Support NSIS Installers #1249
Description
I'd like to work on adding support for NSIS Installers to unblob.
An example binary:
https://prdownloads.sourceforge.net/nsis/nsis-3.11-setup.exe?download
file nsis-3.11-setup.exe
nsis-3.11-setup.exe: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
These can be extracted via 7z:
$ 7z x -oextracted nsis-3.11-setup.exe
7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21 p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,8 CPUs Intel(R) Core(TM) i7-8665U CPU @ 1.90GHz (806EC),ASM,AES-NI)
Scanning the drive for archives:
1 file, 1564991 bytes (1529 KiB)
Extracting archive: nsis-3.11-setup.exe
--
Path = nsis-3.11-setup.exe
Type = Nsis
Physical Size = 1564991
Method = LZMA:23
Solid = +
Headers Size = 207454
Embedded Stub Size = 53248
SubType = NSIS-3 Unicode BadCmd=11
Everything is Ok
Files: 445
Size: 7336667
Compressed: 1564991
With output:
$ tree extracted/ | head -n 20
extracted/
├── $PLUGINSDIR
│ ├── modern-header.bmp
│ ├── modern-wizard.bmp
│ ├── nsDialogs.dll
│ └── System.dll
├── Bin
│ ├── GenPat.exe
│ ├── MakeLangId.exe
│ ├── makensis.exe
│ ├── RegTool-x86.bin
│ ├── zip2exe.exe
│ └── zlib1.dll
├── Contrib
│ ├── Graphics
│ │ ├── Checks
│ │ │ ├── big.bmp
│ │ │ ├── classic.bmp
│ │ │ ├── classic-cross.bmp
│ │ │ ├── colorful.bmp
Based on my understanding of the repo so far, I think I would want to create a new handler:
python/unblob/handlers/executable/pe.py
And then mirror some of the structure from elf.py, replacing upx with NSIS.
Before I attempt this, I'd like to understand whether I need to implement all the header parsing as is done in elf.py. It seems like I can let lief do the heavy lifting and then simply detect whether the the PE looks like a NSIS installer before invoking 7z.
Thoughts?