windows

package
v0.17.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 5, 2025 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ArchiveCAB = "cab"
	ArchiveZIP = "zip"
)

Variables

View Source 
var (
	CABSignature = []byte("MSCF")       // CAB header signature
	ZIPSignature = []byte("PK\x03\x04") // ZIP local file header signature
)

Archive signatures

View Source 
var PeExtensions = []string{
	".acm", ".ax", ".cpl", ".dll", ".drv", ".efi", ".exe", ".mui", ".ocx",
	".scr", ".sys", ".tsp", ".mun", ".msstyles",
}

PeExtensions - extensions for Portable Executable (PE) files. This list may not be exhaustive, as the PE standard does not mandate specific extensions. The empty string is intentionally included to handle files without extensions.

Functions

func CreateTempDir 

func CreateTempDir() (string, func(), error)

CreateTempDir creates a secure temporary directory for archive extraction

func DetectBurnManifest 

func DetectBurnManifest(extractDir string) (string, error)

DetectBurnManifest looks for a BurnManifest file in the extracted directory

func ExtractArchive 

func ExtractArchive(archiveType ArchiveType, filePath string, extractDir string) error

ExtractArchive extracts an embedded archive based on its type

func ExtractCAB 

func ExtractCAB(cabPath string, extractDir string) error

ExtractCAB extracts a CAB archive to the specified directory using external tools

func ExtractZIP 

func ExtractZIP(filePath string, extractDir string) error

ExtractZIP extracts a ZIP archive to the specified directory using Go's standard library

func IsCabextractAvailable 

func IsCabextractAvailable() bool

func IsExecutable 

func IsExecutable(filename string) bool

IsExecutable checks if the file is an executable based on its extension

func IsExpandAvailable 

func IsExpandAvailable() bool

Types

type ArchiveType 

type ArchiveType string

ArchiveType represents the type of embedded archive

type BurnManifest 

type BurnManifest struct {
	XMLName  xml.Name  `xml:"BurnManifest"`
	UX       UXElement `xml:"UX"`
	Chain    Chain     `xml:"Chain"`
	Payloads []Payload `xml:"Payload"`
}

BurnManifest represents the WiX Burn manifest structure

func ParseBurnManifest 

func ParseBurnManifest(manifestPath string) (*BurnManifest, error)

ParseBurnManifest parses a BurnManifest XML file

func (*BurnManifest) GetPackageInfo 

func (m *BurnManifest) GetPackageInfo() []PackageInfo

GetPackageInfo returns information about packages in the manifest

func (*BurnManifest) GetPayloadInfo 

func (m *BurnManifest) GetPayloadInfo() (map[string]*BurnPayloadInfo, error)

GetPayloadInfo extracts comprehensive payload information from the manifest

type BurnPayloadInfo 

type BurnPayloadInfo struct {
	ID          string
	FilePath    string
	FileSize    int64
	Hash        string
	SourcePath  string
	Container   string
	PackageType string // "UX", "MSI", "MSU", or "Unknown"
	PackageID   string
	ProductCode string
	Version     string
}

BurnPayloadInfo contains enriched payload information

type Chain 

type Chain struct {
	MsiPackages []MsiPackage `xml:"MsiPackage"`
	MsuPackages []MsuPackage `xml:"MsuPackage"`
}

Chain contains the installation chain packages

type CleanupFunc 

type CleanupFunc func()

type ExecutableFile 

type ExecutableFile struct {
	Metadata ExecutableFileMetadata
	Path     string
	Includes []ExecutableFile
}

type ExecutableFileMetadata 

type ExecutableFileMetadata struct {
	// Path to the executable file
	FilePath string `json:"filePath,omitempty"`

	// Original file name
	OriginalFileName string `json:"originalFileName,omitempty"`

	// Assembly name
	AssemblyVersion string `json:"assemblyVersion,omitempty"`

	// Internal name of the product
	InternalName string `json:"internalName,omitempty"`

	// Product name
	ProductName string `json:"productName,omitempty"`

	// Product version
	ProductVersion string `json:"productVersion,omitempty"`

	// File description
	FileDescription string `json:"fileDescription,omitempty"`

	// File version
	FileVersion string `json:"fileVersion,omitempty"`

	// Company that produced the file
	CompanyName string `json:"companyName,omitempty"`

	// Copyright information
	LegalCopyright string `json:"legalCopyright,omitempty"`

	// Trademark information
	Trademark string `json:"trademark,omitempty"`

	// Comments
	Comments string `json:"comments,omitempty"`

	// Language/locale
	Language string `json:"language,omitempty"`

	// PE architecture (e.g., x86, x64, ARM)
	Architecture string `json:"architecture,omitempty"`

	// Timestamp from PE header
	Timestamp uint32 `json:"timestamp,omitempty"`
}

func ExtractPEMetadata 

func ExtractPEMetadata(filePath string) (*ExecutableFileMetadata, error)

type Inventory 

type Inventory []InventoryFile

Inventory represents a complete file inventory from extracted archives

func ScanDirectory 

func ScanDirectory(filePath string) (Inventory, error)

type InventoryFile 

type InventoryFile struct {
	Filename         string
	InstallationPath string
	SHA256           string
	Size             int64
	IsArchive        bool
	IsInstaller      bool
	ArchiveFormat    ArchiveType

	// PE data
	Meta *ExecutableFileMetadata

	SourceFilePath string // for debugging

	Contents []InventoryFile
}

InventoryFile represents a single file in the inventory

func EnrichInventoryWithBurnManifest 

func EnrichInventoryWithBurnManifest(files []InventoryFile, extractDir string) ([]InventoryFile, error)

EnrichInventoryWithBurnManifest enriches inventory files with BurnManifest metadata

func ScanFile 

func ScanFile(filePath string) (InventoryFile, error)

ScanFile creates an InventoryFile from an absolute path to a file on disk (recursively)

type MsiPackage 

type MsiPackage struct {
	ID          string       `xml:"Id,attr"`
	ProductCode string       `xml:"ProductCode,attr"`
	Version     string       `xml:"Version,attr"`
	PayloadRefs []PayloadRef `xml:"PayloadRef"`
}

MsiPackage represents an MSI package in the chain

type MsuPackage 

type MsuPackage struct {
	ID          string       `xml:"Id,attr"`
	KB          string       `xml:"KB,attr"`
	PayloadRefs []PayloadRef `xml:"PayloadRef"`
}

MsuPackage represents an MSU package in the chain

type PackageInfo 

type PackageInfo struct {
	ID          string
	Type        string
	ProductCode string
	Version     string
	KB          string
	PayloadIDs  []string
}

PackageInfo represents package information from the manifest

type Payload 

type Payload struct {
	ID         string `xml:"Id,attr"`
	FilePath   string `xml:"FilePath,attr"`
	FileSize   string `xml:"FileSize,attr"`
	Hash       string `xml:"Hash,attr"`
	SourcePath string `xml:"SourcePath,attr"`
	Container  string `xml:"Container,attr"`
}

Payload represents a file payload in the manifest

type PayloadRef 

type PayloadRef struct {
	ID string `xml:"Id,attr"`
}

PayloadRef references a payload by ID

type ScanResult 

type ScanResult struct {
	Files []ExecutableFile
}

type UXElement 

type UXElement struct {
	Payloads []Payload `xml:"Payload"`
}

UXElement contains UI payloads

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.