powershell - 从MSI提取二进制数据

Question

我正在尝试使用Powershell从MSI文件中提取二进制数据。
我可以获取其他任何数据，但似乎无法提取二进制信息。

$Query = "SELECT Data FROM Binary WHERE Name = 'bannrbmp'"
$View = $Database.GetType().InvokeMember("OpenView", "InvokeMethod", $null, $Database, ($Query))
$View.GetType().InvokeMember("Execute", "InvokeMethod", $null, $View, $null)
$Record = $View.GetType().InvokeMember("Fetch", "InvokeMethod", $null, $View, $null)

$BinaryData = $Record.GetType().InvokeMember("StringData", "GetProperty", $null, $Record, 1)

它在最后一行中断，这使我相信“​​ StringData”存在问题，但我可能偏离目标。这是在Orca中打开表格时的外观。


如下提取文本数据时，此代码将成功完成。

$Query = "SELECT Component FROM FeatureComponents WHERE Feature = 'OrcaHelp'"
$View = $Database.GetType().InvokeMember("OpenView", "InvokeMethod", $null, $Database, ($Query))
$View.GetType().InvokeMember("Execute", "InvokeMethod", $null, $View, $null)
$Record = $View.GetType().InvokeMember("Fetch", "InvokeMethod", $null, $View, $null)

$Data = $Record.GetType().InvokeMember("StringData", "GetProperty", $null, $Record, 1)

我似乎无法在网上找到任何东西，如果有人能够提供帮助，将不胜感激。

Answer 1

这是一个C++代码片段，它提取二进制文件并将其写入磁盘。您可以使用它，或者至少看到流和读取的流。这些是所有脚本语言最终都会调用的基本Win32 API调用，不需要互操作。它需要一些stdio.h，windows.h，msiquery.h以及打包在程序或Dll中的调用-我不知道您的C++舒适度。即使我最近没有测试过，也应该可以。

PMSIHANDLE hDatabase;
PMSIHANDLE hBinaryView;
PMSIHANDLE hBinaryRecord;

//Get the handle to the active database. we need this to do view manipulation
UINT nr = MsiOpenDatabase ("some.msi", MSIDBOPEN_READONLY, &hDatabase);

//Get a view of the binary table based on the SQL Query
char sQuery []  = {"SELECT * FROM Binary WHERE Name='somebinary'"}; // Binary

nr = MsiDatabaseOpenView(hDatabase, sQuery, &hBinaryView);
if (nr!= ERROR_SUCCESS)
   return 1;

//MsiViewExecute Needs to to be called for MsiFetchView.
//We pass it null because the query above is as granular as we can get
//so we do not need to take it further by specifying an additional value.
nr = MsiViewExecute(hBinaryView, NULL);  
if (nr == ERROR_SUCCESS)
    //Fetch the view into a record.  We do this because we can only do
    //streams out of a record and not out of the view.
    nr = MsiViewFetch(hBinaryView, &hBinaryRecord);

//Make sure that the entry was found in the table
if (nr == ERROR_SUCCESS)
{

    //Build the path to write the file to
    TCHAR FileName [MAX_PATH] = {"somefile.ext"}; 
    char bStream [4096] = {0};
    BOOL bOkay=TRUE;

    HANDLE hFile = CreateFile(FileName, GENERIC_WRITE, 0, 0, 
                        CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
    if (hFile == INVALID_HANDLE_VALUE)
        nr = -1;
    else
    {
        long nTotal = 0;            
        long nattr = 0;
        DWORD nWritten, nBuffer;
        do
        {   // Read the stream into a buffer, 1023 bytes at a time
            nBuffer=1023;
            nr = MsiRecordReadStream(hBinaryRecord, 2, bStream, &nBuffer); // Binary & cab are 2
            if ((ERROR_SUCCESS == nr) && (nBuffer > 0))
            {
                //Write the buffer to a file. 
                nr = WriteFile(hFile, bStream, nBuffer, &nWritten, NULL);

                if (nr != 0)// 0 is bad
                    nTotal = nTotal + nBuffer; // debug only
                else
                    bOkay = FALSE;
            }
            else
            if (nr != ERROR_SUCCESS)
                bOkay = FALSE;
        } // record record stream
        while (bOkay == TRUE && (nBuffer > 0));

        // done copying file
        CloseHandle(hFile);
        }// create file

    // we only needed one row, so close the view
    MsiViewClose(hBinaryView);

    // done with query
    MsiCloseHandle(hBinaryRecord);
}

// done with binary table
MsiCloseHandle(hBinaryView);
// done with MSI database
MsiCloseHandle(hDatabase);