huettenhain
commented
1 month ago Just confirming that this is on my radar; planning to look into it more closely this weekend.
Closed gdesmar closed 1 month ago
huettenhain
commented
1 month ago Just confirming that this is on my radar; planning to look into it more closely this weekend.
huettenhain
commented
1 month ago Alright it was less difficult than I thought. The relevant code in IFPSTools.NET performs a version check that my code doesn't include before parsing two fields in the function signature. I already have the fix implemented, I just want to add your sample as a test.
huettenhain
commented
1 month ago I also released a new version, it's currently being published.
Description
When reading this specific IFPS file with the IFPS unit, the following error happens:
To Reproduce
The original InnoSetup file gives out an IFPS file named CompiledCode.bin (attached, with password
binref). If weemitthat file intoifpsorifpsstr, we get the previous error.Environment
Additional Context
The error comes from the sixth function (kernel32.dll::GetTickCount) which is imported and is a dll, but doesn't seem to have enough data to read the return type.
I see that the IFPS unit is based on IFPSTools, which was superseeded by IFPSTools.NET. I ran IFPSTools.NET on the same file and it gave a decoded file back claiming that function is void=True.
To get the CompiledCode.bin out of the InnoSetup file, we can use innounp on Windows/Wine with the password
A1ADB8BE8E677894E, or a custom version of innoextract (which doesn't need the password) on Linux.