Analyse Squirrel.Windows and Velopack

Signed-off-by: Tom Plant <tom.plant@devicie.com>

Author: pl4nty

src/analysis/installers/burn/mod.rs

@@ -71,39 +71,33 @@ impl Burn {
             let mut resource_directory = ResourceDirectory::new(section_reader)?;
 
             let _rc_data = resource_directory
-                .find_rc_data()
-                .map_err(|_| BurnError::NotBurnFile);
-
-            let msi_entry = resource_directory
-                .find_name_entry("MSI")
-                .ok_or(BurnError::NotBurnFile)?;
-
-            let msi_directory_table = msi_entry
-                .data(&mut resource_directory)?
-                .table()
-                .ok_or(BurnError::NotBurnFile)?;
-
-            return if let Some(msi_directory) = msi_directory_table.entries().next() {
-                let msi_data_entry_offset = msi_directory.file_offset(resource_directory_offset);
-                reader.seek(SeekFrom::Start(msi_data_entry_offset.into()))?;
-
-                let msi_data_entry = reader.read_t::<ImageResourceDataEntry>()?;
-                let msi_offset = pe
-                    .section_table
-                    .to_file_offset(msi_data_entry.offset_to_data())?;
-
-                // Installers built with the Java Development Kit embed an MSI resource
-                reader.seek(SeekFrom::Start(msi_offset.into()))?;
-                let msi_reader = reader.take(msi_data_entry.size().into());
-                let msi = Msi::new(msi_reader)?;
-                Ok(Self {
-                    architecture: msi.architecture,
-                    manifest: None,
-                    msi: Some(msi),
-                })
-            } else {
-                Err(BurnError::NotBurnFile)
+                .navigate_to_rc_data()
+                .map_err(|_| BurnError::NotBurnFile)?;
+
+            let msi_directory_table =
+                resource_directory.navigate_to_directory_table_by_name("MSI")?;
+
+            let Some(msi_directory) = msi_directory_table.id_entries().next() else {
+                return Err(BurnError::NotBurnFile);
             };
+
+            let msi_data_entry_offset = msi_directory.file_offset(resource_directory_offset);
+            reader.seek(SeekFrom::Start(msi_data_entry_offset.into()))?;
+
+            let msi_data_entry = reader.read_t::<ImageResourceDataEntry>()?;
+            let msi_offset = pe
+                .section_table
+                .to_file_offset(msi_data_entry.offset_to_data())?;
+
+            // Installers built with the Java Development Kit embed an MSI resource
+            reader.seek(SeekFrom::Start(msi_offset.into()))?;
+            let msi_reader = reader.take(msi_data_entry.size().into());
+            let msi = Msi::new(msi_reader)?;
+            return Ok(Self {
+                architecture: msi.architecture,
+                manifest: None,
+                msi: Some(msi),
+            });
         };
 
         // Seek to and read wix burn stub

src/analysis/installers/exe.rs

@@ -4,12 +4,13 @@ use color_eyre::Result;
 use inno::{Inno, error::InnoError};
 use winget_types::installer::{Installer, InstallerType};
 
-use super::{super::Installers, Burn, Nsis};
+use super::{super::Installers, Burn, Nsis, Squirrel};
 use crate::{
     analysis::installers::{
         burn::BurnError,
         nsis::NsisError,
         pe::{PE, VSVersionInfo},
+        squirrel::SquirrelError,
     },
     traits::IntoWingetArchitecture,
 };
@@ -29,6 +30,7 @@ pub enum ExeType {
     Burn(Box<Burn>),
     Inno(Box<Inno>),
     Nsis(Nsis),
+    Squirrel(Squirrel),
     Generic(Box<Installer>),
 }
 
@@ -93,6 +95,19 @@ impl Exe {
             Err(error) => return Err(error.into()),
         }
 
+        match Squirrel::new(&mut reader, &pe) {
+            Ok(squirrel) => {
+                return Ok(Self {
+                    r#type: ExeType::Squirrel(squirrel),
+                    legal_copyright,
+                    product_name,
+                    company_name,
+                });
+            }
+            Err(SquirrelError::NotSquirrelFile) => {}
+            Err(error) => return Err(error.into()),
+        }
+
         Ok(Self {
             r#type: ExeType::Generic(Box::new(Installer {
                 architecture: pe.winget_architecture(),
@@ -125,6 +140,7 @@ impl Installers for Exe {
             ExeType::Burn(burn) => burn.installers(),
             ExeType::Inno(inno) => inno.installers(),
             ExeType::Nsis(nsis) => nsis.installers(),
+            ExeType::Squirrel(squirrel) => squirrel.installers(),
             ExeType::Generic(installer) => vec![*installer.clone()],
         }
     }

src/analysis/installers/mod.rs

@@ -5,11 +5,13 @@ mod msi;
 pub mod msix_family;
 pub mod nsis;
 pub mod pe;
+pub mod squirrel;
 pub mod utils;
 mod zip;
 
 pub use burn::Burn;
 pub use exe::Exe;
 pub use msi::Msi;
 pub use nsis::Nsis;
+pub use squirrel::Squirrel;
 pub use zip::Zip;

src/analysis/installers/pe/mod.rs

@@ -10,7 +10,7 @@ pub mod vs_version_info;
 
 use std::{
     io,
-    io::{Error, Read, Seek, SeekFrom},
+    io::{Error, Read, Seek, SeekFrom, Take},
 };
 
 pub use coff::CoffHeader;
@@ -23,7 +23,9 @@ pub use vs_version_info::VSVersionInfo;
 use crate::{
     analysis::installers::pe::{
         optional_header::DataDirectory,
-        resource::{ImageResourceDataEntry, ResourceDirectory, SectionReader},
+        resource::{
+            IdOrName, ImageResourceDataEntry, ResourceDirectory, ResourceIter, SectionReader,
+        },
     },
     read::ReadBytesExt,
 };
@@ -68,6 +70,17 @@ impl PE {
         })
     }
 
+    pub fn resources<R: Read + Seek>(&self, reader: R) -> io::Result<ResourceIter<R>> {
+        let section_reader = self
+            .resource_table()
+            .ok_or_else(|| Error::other("No resource table"))?
+            .section_reader(reader, &self.section_table)?;
+
+        let resource_directory = ResourceDirectory::new(section_reader)?;
+
+        Ok(ResourceIter::new(resource_directory))
+    }
+
     pub fn find_section(&self, name: [u8; 8]) -> Option<&SectionHeader> {
         self.section_table
             .sections()
@@ -104,6 +117,23 @@ impl PE {
         self.optional_header.data_directories.resource_table()
     }
 
+    pub fn find_resource_by_name<R>(&self, mut reader: R, name: &str) -> io::Result<Take<R>>
+    where
+        R: Read + Seek,
+    {
+        let resource = self
+            .resources(&mut reader)?
+            .find(|resource| resource.name() == Some(name))
+            .ok_or_else(|| Error::other(format!("Resource not found: {name}")))?;
+
+        let resource_offset = self
+            .section_table
+            .to_file_offset(resource.offset_to_data())?;
+
+        reader.seek(SeekFrom::Start(resource_offset.into()))?;
+        Ok(reader.take(resource.size().into()))
+    }
+
     pub fn vs_version_info<R>(&self, mut reader: R) -> io::Result<Vec<u8>>
     where
         R: Read + Seek,
@@ -123,11 +153,10 @@ impl PE {
 
         let mut resource_directory = ResourceDirectory::new(section_reader)?;
 
-        let _version_info = resource_directory.find_version_info()?;
+        let directory_table = resource_directory.navigate_to_version_info()?;
 
-        let version_entry = resource_directory
-            .current_directory_table()
-            .entries()
+        let version_entry = directory_table
+            .id_entries()
             .next()
             .ok_or_else(|| Error::other("No manifest entry found"))?;
 
@@ -137,7 +166,7 @@ impl PE {
             .ok_or_else(|| Error::other("No manifest directory table found"))?;
 
         let version_directory = version_directory_table
-            .entries()
+            .id_entries()
             .next()
             .ok_or_else(|| Error::other("No manifest directory found"))?;
 
@@ -177,11 +206,10 @@ impl PE {
 
         let mut resource_directory = ResourceDirectory::new(section_reader)?;
 
-        let _manifest = resource_directory.find_manifest()?;
+        let manifest_directory_table = resource_directory.navigate_to_manifest()?;
 
-        let manifest_entry = resource_directory
-            .current_directory_table()
-            .entries()
+        let manifest_entry = manifest_directory_table
+            .id_entries()
             .next()
             .ok_or_else(|| Error::other("No manifest entry found"))?;
 
@@ -191,7 +219,7 @@ impl PE {
             .ok_or_else(|| Error::other("No manifest directory table found"))?;
 
         let manifest_directory = manifest_directory_table
-            .entries()
+            .id_entries()
             .next()
             .ok_or_else(|| Error::other("No manifest directory found"))?;
 

src/analysis/installers/pe/optional_header/data_directory.rs

@@ -1,9 +1,12 @@
-use std::{fmt, io};
+use std::{
+    fmt, io,
+    io::{Read, Seek},
+};
 
 use itertools::Itertools;
 use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout, LittleEndian, U32};
 
-use super::super::SectionTable;
+use super::super::{SectionReader, SectionTable};
 
 /// Represents a PE data directory.
 ///
@@ -47,6 +50,16 @@ impl DataDirectory {
     pub fn file_offset(self, section_table: &SectionTable) -> io::Result<u32> {
         section_table.to_file_offset(self.virtual_address())
     }
+
+    pub fn section_reader<R: Read + Seek>(
+        self,
+        mut reader: R,
+        section_table: &SectionTable,
+    ) -> io::Result<SectionReader<R>> {
+        let mut directory_offset = self.file_offset(section_table)?;
+
+        SectionReader::new(reader, directory_offset.into(), self.size().into())
+    }
 }
 
 impl fmt::Debug for DataDirectory {

src/analysis/installers/pe/resource/directory.rs

@@ -3,7 +3,10 @@ use std::{
     io::{Read, Seek},
 };
 
-use super::{ImageResourceDirectoryEntry, ResourceDirectoryTable, ResourceType, SectionReader};
+use super::{
+    ImageResourceDirectoryEntry, NamedImageResourceDirectoryEntry, ResourceDirectoryTable,
+    ResourceType, SectionReader,
+};
 
 pub struct ResourceDirectory<R: Read + Seek> {
     reader: SectionReader<R>,
@@ -27,37 +30,58 @@ impl<R: Read + Seek> ResourceDirectory<R> {
         &self.current_directory_table
     }
 
-    pub fn find_rc_data(&mut self) -> io::Result<&ResourceDirectoryTable> {
-        self.find_directory_table_by_id(ResourceType::RCData.id())
+    pub fn navigate_to_rc_data(&mut self) -> io::Result<&ResourceDirectoryTable> {
+        self.navigate_to_directory_table(ResourceType::RCData)
+    }
+
+    pub fn navigate_to_manifest(&mut self) -> io::Result<&ResourceDirectoryTable> {
+        self.navigate_to_directory_table(ResourceType::Manifest)
     }
 
-    pub fn find_manifest(&mut self) -> io::Result<&ResourceDirectoryTable> {
-        self.find_directory_table_by_id(ResourceType::Manifest.id())
+    pub fn navigate_to_version_info(&mut self) -> io::Result<&ResourceDirectoryTable> {
+        self.navigate_to_directory_table(ResourceType::Version)
     }
 
-    pub fn find_version_info(&mut self) -> io::Result<&ResourceDirectoryTable> {
-        self.find_directory_table_by_id(ResourceType::Version.id())
+    pub fn navigate_to_directory_table(
+        &mut self,
+        resource_type: ResourceType,
+    ) -> io::Result<&ResourceDirectoryTable> {
+        self.navigate_to_directory_table_by_id(resource_type.id())
     }
 
-    pub fn find_directory_table_by_id(&mut self, id: u32) -> io::Result<&ResourceDirectoryTable> {
-        let directory_entry = *self
+    pub fn navigate_to_directory_table_by_id(
+        &mut self,
+        id: u32,
+    ) -> io::Result<&ResourceDirectoryTable> {
+        let mut directory_entry =
+            self.current_directory_table
+                .find_id_entry(id)
+                .ok_or_else(|| {
+                    io::Error::new(
+                        io::ErrorKind::InvalidData,
+                        format!("{id} not found in current directory table"),
+                    )
+                })?;
+
+        self.current_directory_table = directory_entry.data(self)?.table().unwrap();
+        Ok(&self.current_directory_table)
+    }
+
+    pub fn navigate_to_directory_table_by_name(
+        &mut self,
+        name: &str,
+    ) -> io::Result<&ResourceDirectoryTable> {
+        let mut directory_entry = self
             .current_directory_table
-            .find_id_entry(id)
+            .find_name_entry(name)
             .ok_or_else(|| {
                 io::Error::new(
                     io::ErrorKind::InvalidData,
-                    format!("{id} not found in current directory table"),
+                    format!("{name} not found in current directory table"),
                 )
             })?;
 
-        self.current_directory_table = directory_entry.data(self)?.table().unwrap();
+        self.current_directory_table = directory_entry.entry().data(self)?.table().unwrap();
         Ok(&self.current_directory_table)
     }
-
-    pub fn find_name_entry(&mut self, name: &str) -> Option<ImageResourceDirectoryEntry> {
-        self.current_directory_table
-            .clone()
-            .find_name_entry(self.reader_mut(), name)
-            .copied()
-    }
 }