Closed gdesmar closed 1 month ago
Just confirming that this is on my radar; planning to look into it more closely this weekend.
Alright it was less difficult than I thought. The relevant code in IFPSTools.NET performs a version check that my code doesn't include before parsing two fields in the function signature. I already have the fix implemented, I just want to add your sample as a test.
I also released a new version, it's currently being published.
Description
When reading this specific IFPS file with the IFPS unit, the following error happens:
To Reproduce
The original InnoSetup file gives out an IFPS file named CompiledCode.bin (attached, with password
binref
). If weemit
that file intoifps
orifpsstr
, we get the previous error.Environment
Additional Context
The error comes from the sixth function (kernel32.dll::GetTickCount) which is imported and is a dll, but doesn't seem to have enough data to read the return type.
I see that the IFPS unit is based on IFPSTools, which was superseeded by IFPSTools.NET. I ran IFPSTools.NET on the same file and it gave a decoded file back claiming that function is void=True.
To get the CompiledCode.bin out of the InnoSetup file, we can use innounp on Windows/Wine with the password
A1ADB8BE8E677894E
, or a custom version of innoextract (which doesn't need the password) on Linux.