Detect-It-Easy/db/PE/Nullsoft Scriptable Install System.1.sg

// DIE's signature file

init("installer","Nullsoft Scriptable Install System");

function detect(bShowType,bShowVersion,bShowOptions)
{
    var nOffset=PE.getOverlayOffset();
    if(!PE.compareOverlay("EFBEADDE'Null'..'oftInst'",4))
    {
        if(!PE.section[".ndata"])
        {
            return "";
        }
        if(PE.isOverlayPresent())
        {
            nOffset+=PE.readDword(nOffset);
            if(nOffset+4>=PE.getSize()
             ||!PE.compare("EFBEADDE'Null'..'oftInst'",nOffset+4))
            {
                nOffset=0;
            }
        }
    }
    if(nOffset)
    {
        // Method detection adapted from 7-Zip.
        nOffset+=0x1C;
        if(PE.compare("5D0000..00",nOffset))
        {
            sOptions=sOptions.append("lzma","solid");
        }
        else if(PE.compare("5D0000....00",nOffset+4))
        {
            sOptions=sOptions.append("lzma");
        }
        else
        {
            function BorZ(nOffset)
            {
                if(PE.readByte(nOffset)==0x31&&PE.readByte(nOffset+1)<14)
                {
                    return "bzip2";
                }
                else
                {
                    return "zlib";
                }
            }
            if(PE.compare("8",nOffset+3))
            {
                sOptions=sOptions.append(BorZ(nOffset+4));
            }
            else
            {
                sOptions=sOptions.append(BorZ(nOffset),"solid");
            }
        }
        bDetected=1;
    }
       
    var aVersion=PE.getManifest().match(/Null[sS]oft Install System v?(.*?)</);
    if(aVersion)
    {
        sVersion=aVersion[1];
        bDetected=1;
    }
    else if(PE.compareEP("558BEC83EC2C535633F657568975DC8975F4BBA49E4000FF1560704000BFC0B24000"))
    {
        sVersion="1.xx";
        bDetected=1;
    }
    else if(PE.compareEP("558BEC81EC....000056576A..BE........598DBD"))
    {
        sVersion="1.3x";
        bDetected=1;
    }
    else if(PE.compareEP("83EC5C53555657FF15"))
    {
        sVersion="1.x";
        bDetected=1;
    }
    else if(PE.compareEP("83EC0C535657FF15....40000"))
    {
        switch(PE.readWord(PE.nEP+8))
        {
        case 0x812C: sVersion="1.98";  break;
        case 0x10B4: sVersion="2.0a0"; break;
        default:     sVersion="1.xx";
        }
        bDetected=1;
    }
    else if(PE.compareEP("83EC0C53555657FF15..7040008B35..92400005E803000089442414B320FF152C704000"))
    {
        sVersion="2.0b2/2.0b3";
        bDetected=1;
    }
    else if(PE.compareEP("83EC14836424040053555657C644241320FF1530704000BE00207A00"))
    {
        sVersion="2.0b4";
        bDetected=1;
    }
    else if(PE.compareEP("83EC1053555657C7442414....400033EDC644241320FF152C704000"))
    {
        switch(PE.readWord(PE.nEP+11))
        {
        case 0x91F0: sVersion="2.0b4";   break;
        case 0x9270: sVersion="2.0 RC2"; break;
        }
        bDetected=1;
    }
    else if(PE.compareEP("83EC0C53555657C7442410........33DBC644241420FF15........53FF15"))
    {
        sVersion="2.0";
        bDetected=1;
    }
    else if(PE.compareEP("83EC2053555633DB57895C2418C7442410........C644241420FF15"))
    {
        sVersion="2.06";
        bDetected=1;
    }

    return result(bShowType,bShowVersion,bShowOptions);
}