Detect-It-Easy/db/PE/InstallShield.1.sg

// DIE's signature file

init("installer","InstallShield");

function detect(bShowType,bShowVersion,bShowOptions)
{
    if(PE.getVersionStringInfo("ProductName").substr(0,13)=="InstallShield")
    {
        sVersion=PE.getVersionStringInfo("FileVersion").replace(/, /g,".").trim();
        bDetected=1;
    }
    else if(PE.compareEP("558BEC83EC4456FF15........8BF085F675086AFFFF15........8A06578B3D"))
    {
        bDetected=1;
    }
    else if(/InstallShield/.test(PE.getManifest()))
    {
        bDetected=1;
    }
    else if(PE.isOverlayPresent()&&
            (searchSection(".rsrc",0x10000)||searchSection(".data",0x1000)))
    {
        bDetected=1;
    }
    else if(PE.compareEP("558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15........33d2"))
    {
        if (PE.findSignature(PE.getOverlayOffset(),PE.getOverlaySize(),"'ISc('")!=-1)
        {
            sVersion="19.x";
            bDetected=1;
        }
    }    
    else if(PE.compareEP("e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774..85c374..f7"))
    {
        if (PE.findSignature(PE.getOverlayOffset(),PE.getOverlaySize(),"'ISSetupStream'")!=-1)
        {
            sVersion="18.x";
            bDetected=1;
        }
    }    

    return result(bShowType,bShowVersion,bShowOptions);
}

function searchSection(sSection,nLimit)
{
    if(PE.section[sSection])
    {
        var nOffset=PE.section[sSection].FileOffset;
        var nSize=PE.section[sSection].FileSize;
        if(PE.findString(nOffset,Math.min(nLimit,nSize),"InstallShield")!=-1)
        {
            return 1;
        }
    }

    return 0;
}