V1$E/?F6EFI>]_:"=<5IR+7:_K^2Q\4#O02/J
`
end
sum -r/size 7452/2061

• Copy/Paste code-content into file <anyname.uue>
• decode with TC (check File menu...)
• extract resulting UHARC-archive into Multiarcs subfolder \Lang
• check MultiArc configscreen for language selection

give-away-mode off


Regards,
deus-ex

[TychoBarfy]

Thanks for the german translation.
I'm looking forward to the further discussion.

[icfu]

IDPOS is also required with SkipSfxHeader option. I tried your NSIS-SkipSfxHeader example without IDPOS= line without any success.

Yep, but I thought that IDPOS would also vary within NSIS archives when the ID is located after the SFX header, so I assumed that MultiArc uses IDPOS=8 as some kind of a relative starter position.

The main problem for me, being an absolute MultiArc noob till yesterday, is the MultiArc help file:

SkipSfxHeader default false. Determines it is necessary to skip SFX-part of archive to search archive ID. An example:
7z SFX-Archive, archive is after SFX parts, and search ID needs to be begun after the passing of this part. SkipSfxHeader = true.
InnoSetup Installation. ID is in SFX parts of archive, the passing to make it is not necessary. To search from the beginning of a file. SkipSfxHeader = False.

The term "search" is quite misleading I think when in fact it is "just" a jump to an offset and a check, not a search.

What would be usefull is an option to either tell Multiarc to scan the whole file for ID's and/or adjust the size of bytes to search through. I stick with the IDPOS-only version as i prefer the speed advantage.

I am not so sure about speed here. I mean, how long does it take to load the first 1 MB of a file to RAM and to search for some bytes?

TrID for example is able to identify hundreds of file types and it is fast as hell:
http://mark0.net/soft-trid-e.html

To me it looks like that whole IDPOS stuff is a waste of time for the users, at least when the ID is located at the beginning of a file AND it is unique.

Two additional values for NSIS IDPOS-string:

To make an end to the IDPOS finding for NSIS, I have uploaded my scheme to my file store. It contains the first 1000 values of n of my formula above, have fun.

Edit: Reuploaded new version, using the correct ID now. Formula changed to IDPOS=4+512*n.
NSIS_using_7-Zip_4_40_and_up.zip

Icfu

[XPEHOPE3KA]

If both ID and IDPos are set, then what you call "check" can be called "search" either.

In the Russian help the "SkipSFXHeader" description is more full (my translation; vserd, you may freely use it if I haven't made a mistake ):
"SkipSfxHeader is false by default. This flag determines whether it is necessary to skip SFX-part of given archive to search for ID. Consider 7z SFX-Archive as an example:
The archive itself is after SFX parts, and ID has to be searched after this part. SkipSfxHeader should be true. 7z differs from other archives by the fact that the size of the SFX part differs from version to version. Also there are other SFX parts, not from 7z authors. Their sizes also differ, but the ID is at the fixed offset after the SFX part.
Before this flag was introduced one have to add a list of IDPos's (one for each possible SFX part) to the addon.

Another example - InnoSetup Installation. ID is in the SFX parts of archive, so SFX part mustn't be skipped. SkipSfxHeader must be false."

1. Don't know if it would be correctly to write "SFX header" instead of "SFX part".
2. I haven't translated one sentence as I consider it as unnecessary.

[icfu]

ID & IDPos are both optional. If you set th ID, but not IDPos, then multiarc will search.

This is wrong, it has already been mentioned here by deus-ex. NOT ONE single NSIS archive will open without IDPOS.

I suggest that you try it out yourself before repeating outdated information.

Icfu

[XPEHOPE3KA]

Well, Russian help is also misleading . It should have been written that IDPos is zero by default, or the "starting part" (from English help) should be specified more precisely.

[TychoBarfy]

7-zip version 4.41 beta is out now...

http://www.7-zip.org/

[deus-ex]

The main problem for me, being an absolute MultiArc noob till yesterday...

You're just kidding, right?

TrID for example is able to identify hundreds of file types and it is fast as hell:
http://mark0.net/soft-trid-e.html

Wow, looks very interesting. Just what i need to optimize some of my ripping toolbox tools. Thanks for the link.

To me it looks like that whole IDPOS stuff is a waste of time for the users, at least when the ID is located at the beginning of a file AND it is unique.

Hence my wish for adding a full search option and stuff...

To make an end to the IDPOS finding for NSIS, I have uploaded my scheme to my file store. It contains the first 1000 values of n of my formula above, have fun.

Well, i thought 'bout myself sometimes, i have no life. But you're nuts, definetly.
Oh, and thanks for the h-u-g-e list anyway. Hmmm, but what i'm gonna do (translate: waste my time with) now...?


Regards,
deus-ex

[icfu]

You're just kidding, right?

Nope, really. I even had to find out what the heck UHARC is so I could extract your translation.

Well, i thought 'bout myself sometimes, i have no life. But you're nuts, definetly.

I hope you don't think that I have calculated that list manually.

Hmmm, but what i'm gonna do (translate: waste my time with) now...?

What about translating the AutoHotkey help file? Have fun!

Icfu