Author Topic: msg-innosetup.trid.xml for Inno Setup message *.msg  (Read 95 times)

jenderek

  • Full Member
  • ***
  • Posts: 152
msg-innosetup.trid.xml for Inno Setup message *.msg
« on: July 23, 2020, 12:47:22 AM »
Hello trid users,

some days ago i handled some Novell message files with msg file name
extension.

Just for interest i look on my disc for other files with that file
name extensions. Some are described as "Unknown!" by TrID (see
appended output/trid-old.txt).
For such found samples in the directory exist 2 other files with same
main name, but with file name extensions exe and dat.
The executable are identified as "Inno Setup installer" and the other
type is identified as "Inno Setup Uninstall Log". So i know that such
MSG samples are part of Inno Setup software.
So i look at Jordan Russell Software website jrsoftware.org for
information about such MSG files. Some information is found at item
"SignedUninstaller". This is expressed by reference URL line like:
 <RefURL>
 https://jrsoftware.org/ishelp/index.php?topic=setup_signeduninstaller
 </RefURL>

In most cases the file name is unins000.msg. So i mention this fact in
the remark line.
So i run tridscan on these samples and i get a trid definition file
msg-innosetup.trid.xml.
Characteristic for such message files is a typical ASCII phrase at the
beginning. That is expressed by XML construct like:
   <Bytes>496E6E6F205365747570204D657373616765732028</Bytes>
   <ASCII> I n n o   S e t u p   M e s s a g e s   (</ASCII>
   <Pos>0</Pos>
Afterwards a point separated version string like 5.1.1 5.1.11 5.5.0
5.5.3 6.0.0 is stored. So mention this fact in remark line. That is
expressed by XML construct like
   <Pattern>
      <Bytes>2E</Bytes>
      <Pos>22</Pos>
   </Pattern>
   <Pattern>
      <Bytes>2E</Bytes>
      <Pos>24</Pos>
   </Pattern>
The version string is followed by a ")" character. For Unicode messages
variants comes the 4 bytes phrase " (u)" afterwards. So mention this
fact in remark line.

According to sources the header structure has a size of 64 bytes. So
the remaining bytes til 0x40 boundary are filled with null
values. That is expressed by XML construct like:
 <Bytes>
 0000000000000000000000000000000000000000000000000000000000000000
 </Bytes>
 <Pos>32</Pos>

After the header comes 16 bytes with meta information like number of
messages, size information, CRC. So delete in that region short null
patterns like:
   <Bytes>000000</Bytes>
   <Pos>65</Pos>
   <Bytes>0000</Bytes>
   <Pos>70</Pos>

There is a non nil pattern. If i understand the source right, this
pattern is part of NotTotalSize variable, but i am not sure about this
observation. That is expressed by XML construct like:
   <Bytes>FFFF</Bytes>
   <Pos>74</Pos>

With the new definition the undetected Inno Setup messages are now
described (see appended output/trid-new-v.txt). TrID definition, some
examples and output are stored in archive innoSetup.zip. I hope that
my XML file can be used in future version of triddefs.

With best wishes
Jörg Jenderek

Mark0

  • Administrator
  • Hero Member
  • *****
  • Posts: 2076
    • Mark0's Home Page
Re: msg-innosetup.trid.xml for Inno Setup message *.msg
« Reply #1 on: July 23, 2020, 03:34:39 AM »
Thanks for the new def!