[File] [PATCH] Magdir/ole2compounddocs Microsoft Windows Installer transform script *.MST

Christos Zoulas christos at zoulas.com
Thu Dec 29 15:47:13 UTC 2022


Committed, thanks!

christos

> On Dec 28, 2022, at 6:40 PM, Jörg Jenderek <joerg.jen.der.ek at gmx.net> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello,
> 
> some day ago the Hewlett-Packard printer of my friend does not work
> any more on Windows 10. So i downloaded from HP site all document
> files and software. The printer is an HP ENVY 6000.  Just for
> interest i extract the packages. Some files inside has name extension
> MST.
> 
> When running file command 5.44 with -e soft or no extra option for
> the MST examples i get lines like:
> 
> EN600x64_1028.mst: Composite Document File V2 Document,
> 		   Little Endian,
> 		   Os: Windows, Version 6.3, Code page: 950,
> 		   Title: Installation Database, Subject:
> 		   HP ENVY 6000 series mn, Author:
> 		   HP Inc., Keywords: Installer, Comments:
> 		   This installer database contains the logic and
> 		   data required to install HP ENVY 6000 series mn.,
> 		   Create Time/Date: Sat Nov  6 15:50:32 2021,
> 		   Name of Creating Application:
> 		   Windows Installer XML Toolset (3.11.1.2318),
> 		   Security: 4, Template: x64;1033, Last Saved By:
> 		   x64;1028, Revision Number:
> 		   {E1FA9DCE-0E52-4516-ABCA-7A134904B194}
> 		   51.3.4843.21310;
> 		   {882CBCA7-F9AD-403F-A32A-230948D8D044}
> 		   51.3.4843.21310;
> 		   {FD6E789E-3C21-427F-B5BF-CD8F7744596F},
> 		   Number of Pages: 200, Number of Characters: 131135
> EN600x64_1066.mst: Composite Document File V2 Document,
> 		   Little Endian,
> 		   Os: Windows, Version 6.3, Code page: 1252,
> 		   Title: Installation Database, Subject:
> 		   HP ENVY 6000 series Basic Device Software, Author:
> 		   HP Inc., Keywords: Installer, Comments:
> 		   This installer database contains the logic and
> 		   data required to install HP ENVY 6000
> 		   series Basic Device Software.,
> 		   Create Time/Date: Sat Nov  6 15:53:50 2021,
> 		   Name of Creating Application:
> 		   Windows Installer XML Toolset (3.11.1.2318),
> 		   Security: 4, Template: x64;1033, Last Saved By:
> 		   x64;1033, Revision Number:
> 		   {E1FA9DCE-0E52-4516-ABCA-7A134904B194}
> 		   51.3.4843.21310;
> 		   {286EA72E-AF41-4E8A-A40E-A6474F10C054}
> 		   51.3.4843.21310;
> 		   {FD6E789E-3C21-427F-B5BF-CD8F7744596F},
> 		   Number of Pages: 200, Number of Characters: 131135
> EN600x86_1031.mst: Composite Document File V2 Document,
> 		   Little Endian,
> 		   Os: Windows, Version 6.3, Code page: 1252,
> 		   Title: Installation Database, Subject:
> 		   HP ENVY 6000 series - Grundlegende Software
> 		   fr das Gert, Author:
> 		   HP Inc., Keywords: Installer, Comments:
> 		   This installer database contains the logic and
> 		   data required to install HP ENVY 6000 series
> 		   - Grundlegende Software fr das Gert.,
> 		   Create Time/Date: Sat Nov  6 14:20:48 2021,
> 		   Name of Creating Application:
> 		   Windows Installer XML Toolset (3.11.1.2318),
> 		   Security: 4, Template: Intel;1033, Last Saved By:
> 		   Intel;1031, Revision Number:
> 		   {81B5DD71-1547-4131-8FC1-E8D88AE54556}
> 		   51.3.4843.21310;
> 		   {411741A2-8B89-453D-AD0F-91A419717CC8}
> 		   51.3.4843.21310;
> 		   {FD6E789E-3C21-427F-B5BF-CD8F7744596F},
> 		   Number of Pages: 200, Number of Characters: 131135
> 
> With option --extension only 3 byte sequence ??? is shown and with
> option -i application/vnd.ms-msi is shown.
> 
> When running file command version 5.44 with -e cdf option on such
> samples i get an output like:
> 
> EN600x64_1028.mst: OLE 2 Compound Document, v4.62, SecID 0x1,
> 		   Mini FAT start sector 0x7, blocksize 4096
> 		   : UNKNOWN, clsid
> 		   0x82100c0000000000c000000000000046
> 		   {000C1082-0000-0000-C000-000000000046} with names
> 		   @\2127r\035\373 @N\2655 @R\354\354(
> 		   @\025x\346 @Y\362h7 @\033*\366
> EN600x64_1066.mst: OLE 2 Compound Document, v4.62, SecID 0x1,
> 		   Mini FAT start sector 0x2, blocksize 4096
> 		   : UNKNOWN, clsid
> 		   0x82100c0000000000c000000000000046
> 		   {000C1082-0000-0000-C000-000000000046} with names
> 		   @Y\362h7 @?wlj\262/ @?wlj\344$
> 		   \005Summar
> EN600x86_1031.mst: OLE 2 Compound Document, v4.62, SecID 0x1,
> 		   Mini FAT start sector 0xb, blocksize 4096
> 		   : UNKNOWN, clsid
> 		   0x82100c0000000000c000000000000046
> 		   {000C1082-0000-0000-C000-000000000046} with names
> 		   @\2127r\035\373 @N\2655 @\025x\346\214\361\354\25
> 		   @Y\362h7 @\334r\267 @ \373l\25
> 
> For comparison reason i run the file format identification utility
> TrID ( See https://mark0.net/soft-trid-e.html). This identifies also
> all examples with low priority as "Generic OLE2 / Multistream
> Compound" by docfile.trid.xml. The examples are described with
> highest priority as "Windows SDK Setup Transform script" with correct
> suffix MST and mime type application/x-ms-mst by mst.trid.xml and mid
> range rate as "Windows Installer Patch" with wrong suffix MSP by
> msp.trid.xml (See appended trid-v-mst.txt.gz).
> 
> For comparison reason i also run the file format identification
> utility DROID ( See https://sourceforge.net/projects/droid/). This
> identifies all layouts only generic as "OLE2 Compound Document"
> by PUID fmt/111.
> 
> According to TrID i found a sentence about MST on Windows Installer
> page on Wikipedia web site. That informations are now expressed by
> comment lines inside Magdir/ole2compounddocs like:
> 
> # URL:		http://en.wikipedia.org/wiki/Windows_Installer
> # Reference:	http://mark0.net/download/triddefs_xml.7z
> #		defs/m/mst.trid.xml
> 
> The MST samples are recognized as "OLE 2 Compound Document"
> by starting bytes (\320\317\021\340\241\261\032\341) at the beginning
> inside Magdir/ole2compounddocs. Obviously there exist no code
> fragment to do sub class identification. So the examples are
> described as "UNKNOWN". Furthermore the examples have a registered
> Root storage object CLSID. That value is shown as hexa decimal value
> 0x82100c0000000000c000000000000046 or expressed in standard curly
> braces expression by {000C1082-0000-0000-C000-000000000046}.
> 
> That means that in branch handling non null CLSID GUID lines ,
> lines must be added. For related Microsoft Windows Installer
> Packages (9*:MSI) and Microsoft Windows Installer Patch (*.MSP)
> there exist such entries. So i insert between lines that look like:
>>>> 80 	ubequad		0x82100c0000000000	: \
> 			Microsoft Windows Installer transform script
> !:mime	application/x-ms-mst
> !:ext	mst
> 
> After applying the above mentioned modifications by patch
> file-5.44-ole2compounddocs-mst.diff then all my inspected Microsoft
> Windows Installer validation modules (*.MST) are now also
> recognized together with MSI samples. This now looks with -e cdf
> option like:
> 
> EN600x64_1028.mst: OLE 2 Compound Document, v4.62, SecID 0x1,
> 		   Mini FAT start sector 0x7, blocksize 4096
> 		   : Microsoft Windows Installer transform script
> EN600x64_1066.mst: OLE 2 Compound Document, v4.62, SecID 0x1,
> 		   Mini FAT start sector 0x2, blocksize 4096
> 		   : Microsoft Windows Installer transform script
> EN600x86_1031.mst: OLE 2 Compound Document, v4.62, SecID 0x1,
> 		   Mini FAT start sector 0xb, blocksize 4096
> 		   : Microsoft Windows Installer transform script
> 
> I hope my diff file can be applied in future version of file
> utility. Maybe that there exist the possibility to do further sub
> classification between MSI and CUB. But for that purpose you must
> know what is specific for CUB samples and does not occur in "normal"
> MSI samples. I do not know.
> 
> With best wishes,
> Jörg Jenderek
> - --
> Jörg Jenderek
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> 
> iF0EARECAB0WIQS5/qNWKD4ASGOJGL+v8rHJQhrU1gUCY6zT4QAKCRCv8rHJQhrU
> 1ncNAJ49VaS5g6KcKXC1FOUWRhZyQDgE5wCfYbwrDyXDl+NMBxktXBp+PXqaiCs=
> =KYDn
> -----END PGP SIGNATURE-----
> <trid-v-mst.txt.gz><file-5_44-ole2compounddocs-mst_diff.DEFANGED-27><file-5_44-ole2compounddocs-mst_diff_sig.DEFANGED-28>--
> File mailing list
> File at astron.com
> https://mailman.astron.com/mailman/listinfo/file
> <sanitizer.log>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP
URL: <https://mailman.astron.com/pipermail/file/attachments/20221229/38bc3bb5/attachment.asc>


More information about the File mailing list