ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Wed Sep 26, 2018 2:27 am

All times are UTC




Post new topic  Reply to topic  [ 3 posts ] 
Author Message
 Post subject: another .cab/.hdr sample
PostPosted: Sun Sep 23, 2018 8:50 pm 

Joined: Tue Feb 02, 2016 2:35 am
Posts: 1096
oyy

so i downloaded the PC demo thingy of a game that used to be called Colin McRae DiRT(from somewhere else i didnt have to suffer through slooooooooooooooooooooooooooooooooooow download speeds for), unpacked the demo's contents(it was an .exe) and then i was faced with a bunch of .cab/.hdr files i tried to handle with my own

what i did was take this script and modify it into something like this
Code:
# InstallShield (version?) HDR/CAB (script 0.2)
#   original struct information by wattostudios
#   https://zenhax.com/viewtopic.php?t=4279&p=23854#p23854
# script for QuickBMS http://quickbms.aluigi.org

comtype deflatex

open FDDE "hdr" 0 HDR_EXISTS
if HDR_EXISTS == 0
    open FDDE "cab"
endif
open FDDE "cab" 1

idstring "ISc("
get VER long
xmath max_ver "VER >> 16"
get ZERO long
get INFO_OFF long
get INFO_SIZE long
get HDR_SIZE long

goto INFO_OFF
get OFFSET long
get ZERO long
get DUMMY1 long
get SIZE long
get ZERO long
get DUMMY_SIZE long
get DUMMY_SIZE long
get FOLDERS long
get ZERO long
get DUMMY2 long
get FILES long
get DUMMY3 long

# at 0x230 there is a lot of info pertaining to string offsets, info offsets and the like
# what the script is supposed to do here is to reach these offsets so it can parse them completely
# what comes below is just stuff that doesnt involve the target directory of all things

math INFO_OFF + SIZE
goto INFO_OFF

for i = 0 < FOLDERS
    get directory_name_offset long
    savepos TMP
    math directory_name_offset + INFO_OFF
    goto directory_name_offset
    get directory_name_string string
    goto TMP
    putarray 1 i directory_name_string
next i

for i = 0 < FILES
    get cab_01 short
    get cab_02 longlong
    get cab_03 longlong
    get cab_04 longlong
    getdstring cab_05 0x10
    getdstring cab_06 0x10
    get file_name_offset long
    savepos TMP
    math file_name_offset + INFO_OFF
    goto file_name_offset
    get file_name_offset string
    goto TMP
    get cab_08 short
    getarray directory_name_string 1 cab_08
    get cab_09 long
    get cab_number_01 long
    get cab_11 long
    get cab_12 long
    get cab_13 long
    get cab_14 byte
    get cab_number_02 short
next i
here are the samples by the way
data1_hdr_cab.7z
if any of you need the exe let me know

_________________
the number one killer is time
it destroys us all


Top
   
PostPosted: Mon Sep 24, 2018 9:29 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 8837
Script 0.2.1.
Feel free to post others if you see any failure.


Top
   
PostPosted: Tue Sep 25, 2018 3:42 pm 

Joined: Tue Feb 02, 2016 2:35 am
Posts: 1096
oh my god what is this shit
Code:
.
. 000000000000000e
. 0000000000005cd0 get     TYPE       0x0000000000000004 2
. 0000000000005cd2 get     SIZE       0x0000000000240036 8
. 0000000000005cda get     ZSIZE      0x000000000019949d 8
. 0000000000005ce2 get     OFFSET     0x0000000000317bc0 8
. 0000000000005cea getdstr HASH       "" 16
    aa fb 29 21 92 6e 36 de 7c 61 bc ad de 5a 14 2e   ..)!.n6.|a...Z..
. 0000000000005cfa get     DUMMY      0x0000000000000000 2
. 0000000000005cfc get     DUMMY      0x0000000000000000 2
. 0000000000005cfe get     DUMMY      0x0000000000000000 2
. 0000000000005d00 get     DUMMY      0x0000000000000000 2
. 0000000000005d02 get     ZERO       0x0000000000000000 8
. 0000000000005d0a get     NAME_OFF   0x0000000000035efc 4
. 0000000000005d0e get     ZERO       0x0000000000000000 2
. 0000000000005d10 get     FLAGS      0x0000000000000021 4
. 0000000000005d14 get     DUMMY      0x00000000717236a2 4
. 0000000000005d18 get     FOLDER     0x0000000000000001 4
. 0000000000005d1c getdstr DUMMY      "" 9
    00 00 00 00 00 00 00 00 00                        .........
. 0000000000005d25 get     SOMETHING  0x0000000000000001 2
.
. 00000000 getarr  PATH       "cars" 0:1
. 000000000003b47e get     NAME       "bbrd1.BMP" -1
apparently bbrd1.BMP is in the "cars" directory
Code:
.
. 0000000000000824
. 0000000000031c4a get     TYPE       0x0000000000000004 2
. 0000000000031c4c get     SIZE       0x000000000001b6ad 8
. 0000000000031c54 get     ZSIZE      0x000000000000cb0a 8
. 0000000000031c5c get     OFFSET     0x0000000005fd429f 8
. 0000000000031c64 getdstr HASH       "" 16
    f0 65 07 ea 7d 1a 47 da 28 f5 ec 7d 5e 0c 0a d8   .e..}.G.(..}^...
. 0000000000031c74 get     DUMMY      0x0000000000000000 2
. 0000000000031c76 get     DUMMY      0x0000000000000000 2
. 0000000000031c78 get     DUMMY      0x0000000000000000 2
. 0000000000031c7a get     DUMMY      0x0000000000000000 2
. 0000000000031c7c get     ZERO       0x0000000000000000 8
. 0000000000031c84 get     NAME_OFF   0x000000000003f739 4
. 0000000000031c88 get     ZERO       0x0000000000000087 2
. 0000000000031c8a get     FLAGS      0x0000000000000021 4
. 0000000000031c8e get     DUMMY      0x00000000703536a2 4
. 0000000000031c92 get     FOLDER     0x0000000000000008 4
. 0000000000031c96 getdstr DUMMY      "" 9
    00 00 00 00 00 00 00 00 00                        .........
. 0000000000031c9f get     SOMETHING  0x0000000000000008 2
Code:
.
. 0000000000000802
. 00000000000310bc get     TYPE       0x0000000000000004 2
. 00000000000310be get     SIZE       0x000000000022daf8 8
. 00000000000310c6 get     ZSIZE      0x000000000021dbe4 8
. 00000000000310ce get     OFFSET     0x0000000003d4f09c 8
. 00000000000310d6 getdstr HASH       "" 16
    70 6d 41 3c cb 3b c8 43 ee 14 4a 59 1b 16 d4 0a   pmA<.;.C..JY....
. 00000000000310e6 get     DUMMY      0x0000000000000000 2
. 00000000000310e8 get     DUMMY      0x0000000000000000 2
. 00000000000310ea get     DUMMY      0x0000000000000000 2
. 00000000000310ec get     DUMMY      0x0000000000000000 2
. 00000000000310ee get     ZERO       0x0000000000000000 8
. 00000000000310f6 get     NAME_OFF   0x000000000003f553 4
. 00000000000310fa get     ZERO       0x0000000000000000 2
. 00000000000310fc get     FLAGS      0x0000000000000021 4
. 0000000000031100 get     DUMMY      0x00000000621b36aa 4
. 0000000000031104 get     FOLDER     0x0000000000000008 4
. 0000000000031108 getdstr DUMMY      "" 9
    00 00 00 00 00 00 00 00 00                        .........
. 0000000000031111 get     SOMETHING  0x0000000000000008 2
but something that contains actual information(like what these two snippets of quickbms "debugging" are proving) isnt parsed for some insane reason - yes its that same sample i posted in the first post of this very thread

oh yeah now that you mention it, there are also quite a few .cab/.hdr samples i'd like to share here
[02]data1_cab_hdr.7z
[03]data1_cab_hdr.7z
[04]data1_cab_hdr.7z
[05]data1_cab_hdr.7z

_________________
the number one killer is time
it destroys us all


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 3 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited