wcecabinfo - Tool to extract info from cab files

After writing wcepeinfo to get all the necessary information from Windows CE PE executables, I'm currently working on a tool to do the same for cab installers

Each cab installer contains a .000 file, which includes program name, provider, Windows CE version range, target architecture, file names, install locations, registry keys, etc.
wcecabinfo will output all of this information in human-readable formatting as well as JSON for further processing.
This is quite a bit more straightforward than parsing PE files, so it should be not too much of an issue really

The github repo is: https://github.com/HPC-Factor/windows-ce-cab-info

As of writing this post, the tool doesn't do too much, but will soon!

If anyone wants to share .000 files for testing, feel free to. You can extract them from .cab files with 7zip for example. They only contain metadata, so they should be fine to share (Unless C:Amie objects)

Nice project, I used to have a script that lazily did something similar. You just dropped the cab on the script file and it binary read its way through.

I'm using the great documentation from: https://www.cabextract.org.uk/wince_cab_format/

If you have any more info on the "unknown" fields, please let me know, I always like to keep things complete

Progress!

$ ./dist/wcecabinfo -V -j ./testdata/PRINCE~1.000  
File was identified as a 000 file by file signature 

Opened file, size: 632 

{ 

        "appName":      "Prince of Persia", 

        "provider":     "Gameloft", 

        "minCeVersionMajor":    4, 

        "minCeVersionMinor":    0, 

        "minCeVersionString":   "4.0", 

        "maxCeVersionMajor":    6, 

        "maxCeVersionMinor":    99, 

        "maxCeVersionString":   "6.99", 

        "maxCeBuildNumber":     3758096384 

}

To do: Files, reg keys and links sections

What am I missing? How is your project different from MSCEINF or is it just the challenge of creating your own script/app?

I wanted to make a POSIX compliant CLI tool that outputs JSON, since I have several thousand cabs I'd like to automatically process, all part of the effort to get things onto the Internet Archive

Current status below (everything except registry keys is there right now)
Turns out some cabs don't have any architecture set, but since this is a CAB for a modern PocketPC, there was nothing but ARM at this point anyway, so no need to bother with that I guess

Strings like %CE1% are placeholders for specific directories, which are different depending on whether it's a HPC or a PPC.

fileId fields correspond to the file numbers in the cab file, so fileId=3 would correspond to FILENAME.003 in the cab archive.

{ 
        "appName":      "Prince of Persia", 

        "provider":     "Gameloft", 

        "architecture": null, 

        "minCeVersion": { 

                "minCeVersionMajor":    4, 

                "minCeVersionMinor":    0, 

                "minCeVersionString":   "4.0" 

        }, 

        "maxCeVersion": { 

                "maxCeVersionMajor":    6, 

                "maxCeVersionMinor":    99, 

                "maxCeVersionString":   "6.99" 

        }, 

        "maxCeBuildNumber":     3758096384, 

        "files":        [{ 

                        "fileId":       1, 

                        "fileName":     "sounds.bar", 

                        "directory":    "%CE1%\\Gameloft\\POPHD" 

                }, { 

                        "fileId":       2, 

                        "fileName":     "sprites.bar", 

                        "directory":    "%CE1%\\Gameloft\\POPHD" 

                }, { 

                        "fileId":       3, 

                        "fileName":     "levels.bar", 

                        "directory":    "%CE1%\\Gameloft\\POPHD" 

                }, { 

                        "fileId":       4, 

                        "fileName":     "UK.bar", 

                        "directory":    "%CE1%\\Gameloft\\POPHD" 

                }, { 

                        "fileId":       5, 

                        "fileName":     "PT.bar", 

                        "directory":    "%CE1%\\Gameloft\\POPHD" 

                }, { 

                        "fileId":       6, 

                        "fileName":     "FR.bar", 

                        "directory":    "%CE1%\\Gameloft\\POPHD" 

                }, { 

                        "fileId":       7, 

                        "fileName":     "bbms.bar", 

                        "directory":    "%CE1%\\Gameloft\\POPHD" 

                }, { 

                        "fileId":       8, 

                        "fileName":     "objectslib.bar", 

                        "directory":    "%CE1%\\Gameloft\\POPHD" 

                }, { 

                        "fileId":       9, 

                        "fileName":     "IT.bar", 

                        "directory":    "%CE1%\\Gameloft\\POPHD" 

                }, { 

                        "fileId":       10, 

                        "fileName":     "textureslib.bar", 

                        "directory":    "%CE1%\\Gameloft\\POPHD" 

                }, { 

                        "fileId":       11, 

                        "fileName":     "data.sav", 

                        "directory":    "%CE1%\\Gameloft\\POPHD" 

                }, { 

                        "fileId":       12, 

                        "fileName":     "DE.bar", 

                        "directory":    "%CE1%\\Gameloft\\POPHD" 

                }, { 

                        "fileId":       13, 

                        "fileName":     "SP.bar", 

                        "directory":    "%CE1%\\Gameloft\\POPHD" 

                }, { 

                        "fileId":       14, 

                        "fileName":     "PrinceOfPersiaHD.exe", 

                        "directory":    "%CE1%\\Gameloft\\POPHD" 

                }], 

        "registryEntries":      [], 

        "links":        [{ 

                        "linkId":       1, 

                        "isFile":       true, 

                        "targetId":     14, 

                        "linkPath":     "%CE17%\\POP HD.lnk" 

                }] 

}

Edited by Karpour 2022-01-16 9:39 PM

Could be interesting to run it over the SCL and see if it can generate any missing data. Sadly most of the SCL isn't exploded into CABs though. Would need to protect against PPC files too.

This is just one of many tools I'm using, trying to classify just about anything

So if it's a zip file, unpack it.
If there's an exe file, check if it's a CE executable, otherwise try to extract the installer data (using 7zip for example).
Usually there's a cab inside, analyze that.
Then extract the cab, analyze the EXE files inside.

cab files by default don't really make a difference between HPC and PPC it seems, except of course if it specifically only allows a HPC or PPC specific version of Windows CE, but many are overlapping.

That's fine for 2.01 PsPC, but a problem for 2.11 and 3.0. It's be more reliable to look at the imports list and see if AYGShell is imported.

That was a mistake I first made when compiling a .cab file...not specifying the architecture. You could install a MIPS file on an SH3 machine. Oops. Then those programs that were desktop installers only and didn't use cab files. Finding where they were decompressed and then grabbing the contents before closing the installer, and then creating a cab file for them along with the registry imports...

I'm sure there are a number of my shitty novice cab file creations in the SCL even today. When I come across them I clean them up and fix my errors.

CAB files also include a multistring field for "unsupported", I couldn't find an official list of values, but after running my script on about 500 CABs, these are all the ones I came across:

"PALM-SIZE PC" | "HPC" | "PALM PC" | "PALM PC2" | "POCKETPC" | "JUPITER"

I would assume these are not correctly set on most, though I assume this is what would prevent the cab installer from installing a PPC app on a HPC.

Usually, executing a CAB on a CE device it wasn't intended for will generate a warning that it may not run correctly after installation, but in those cases it doesn't prevent installation as you are given the option to continue. But occasionally I've gotten the error message that the program was not designed for the "device type" I tried it on, which does prevent installation. I've never understood what identifiers in the CAB produce one of those versus the other.

What would be nice would be the ability to generate .reg files from the registry entries that the CAB installs when run in the CE device. MSCEInf displays those, but there's no simple way to convert them into importable keys and/or values.

JUPITER is the one you see most often on the traditional H/PC Pro era.

To add to the complexity, don't forget that there can be THUMB cab's too, which is a free for all architecture.

You're right CE Geek, that would be a good thing to have

Good idea! I'll add this feature!

Do you have any idea what the first line of a CE RegEdit file should be? just "REGEDIT4"?

Using this (not so great) document for reference: https://support.microsoft.com/en-us/topic/how-to-add-modify-or-delet...

From a .reg file I have on hand

REGEDIT4 
 

[HKEY_LOCAL_MACHINE\nls\overrides] 

"STFmt"="h:mm:ss tt" 

"S2359"="PM" 

"S1159"="AM" 

"STime"=":" 

"ITime"=dword:00000001