search

isra17 / nrs

NSIS Reversing Suite with IDA Plugins
GNU General Public License v3.0
101 stars 19 forks source link

nsisdump.py: TypeError: can only concatenate str (not "int") to str #5

Open danbrakeley opened 5 years ago

danbrakeley commented 5 years ago

Windows 10 Pro 1903, build 18362.356 Python 3.7.4

Steps to reproduce:

  1. Download WinISO Standard 6.4.1.5976 installer.
  2. Copy winiso.exe into nrs folder.
  3. Open cmd.exe and run python nsisdump.py winiso.exe.

Results:

NSISDump v0.1

Installer path: winiso.exe
NSIS version: 3.?

FirstHeader @ 0xcc00
        Flags:         0x00000000 (  )
        Siginfo:       0xdeadbeef
        Magics:        : "NullsoftInst"
        Header Size:   0x00779639
        Inflated Size: 0x0003afea

Inflated header
        Flags:         0x00000080 ( CH_FLAGS_NO_ROOT_DIR )
Blocks[8]:
        Block[0] - Pages:
                Offset:        0x0000012c
                Num:           0x00000008
        Block[1] - Sections:
                Offset:        0x0000032c
                Num:           0x00000005
        Block[2] - Entries:
                Offset:        0x000143cc
                Num:           0x0000069e
        Block[3] - Strings:
                Offset:        0x0001fd14
                Num:           0x00000000
        Block[4] - Langtables:
                Offset:        0x00039838
                Num:           0x00000011
        Block[5] - CtlColors:
                Offset:        0x0003afba
                Num:           0x00000000
        Block[6] - BgFont:
                Offset:        0x00000000
                Num:           0x00000000
        Block[7] - Data:
                Offset:        0x00000000
                Num:           0x00000000
        install_reg_rootkey: 0x80000002
        install_reg_key_ptr: 0x00001c5a
        install_reg_value_ptr: 0x00001c95
        bg_color1s:    0xffffffff
        bg_color2:     0xffffffff
        bg_textcolor:  0xffffffff
        lb_bg:         0xffffffff
        lb_fg:         0xffffffff
        langtable_size: 0x00000162
        license_bg:    0xfffffffb
        code_onInit:   0x000005e0
        code_onInstSucess: 0x00000647
        code_onInstFailed: 0x00000655
        code_onUserAbort: 0x000003c7
        code_onGUIInit: 0x000003b1
        code_onGUIEnd: 0x00000663
        code_onMouseOverSection: 0xffffffff
        code_onVerifyInstDir: 0xffffffff
        code_onSelChange: 0xffffffff
        code_onRebootFailed: 0xffffffff
        install_types:
                install_types[32]: 0xffffffba
        install_directory_ptr:  @ 0x00001c3f
        install_directory_auto_append:  @ 0x00001c53
        str_uninstchild: : ""
        str_uninstcmd: : ""
Traceback (most recent call last):
  File "nsisdump.py", line 230, in <module>
    dump_all(nsis_target)
  File "nsisdump.py", line 177, in dump_all
    print_property_string('str_wininit', header.str_wininit, nsis)
  File "nsisdump.py", line 105, in print_property_string
    string = nsis.get_string(value)
  File "C:\Users\Dan\src\nrs\nrs\nsisfile.py", line 54, in get_string
    return self._parse_string(address)[0]
  File "C:\Users\Dan\src\nrs\nrs\nsisfile.py", line 130, in _parse_string
    return strings.decode(self.block(NB_STRINGS), address)
  File "C:\Users\Dan\src\nrs\nrs\strings\__init__.py", line 142, in decode
    symbols, i = symbolize(block, offset, version)
  File "C:\Users\Dan\src\nrs\nrs\strings\__init__.py", line 135, in symbolize
    return _symbolize(block, offset, nsis3)
  File "C:\Users\Dan\src\nrs\nrs\strings\__init__.py", line 121, in _symbolize
    cur_string += data[i]
TypeError: can only concatenate str (not "int") to str
isra17 commented 5 years ago

Hey @danbrakeley , unfortunately the project was tested mostlry under Python2 since it is the one that used to be distributed with IDA. While some effort have been made to make it compatible with Python3, a quick look at the stacktrace seems to show some issue with how Python3 handles bytes. I will be glad to accept a fix if you want to submit a PR.

danbrakeley commented 5 years ago

Thanks for the response, @isra17. I tried to fix it last night by adding a str(...) cast, at which point it ran, but the output showed a huge number of single character strings that clearly should have been connected together as a single string. It felt like an encoding issue, like it was expecting byte-width strings, but was actually reading wide-character strings, or something like that.

Also, I had tried Python 2.7.15 first, but I never got that to run at all. It always complained that it couldn't import lzma. In trying to track that down, I learned that Python 3 includes an lzma library, so that's when I switched.