-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DELTA_HEADER_INFO Flags offset #6
Comments
While TargetSize seems valid, HashAlgId is CALG_MD5 and the hash value are also looks valid. Combination of Flags looks invalid. PA30 format is officially undocumented by MS. MsDelta API is very poorly documented and it is a quest to find info about it on their own website. As source of further RE you can try msdelta.dll (with symbols), unfortunately this stuff is written in modern crapware C++ which will complicate process. I may update this tool to include more diagnostic messages, however do not expect any breaking changes, this tool was always just a side work result not something I'm interested in. edit: DELTA_FLAG_IGNORE_FILE_SIZE_LIMIT | DELTA_FLAG_IGNORE_OPTIONS_SIZE_LIMIT | 0x02000000 | 0x08000000 meaning of 0x02000000 and 0x08000000 are unknown, at least they are not in my SDK files. |
Thanks driver.stl is the only file in the entire update with that unusual flag, so i'm keen to think it's malformed file |
It turns out this is not a bug but Windows 11 update improvements. Internal Windows update now seems using new version of MsDelta API that is not documented and handling files like in issue starter post. These unknown flags combinations above seems indicate this new API usage. Since this update component is an internal part of update stack it seems it only present in system during update process. The core library that does the stuff named "UpdateCompression.dll" and it is a new version of MsDelta.dll with only support to in-memory operations compared to Windows built-in MsDelta.dll that can also work directly with files. I'll update SXSEXP to be able to use any suitable MsDelta API dll - just drop dll to the same folder as compiled exe and rename it to msdelta.dll. While they all export same core functions and their prototypes are not changed - it should work. |
UpdateCompression.dll SHA1 4640d741276d4cd7a4353147617b3fe42b2adb94 |
Thanks :) |
Just download the latest file from here: arch=x86 for sxsexp32.exe, arch=x64 for sxsexp64.exe |
For PA30 delta file, which offset the DELTA_HEADER_INFO Flags is located?
there is this file which has unusual Flags value, and it fail to expand
i'm trying to modify the Flags to see if the file is originally incorrect, or the file format is changed/undocumented
the original file is plain PA30 file from Win10 CU Windows10.0-KB5028166-x64-baseless
https://uupdump.net/findfiles.php?id=49c101a1-1044-43d6-83ee-c8baebfa69a1&q=Windows%20KB
file.zip
The text was updated successfully, but these errors were encountered: