6100u Support

[Raieverr]

Team,

This is a long shot, as I know this hasn't been updated in a while, but I have an Inno setup file that is using 6100u that I am attempting to decompile. However, I am running into wall after wall with it. I am hoping someone can assist in getting a new module set up for Setup::Inno to support 6100u.

Any assistance would be greatly appreciated!

Thank you.

[onitake]

I just pushed parsers for the latest InnoSetup versions.
Please test if they work for you, I don't have any samples.

I also had some uncommitted path handling changes lying around, don't quite remember what they were for. Maybe you could test them as well. They're in the branch https://github.com/onitake/uninno/tree/filename-handling

[Raieverr]

I just pushed parsers for the latest InnoSetup versions. Please test if they work for you, I don't have any samples.

I also had some uncommitted path handling changes lying around, don't quite remember what they were for. Maybe you could test them as well. They're in the branch https://github.com/onitake/uninno/tree/filename-handling

You are a saint! I will get to testing today and let you know if everything works out!! Thank you so much. :)

[Raieverr]

Small update: I was able to test the changes on an older version and ran into no issues. Once testing on a newer version for 6100u, it threw this error:

Installer version: 6100u Uncaught exception from user code: Can't read longword at /home/admin1/Desktop/uninno/Setup/Inno/FieldReader.pm line 255. Setup::Inno::FieldReader::ReadLongWord(Setup::Inno::Struct6100u=HASH(0x5ae0feb4e688)) called at /home/admin1/Desktop/uninno/Setup/Inno/Interpret4000.pm line 42 Setup::Inno::Interpret4000::SetupBinaries(Setup::Inno::Interpret5309=HASH(0x5ae0fead74d0), Setup::Inno::Struct6100u=HASH(0x5ae0feb4e688), "cmZip") called at /home/admin1/Desktop/uninno/Setup/Inno.pm line 113 Setup::Inno::Setup0(Setup::Inno=HASH(0x5ae0fd074e50)) called at /home/admin1/Desktop/uninno/Setup/Inno.pm line 154 Setup::Inno::FileCount(Setup::Inno=HASH(0x5ae0fd074e50)) called at ./uninno.pl line 63

The sample I am working with is password protected, but I know that the error for that will be different if the PW is incorrect. Any thoughts on how to proceed forward?

[onitake]

This looks like it's caused by a lack of support for password-protected installers.
Unfortunately, I was never able to completely implement this feature, but some of the plumbing is there.

Do you have a sample installer I could analyze, or a link to one? I can't promise anything, but maybe it's less work than expected.

[Raieverr]

Apologies for the delay, @onitake! Thank you for the response. I do have a sample I can provide, but I am unsure you want to mess with it, as I am unsure what it contains (Hense trying to dump it, as it was provided as a "potential malware sample").

The full details are that the sample could be malicious, and I am trying to dump it for research purposes using JohnTheRipper to crack the file's password. I understand this may not be something you support, but any help you can provide would be appreciated. As I obviously don't want to share something potentially malicious on Github or to anyone willy nilly, is there any way to connect on another platform? Discord, etc. works for me.

Let me know!