66 replies to this topic

[Wonko the Sane]

Maybe you can better check for this string "PKWARE Data Compression Library" instead of for "ONTRACK".
Both files contain the "ONTRACK" string:

FJ_DG_945_DOS_Floppy.exe:   MS-DOS executable, NE for MS Windows 3.x

  ==> SZDD compressed files



FJ_DM_952_DOS_Floppy.exe:   MS-DOS executable, NE for MS Windows 3.x

  ==> contains "[b]PKWARE Data Compression Library[/b]" string and can be extracted with dynamite

NO, the idea is to know that it is an ONTRACK file, but (yet) of an unsupported format, this is what the batch should hopefully provide. (when run)

zip can repair a WinImage SFX archive in one step (directly from SFX exe to valid zip file), at least in the linux version I have. Extracting the corrupt zip file from the executable with dsfo, isn't really needed.

That depends.
I like to see things as half full glass:
http://en.wikipedia....ty_or_half_full
DSFO does NOT extract a "corrupt" .zip file , it extracts a "valid" .imz file...
As-is the batch provides THREE files for each WinimageSfx:

• a valid .imz
• a valid .zip file (the above "fixed")
• a valid .ima file

dsfo %SourceSfx% %PK% 0 .\%TargetDir%\%IMA_name%.imz

::Option 1 - Fix the .imz so that it becomes a valid .zip file that can be opened by 7-zip also

zip -FF --out .\%TargetDir%\%IMA_name%.zip  .\%TargetDir%\%IMA_name%.imz

::Option 2 - Simply Unzip the image with unzip 

unzip .\%TargetDir%\%IMA_name%.zip -d .\%TargetDir%\

If the target is a .ima, one can maybe run *some* version of *unzip* on the .imz directly and need not zip at all, or, as you suggested "fix" the Sfx to zip and then unzip it, it's all about freedom to choose the solution it's better suited.

The strange thing is that if you use the:
unzip.exe (the one inside ftp://ftp.info-zip.org/pub/infozip/win32/unz552xn.exe )
you get (example):

unzip -t MemScope-110.imz
Archive: MemScope-110.imz
M2K MemScope 1.10
Compliments of Micro 2000 (M2K)
www.micro2000.com
(800) 864-8008 (818) 547-0125
file #1: bad zipfile offset (lseek): 90112
At least one error was detected in MemScope-110.imz.

BUT:

unzip -v MemScope-110.imz
Archive: MemScope-110.imz
M2K MemScope 1.10
Compliments of Micro 2000 (M2K)
www.micro2000.com
(800) 864-8008 (818) 547-0125
Length Method Size Ratio Date Time CRC-32 Name
-------- ------ ------- ----- ---- ---- ------ ----
1474560 Defl:X 60222 96% 14/04/06 09:31 b3ed4b23 MemScope-110.IMA
-------- ------- --- -------
1474560 60222 96% 1 file

So, it shoudn't be such a "horrible" corruption.....

I also find a "curious" choice that the developers decided to add the fixing capabilities to the zip program (which is normally used by those who CREATE the file) and NOT to the unzip one (which is normally used by those that RECEIVE the file - possibly corrupted), but I guess it's just me...

It might be nice to add the official site for the dynamite package too (just in case someone want to build a newer version): http://sourceforge.n...ts/synce/files/

It would be even nicer if someone would actually build the new version and provide the compiled .exe.

Wouldn't it be advisable to check if all needed programs can be found (for people who initially don't read the comments in your batch file)?

Sure , though I guess that people, knowing that is an Alpha 0.01 should:

• read the batch
• run it as SfxAlyze.cmd /? the first time
• NOT use it unless they already know where thaeir towel is...

Note: comments based on reading your batch file, not executing/trying it

Yep.


Wonko

[Wonko the Sane]

Please check

:Del_File

Actually the problem is probably in the line after the calling line (three instances):

IF EXIST .\%TargetDir%\%Ima_Name%*.* CALL :Del_File
IF EXIST .\%TargetDir%\%Ima_Name%.* ECHO Exiting...&PAUSE&GOTO :EOF

should be:

IF EXIST .\%TargetDir%\%Ima_Name%*.* CALL :Del_File
IF EXIST .\%TargetDir%\%Ima_Name%*.* ECHO Exiting...&PAUSE&GOTO :EOF

Wonko

[Icecube]

NO, the idea is to know that it is an ONTRACK file, but (yet) of an unsupported format, this is what the batch should hopefully provide. (when run)

I don't agree. If you know it contains the string "PKWARE Data Compression Library", you can extract the image file with dynamite for sure (I still need to see the first failure). You can check for the ONTRACK string afterwards if you really want (for SZDD compressed files).

If the target is a .ima, one can maybe run *some* version of *unzip* on the .imz directly and need not zip at all, or, as you suggested "fix" the Sfx to zip and then unzip it, it's all about freedom to choose the solution it's better suited.

The strange thing is that if you use the:
unzip.exe (the one inside ftp://ftp.info-zip.org/pub/infozip/win32/unz552xn.exe )
you get (example):

So, it shoudn't be such a "horrible" corruption.....

I also extracted the zip file from the executable and ran zip afterwards to fix the zip file. Later I found out, that it can fix the file in one step.
The zip file is not that corrupted (so why does WinImage need to corrupt it?) When you create a imz image file with winimage, it is still a valid zip file, but when you make a SFX file, the embedded zip file is corrupted. You are right, it is only a small corruption (only 3 bytes that should be zero instead of another value), see the report I made a few days ago on the 7-zip tracker:
http://sourceforge.n...amp;atid=364481

PKWARE® introduced the ZIP format in 1989. This new format combined data compression, file management, and data encryption within a portable archive format. ZIP quickly became the accepted industry standard for cross-platform data exchange and efficient data storage. In order to ensure the continued interoperability of the .ZIP file format for all users, PKWARE publishes an Application Note on the .ZIP file format. The APPNOTE provides developers a general description and technical details of the .ZIP specification. This specification is maintained and periodically updated by PKWARE with support from interested industry experts. These changes are intended to include new capabilities in anticipation of the emerging needs of the ZIP community, while ensuring on-going interoperability for ZIP files.

http://www.pkware.co...pplication-note
Direct link to the ZIP APPNOTE:
http://www.pkware.co...ies/APPNOTE.TXT

The best thing would be that WinImage doesn't corrupt the embedded zip files:
The WinImage developers are a bit lazy. In the "ZIP central directory file header" of the embedded zip file, they put an absolute offset of the local file header instead of the "relative offset of local file header" (field of 4 bytes), which is normally, zero for the first file in a zip archive.
They should calculate the start of the embedded zip file instead of using a absolute offset which will corrupt the embedded zip file to get the start of the embedded zip archive.

"Start of embedded zip archive" =

"filesize of WinImageSFX file"

 - "offset of start of central directory, relative to start of archive"

 - "size of central directory (bytes)"

 - "size of 'ZIP end of central directory record' "

There might be better ways to do this.

See "ZIP central directory file header" and "ZIP end of central directory record" table: http://en.wikipedia....t)#File_headers

I know you are an administrator on their forum, so if you would be so kind (I know I already asked to much) to report it to them.

[Icecube]

I downloaded all floppy creators from: http://www.oldversio...rd Drive Utils/

I found out that some seatools floppy creators have a bzip2-ed floppy image.
Some plain FAT12 images are a bit smaller than 1474560 bytes.
I added which signatures match a certain floppy creator (PKWARE - dynamite images only).

The only problematic images are ./HT_DFT_402_DOS_Floppy.exe (embedded cab file, didn't try to run it) and the SZDD embedded files (./IBM_DG_945_DOS_Floppy.exe and ./FJ_DG_945_DOS_Floppy.exe).

./QT_DM_952_DOS_Floppy.exe is also a bit problematic:
- It only matches the relatively short 0x000006d6 signature.
- It is the only ONTRACK image that doesn't contain the "PKWARE Data Compression Library" string,
but contains "PKlite® Copr. 1990-1996 PKWARE Inc. All Rights Reserved" instead and which can be extracted by dynamite.
- (I know it matches the "ONTRACK" string, but ONTRACK isn't very specific in case you want to extract the image)

For the rest of the results, look below:

22 images:

==========



$ find . -name \*.exe -exec file '{}' \;

./HT_DFT_402_DOS_Floppy.exe:		PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> contains CAB file (currently no solution)

./powermax_421_DOS_Floppy.exe:		PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> PKWARE

./SS_DM_1042.exe:			PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> PKWARE

./WD_DLGT_107_DOS_Floppy.exe:		MS-DOS executable, MZ for MS-DOS			 ==> Plain FAT12 image

./WD_DLG_504f_DOS_Floppy.exe:		PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> PKWARE

./WD_DLGT_112_DOS_Floppy.exe:		PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> PKWARE

./powermax_304_DOS_Floppy.exe:		PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> Plain FAT12 image

./seatools_207_DOS_Floppy.exe:		PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> bzip2-ed FAT12 image

./SG_DW_103609_DOS_Floppy.exe:		PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> PKWARE

./powermax_423_DOS_Floppy.exe:		PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> PKWARE

./powermax_406_DOS_Floppy.exe:		PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> PKWARE

./maxblast36_Floppy.exe:		PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> PKWARE

./maxblast_2_DOS_Floppy.exe:		MS-DOS executable, MZ for MS-DOS			 ==> Plain FAT12 image

./FJ_DM_952_DOS_Floppy.exe:		MS-DOS executable, NE for MS Windows 3.x		 ==> PKWARE

./maxblast_4_V1048_DOS_Floppy.exe:	PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> PKWARE

./IBM_DG_945_DOS_Floppy.exe:		MS-DOS executable, NE for MS Windows 3.x		 ==> SZDD compressed files (currently no solution)

./FJ_DG_945_DOS_Floppy.exe:		MS-DOS executable, NE for MS Windows 3.x		 ==> SZDD compressed files (currently no solution)

./SG_DW_104506_DOS_Floppy.exe:		PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> PKWARE

./QT_DM_952_DOS_Floppy.exe:		MS-DOS executable, NE for MS Windows 3.x		 ==> PKWARE

./seatools_30203_DOS_Floppy.exe:	PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> PKWARE

./seatools_110_DOS_Floppy.exe:		PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> bzip2-ed FAT12 image

./seatools_20009_DOS_Floppy.exe:	PE32 executable for MS Windows (GUI) Intel 80386 32-bit  ==> PKWARE





16 images with "ONTRACK" string:

================================



$ find . -name \*.exe -exec gsar -b -s"ONTRACK" '{}' \; |grep found

./powermax_421_DOS_Floppy.exe: 5 matches found	   ----	sig2	sig3

./SS_DM_1042.exe: 4 matches found					sig1	sig2	sig3

./WD_DLG_504f_DOS_Floppy.exe: 5 matches found		sig1	sig2	----

./WD_DLGT_112_DOS_Floppy.exe: 5 matches found		sig1	sig2	----

./SG_DW_103609_DOS_Floppy.exe: 4 matches found	   sig1	sig2	sig3

./powermax_423_DOS_Floppy.exe: 4 matches found	   ----	sig2	sig3

./powermax_406_DOS_Floppy.exe: 4 matches found	   ----	sig2	sig3

./maxblast36_Floppy.exe: 4 matches found			 sig1	sig2	sig3

./FJ_DM_952_DOS_Floppy.exe: 6 matches found		  ----	----	sig3

./maxblast_4_V1048_DOS_Floppy.exe: 5 matches found   sig1	sig2	sig3

./IBM_DG_945_DOS_Floppy.exe: 33 matches found		----	----	----	==> SZDD compressed files

./FJ_DG_945_DOS_Floppy.exe: 36 matches found		 ----	----	----	==> SZDD compressed files

./SG_DW_104506_DOS_Floppy.exe: 4 matches found	   sig1	sig2	sig3

./QT_DM_952_DOS_Floppy.exe: 89 matches found		 ----	----	sig3	==> "PKlite(R) Copr. 1990-1996 PKWARE Inc. All Rights Reserved" string (extractable with dynamite)

./seatools_30203_DOS_Floppy.exe: 4 matches found	 sig1	sig2	sig3

./seatools_20009_DOS_Floppy.exe: 4 matches found	 sig1	sig2	sig3





13 ONTRACK images with "PKWARE Data Compression Library" string:

================================================================



$ find . -name \*.exe -exec gsar -b -s"PKWARE Data Compression Library" '{}' \; |grep found

./powermax_421_DOS_Floppy.exe: 2 matches found	   ----	sig2	sig3

./SS_DM_1042.exe: 2 matches found					sig1	sig2	sig3

./WD_DLG_504f_DOS_Floppy.exe: 2 matches found		sig1	sig2	----

./WD_DLGT_112_DOS_Floppy.exe: 2 matches found		sig1	sig2	----

./SG_DW_103609_DOS_Floppy.exe: 2 matches found	   sig1	sig2	sig3

./powermax_423_DOS_Floppy.exe: 2 matches found	   ----	sig2	sig3

./powermax_406_DOS_Floppy.exe: 2 matches found	   ----	sig2	sig3

./maxblast36_Floppy.exe: 2 matches found			 sig1	sig2	sig3

./FJ_DM_952_DOS_Floppy.exe: 2 matches found		  ----	----	sig3

./maxblast_4_V1048_DOS_Floppy.exe: 2 matches found   sig1	sig2	sig3

./SG_DW_104506_DOS_Floppy.exe: 2 matches found	   sig1	sig2	sig3

./seatools_30203_DOS_Floppy.exe: 2 matches found	 sig1	sig2	sig3

./seatools_20009_DOS_Floppy.exe: 2 matches found	 sig1	sig2	sig3





2 ONTRACK images with SZDD compressed files:

============================================



$ find . -name \*.exe -exec gsar -b -s"SZDD" '{}' \; |grep found

./IBM_DG_945_DOS_Floppy.exe: 25 matches found

./FJ_DG_945_DOS_Floppy.exe: 26 matches found





Signature 1 (9 hits / 13):

==========================



$ find . -name \*.exe -exec gsar -b -s:x00:x06:xD6:x59:x81:x44:x44:x0A '{}' \;|grep found

./SS_DM_1042.exe: 1 match found

./WD_DLG_504f_DOS_Floppy.exe: 1 match found

./WD_DLGT_112_DOS_Floppy.exe: 1 match found

./SG_DW_103609_DOS_Floppy.exe: 2 matches found

./maxblast36_Floppy.exe: 1 match found

./maxblast_4_V1048_DOS_Floppy.exe: 1 match found

./SG_DW_104506_DOS_Floppy.exe: 2 matches found

./seatools_30203_DOS_Floppy.exe: 1 match found

./seatools_20009_DOS_Floppy.exe: 2 matches found



Signature 2 (12 hits / 13):

===========================



$ find . -name \*.exe -exec gsar -b -s:x00:x06:xD6:x59:x81 '{}' \;|grep found

./powermax_421_DOS_Floppy.exe: 1 match found

./SS_DM_1042.exe: 1 match found

./WD_DLG_504f_DOS_Floppy.exe: 1 match found

./WD_DLGT_112_DOS_Floppy.exe: 1 match found

./SG_DW_103609_DOS_Floppy.exe: 2 matches found

./powermax_423_DOS_Floppy.exe: 1 match found

./powermax_406_DOS_Floppy.exe: 1 match found

./maxblast36_Floppy.exe: 1 match found

./maxblast_4_V1048_DOS_Floppy.exe: 1 match found

./SG_DW_104506_DOS_Floppy.exe: 2 matches found

./seatools_30203_DOS_Floppy.exe: 1 match found

./seatools_20009_DOS_Floppy.exe: 2 matches found



Signature 3 (11 hits / 13):

===========================



$ find . -name \*.exe -exec gsar -b -s:x00:x00:x06:xD6 '{}' \;|grep found

./powermax_421_DOS_Floppy.exe: 1 match found

./SS_DM_1042.exe: 1 match found

./SG_DW_103609_DOS_Floppy.exe: 2 matches found

./powermax_423_DOS_Floppy.exe: 1 match found

./powermax_406_DOS_Floppy.exe: 1 match found

./maxblast36_Floppy.exe: 1 match found

./FJ_DM_952_DOS_Floppy.exe: 1 match found

./maxblast_4_V1048_DOS_Floppy.exe: 1 match found

./SG_DW_104506_DOS_Floppy.exe: 2 matches found

./QT_DM_952_DOS_Floppy.exe: 1 match found		==> no "PKWARE Data Compression Library" string,

								but "PKlite(R) Copr. 1990-1996 PKWARE Inc. All Rights Reserved"

./seatools_30203_DOS_Floppy.exe: 1 match found

./seatools_20009_DOS_Floppy.exe: 2 matches found





Plain FAT12 images:

===================



$ find . -name \*.exe -exec gsar -b -s"FAT12" '{}' \;|grep found

./WD_DLGT_107_DOS_Floppy.exe: 4 matches found		==> Plain FAT12 image, but truncated

./powermax_304_DOS_Floppy.exe: 2 matches found		==> Plain FAT12 image

./maxblast_2_DOS_Floppy.exe: 2 matches found		==> Plain FAT12 image, but truncated

./IBM_DG_945_DOS_Floppy.exe: 2 matches found		==> SZDD compressed files (no plain image)

./FJ_DG_945_DOS_Floppy.exe: 2 matches found		==> SZDD compressed files (no plain image)





bzip2-ed FAT12 images:

======================



- You can find the offset of the start of the bzip2-ed FAT12, by searching for those magic bytes: "0x314159265359"

	gsar -b -s:x31:x41:x59:x26:x53:x59 seatools_207_DOS_Floppy.exe

- 4 bytes before this magic signature you find the start of the image: "BZh"

	gsar -b -sBZh seatools_207_DOS_Floppy.exe

$ find . -name \*.exe -exec gsar -b -s:x31:x41:x59:x26:x53:x59 '{}' \;|grep found

./seatools_207_DOS_Floppy.exe: 1 match found

./seatools_110_DOS_Floppy.exe: 1 match found

[ady]

The strange thing is that if you use the:
unzip.exe (the one inside ftp://ftp.info-zip.org/pub/infozip/win32/unz552xn.exe )
you get (example):

I downloaded version 6, not 5.52. I hope it's the same for this particular batch.

[Wonko the Sane]

I don't agree. If you know it contains the string "PKWARE Data Compression Library", you can extract the image file with dynamite for sure (I still need to see the first failure). You can check for the ONTRACK string afterwards if you really want (for SZDD compressed files).

Sure, only that unless I am mistaken, we haven't yet found any floppy image NOT containing "ONTRACK" BUT using the "PKWARE Data Compression Library".
Not necessaarily the "right approach", but it's the "driven by examples" one.
I do know that the ONTRACK isn't the best search string in the world...

....
You are right, it is only a small corruption (only 3 bytes that should be zero instead of another value), see the report I made a few days ago on the 7-zip tracker:
.....

This is the thing that sometimes I hate about peeps like you that know very well where your towel is , can you simply tell WHICH three bytes should be changed to 00's?

The best thing would be that WinImage doesn't corrupt the embedded zip files:
The WinImage developers are a bit lazy. In the "ZIP central directory file header" of the embedded zip file, they put an absolute offset of the local file header instead of the "relative offset of local file header" (field of 4 bytes), which is normally, zero for the first file in a zip archive.
They should calculate the start of the embedded zip file instead of using a absolute offset which will corrupt the embedded zip file to get the start of the embedded zip archive.
.....
I know you are an administrator on their forum, so if you would be so kind (I know I already asked to much) to report it to them.

Not really a problem, the problem is that Winimage has not "developers", it's a "one man show", and Gilles Vollant is apparently MIA since a few months.

If you just tell me WHICH are the "wrong" three bytes and confrm that they have always to be 0, I could set them to 00 with dsfo/dsfi and fix on-the-spot the .imz .zip or even directly the Sfx....

I'll check the bz2 and cab ones (and the truncated embedded FAT12).

@ady
Sure, the version should be irrelevant.


Wonko

[Icecube]

It are actually 4 bytes that are used to specify the relative offset, but because we have a small embedded zip file the absolute offset used by WinImage only occupies 3 bytes.

Definetely take a look at: http://en.wikipedia....t)#File_headers

pw-direct-fixed.exe is just a SFX packed floppy image, I made.
Its filesize is 747095 bytes.

The bytes that need to be fixed are located at the end of the file:

$ hexdump -C -s 747000 pw-direct-fixed.exe
000b65f8 ff 1b 50 4b 01 02 0a 00 0a 00 02 00 08 00 18 a5 |..PK............|
000b6608 18 3d 2b ee 4e 15 a7 01 0a 00 00 80 16 00 0d 00 |.=+.N...........|
000b6618 0c 00 00 00 00 00 00 00 20 00 00 00 1c 64 01 00 |........ ....d..|
000b6628 70 77 2d 64 69 72 65 63 74 2e 49 4d 41 57 49 08 |pw-direct.IMAWI.|
000b6638 00 01 00 00 00 00 80 16 00 50 4b 05 06 00 00 00 |.........PK.....|
000b6648 00 01 00 01 00 47 00 00 00 de 01 0a 00 00 00 |.....G.........|
000b6657

Central directory file header signature = 0x02014b50 (stored in little endian format)
Relative offset of local file header (at offset 42 from start of "Central directory file header signature"): should be zero (4 bytes) for the first file in the zip archive
End of central directory signature = 0x06054b50 (stored in little endian format)
Total number of central directory records (stored in little endian format) at offset 10 from start of "End of central directory signature": will be 1, when you have 1 embedded image file

For keeping things simple, I only looked at Winimage SFX files with 1 embedded image. Winimage SFX files with multiple embedded images will be a bit more difficult to fix manually.

Search for the "End of central directory signature = 0x06054b50" (stored in little endian format).
If multiple hits, use the last hit

$ gsar -b -s:x50:x4b:x05:x06 pw-direct-fixed.exe

pw-direct-fixed.exe: 0xb6641

pw-direct-fixed.exe: 1 match found

Look at the number of stored files in the embedded zip file: "Total number of central directory records" (stored in little endian format) at offset 10 from start of "End of central directory signature": will be 0x0100 (= 1), when you have 1 embedded image file

$ hexdump -C -s $((0xb6641+10)) -n2 pw-direct-fixed.exe 

000b664b  01 00											 |..|

000b664d

If you have 1 file in your zip file proceed, else figure out how you can fix the relative offsets for multiple images (didn't look at it yet, "zip -FF" is easier ).

Look for the "Central directory file header signature = 0x02014b50" (stored in little endian format).

$ gsar -b -s:x50:x4b:x01:x02 pw-direct-fixed.exe

pw-direct-fixed.exe: 0xb65fa

pw-direct-fixed.exe: 1 match found

Now we can finally fix the "Relative offset of local file header" (at offset 42 from start of "Central directory file header signature"). When you have only 1 file in you zip file, this value should be zero (4 bytes). If you have multiple files, you will find more than 1 "Central directory file header signature = 0x02014b50", and you can't put zero's in all "Relative offset of local file headers", but you need to put the right relative local file header offset at this location.

Write 4 bytes of zeros at "Relative offset of local file header" field:

$ dd if=/dev/zero of=pw-direct-fixed.exe ibs=4 count=1 seek=1 obs=$((0xb65fa+42)) conv=notrunc

1+0 records read

0+1 records written

4 bytes (4 B) copied, 0,000160356 s, 24,9 kB/s

Fixed SFX executable, with valid embedded zip file:

$ hexdump -C -s 747000 pw-direct-fixed.exe
000b65f8 ff 1b 50 4b 01 02 0a 00 0a 00 02 00 08 00 18 a5 |..PK............|
000b6608 18 3d 2b ee 4e 15 a7 01 0a 00 00 80 16 00 0d 00 |.=+.N...........|
000b6618 0c 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 |........ .......|
000b6628 70 77 2d 64 69 72 65 63 74 2e 49 4d 41 57 49 08 |pw-direct.IMAWI.|
000b6638 00 01 00 00 00 00 80 16 00 50 4b 05 06 00 00 00 |.........PK.....|
000b6648 00 01 00 01 00 47 00 00 00 de 01 0a 00 00 00 |.....G.........|

When you search for the "Local file header signature = 0x04034b50" (stored in little endian format), your first hit (unless the executable part of the SFX archive of this string has those bytes accidentally too) will be the start of the zip data. If you have multiple files in your zip file, you will get multiple hits. Then you can calculate the value for "Relative offset of local file headers" by substracting the offset of the second hit with the offset of the first hit (start of zip file), by y substracting the offset of the third hit with the offset of the first hit (start of zip file), ...

$ gsar -b -s:x50:x4b:x03:x04 pw-direct-fixed.exe

pw-direct-fixed.exe: 0x1641c

pw-direct-fixed.exe: 1 match found

The embedded zip file of the fixed WinImage SFX executable can be correctly extracted by 7-zip and the WinImage SFX executable seems to have no problems extracting the image out of its executable. I din't test if WinImage can write the image correctly to a floppy image (rather difficult to test that from within wine).

[Wonko the Sane]

@Icecube
You must have been affected by the same kind of verbosity/randomness Ady showed before.

You have just listed a number of available images to experiment with.

Then you post a verbose, colourful report about ANOTHER image you have made yourself....

The answer to my question is actually (in my simplified, layman's terms ):

The three four bytes are those coloured in the almost unreadable light green above.

Thus this should be a reasonable approach :

• find LAST occurrence of "PK" (or better 504B0506) in the file, say that's address n
• verify that byte at n+10 is 1
• if it is: 00 out three byes at offset n-29 (or four bytes, there should be no difference)
• if it is not: "a suffusion of yellow"

Thanks a lot for the exhaustive reply.


Wonko

[Icecube]

You have just listed a number of available images to experiment with.

But they weren't Winimage SFX exectuables . I created a SFX file, from one of the floppy images, I had on my desktop.

Thus this should be a reasonable approach :

• find LAST occurrence of "PK" (or better 504B0506) in the file, say that's address n
• verify that byte at n+10 is 1
• if it is: 00 out three byes at offset n-29 (or four bytes, there should be no difference)
• if it is not: "a suffusion of yellow"

I could have done it that way, but the instructions would be wrong .

Take a look at the MemScope WinImage SFX:

$ hexdump -C -s 150430 ../Downloads/MemScope-110.exe
00024b9e 00 00 00 00 58 0a 50 4b 01 02 0a 00 0a 00 02 00 |....X.PK........|
00024bae 08 00 e8 4b 8e 34 23 4b ed b3 3e eb 00 00 00 80 |...K.4#K..>.....|
00024bbe 16 00 10 00 0c 00 00 00 00 00 00 00 20 00 00 00 |............ ...|
00024bce 2c 60 01 00 4d 65 6d 53 63 6f 70 65 2d 31 31 30 |,`..MemScope-110|
00024bde 2e 49 4d 41 57 49 08 00 01 00 00 00 00 80 16 00 |.IMAWI..........|
00024bee 50 4b 05 06 00 00 00 00 01 00 01 00 4a 00 00 00 |PK..........J...|
00024bfe 78 eb 00 00 67 00 4d 32 4b 20 4d 65 6d 53 63 6f |x...g.M2K MemSco|
00024c0e 70 65 20 31 2e 31 30 0d 0a 43 6f 6d 70 6c 69 6d |pe 1.10..Complim|
00024c1e 65 6e 74 73 20 6f 66 20 4d 69 63 72 6f 20 32 30 |ents of Micro 20|
00024c2e 30 30 20 28 4d 32 4b 29 0d 0a 77 77 77 2e 6d 69 |00 (M2K)..www.mi|
00024c3e 63 72 6f 32 30 30 30 2e 63 6f 6d 0d 0a 28 38 30 |cro2000.com..(80|
00024c4e 30 29 20 38 36 34 2d 38 30 30 38 20 28 38 31 38 |0) 864-8008 (818|
00024c5e 29 20 35 34 37 2d 30 31 32 35 20 0d 0a |) 547-0125 ..|

The filename field doesn't has always the same lenght. That's why I explained the steps very verbose. You need to search for Central directory file header signature = 0x02014b50 (stored in little endian format) first, and then count 40 bytes. That post didn't consist of some random thoughts .

[Wonko the Sane]

The filename field doesn't has always the same lenght. That's why I explained the steps very verbose. You need to search for Central directory file header signature = 0x02014b50 (stored in little endian format) first, and then count 40 bytes. That post didn't consist of some random thoughts .

You are right , I was also thinking that since the batch already finds the .ima filename from it's first occurrence, I could look for that one, the three four bytes should be those immediately before it, by using <Ima_name>+.IMAWI there should be just two occurrencies of it, one at the beginning and one near the end...

That post didn't consist of some random thoughts .

Sure , but you see, I managed to get you EXACTLY where I wanted...

Take a look at the MemScope WinImage SFX:

...posting a "real life" example on a "commonly available" image....


Wonko

[Wonko the Sane]

Version 0.02 attached.

• takes care (hopefully) of bzip2 compressed images
• directly patches the .imz (as well hopefully)

Added dependencies:

• bzip2.exe
• hexalter.exe

If the patching is considered working, we could later keep hexalter, and get rid of:

• zip
• unzip
• bzip2

and use 7-zip's 7za.exe instead. (the summed up size of bzip2 and unzip - we wouldn't need zip anymore - is still less than 7za.exe)


Wonko

Attached Files

•  SfxAlyze_002.zip   2.88KB   538 downloads

[ady]

SfxAlyze 001 extracts Winimage sfx files into the "Expanded" folder as follows:

<filename.exe ---> <filename.ima> AND <filename.zip> AND <filename.imz>

All 3 files are equivalent, so at least 2 of them are unnecessary.

memscope-110.exe (winimage sfx 8.00) --> all 3 files extractedpci_emaxx.exe (winimage sfx 6.10) --> all 3 files extracted [url="http://www.pcinspector.de/EMaxx/info.htm?language=1"]http://www.pcinspector.de/EMaxx/info.htm?language=1[/url]

Additionally, pci_emaxx.exe can be extracted with "Uniextract" successfully, but memscope-110.exe can't.

Finally, the "abort, then retry" trick doesn't work with pci_emaxx.exe.

[Wonko the Sane]

SfxAlyze 001 extracts Winimage sfx files into the "Expanded" folder as follows:

<filename.exe ---> <filename.ima> AND <filename.zip> AND <filename.imz>

All 3 files are equivalent, so at least 2 of them are unnecessary.

Really?

Didn't notice it...

I like to see things as half full glass:
http://en.wikipedia....ty_or_half_full
DSFO does NOT extract a "corrupt" .zip file , it extracts a "valid" .imz file...
As-is the batch provides THREE files for each WinimageSfx:

• a valid .imz
• a valid .zip file (the above "fixed")
• a valid .ima file

dsfo %SourceSfx% %PK% 0 .\%TargetDir%\%IMA_name%.imz

::Option 1 - Fix the .imz so that it becomes a valid .zip file that can be opened by 7-zip also

zip -FF --out .\%TargetDir%\%IMA_name%.zip  .\%TargetDir%\%IMA_name%.imz

::Option 2 - Simply Unzip the image with unzip 

unzip .\%TargetDir%\%IMA_name%.zip -d .\%TargetDir%\

Wonko

[Wonko the Sane]

Sorry uploaded an invalid _002 file before.
File replaced, please re-download, it should support correctly embedded UNcompressed .ima files now.


Wonko

[ady]

In sfxalyze I noticed:

:Check_Signature

...

IF EXIST .\%TargetDir%\%IMA_name%.* ECHO Exiting...&PAUSE&GOTO :EOF

in
:bzip2
:Winimage_expand
:Ontrack_Expand

IF EXIST .\%TargetDir%\%IMA_name%[color="#FF0000"]*[/color].* ECHO Exiting...&PAUSE&GOTO :EOF

I have no idea if this difference is ok.

[Wonko the Sane]

In sfxalyze I noticed:
.....

I have no idea if this difference is ok.

Right now it doesn't make any difference (since the batch only expecta a single image "embedded") but it's better to make it like the other ones, just in case.


Wonko

[Icecube]

Just in case anybody still wants a newer compiled version of dynamite. You will need:

• bin/cygwin1.dll
• bin/dynamite.exe

This version now extracts the floppy image of DlgDiagv504f, the right way (just the right amount of bytes), so no trucation needs to be done anymore:
http://support.wdc.c...s...d=2&lang=en

Attached Files

•  libdynamite_0.1.1.tar.gz   1.19MB   767 downloads