Jump to content
Tuts 4 You

Looking for LZMA lib


LCF-AT

Recommended Posts

Hi guys,

does anyone have any LZMA lib to decompress such code I can use with MASM?So zlib dosent work with LZMA.

PS: Or if there is no lib then maybe the dll and function name/s I have to use.On my HDD I found just liblzma.dll & liblzma-5.dll with many export functions like lzma_stream_decoder but I am not sure which functions do decompress.So on the LZMA SDK site I didnt found that function etc and its also again in ccp etc you know.Maybe you can help again a little. :)

Thanks

Link to comment

Hi again,

thanks for the infos but I cant download from that site kao.So what details you need to know?Just wanna decompress that format from buffer to next buffer only.

So how to use this lzma1700 Scotch?I find no lib or dll inside.

greetz

 

Link to comment

Works just fine here. Attached the file for your convenience.

There are several ways how LZMA headers are stored and sometimes there are no headers at all. Obviously, decompressor.must be adjusted for that. If you're going to decompress huge files, you might run out of memory with the simple approach which requires buffers for entire compressed and decompressed data. When decompressing live-streamed data, you don't know decompressed size in advance, so you must decompress it block-by-block. And many more details...

LZMA.zip

  • Like 1
Link to comment

I compiled the lzmalib project using visual studio 2017 (from the zip that Scotch attached to his post) to a static .lib file and created a basic .inc file as well

Note: I haven't tested anything, so might require some playing around with and/or adding some stuff to the include file (structures, other constants etc)

Also it might not work, or might require recompiling or adjusting some compile/link switches

Think of it as an initial step

LzmaLib.zip

  • Like 1
Link to comment

Hi again,

ok thanks so far.I have test first the files from you fearless but I cant compile my a project and getting first a syntax error from the inc file.Now I just added the LzmaUncompress proto in my project and removed inc file and now its asking for a uuid.lib which I dont have.Maybe you can compile it again + removing the C libs in linker options before you make a lib.

Also tried yours now kao but its not working and I get eax 1 back and nothing was decompressesd.

03070000  5A 57 53 20 7A 31 08 00 86 3F 04 00 5D 00 00 00  ZWS z1.†?.]...
03070010  01 00 37 FF FD E9 E3 EA 7D 72 1C F0 F4 9E 69 47  .7ÿýéãê}rðôžiG
03070020  3E B4 30 61 36 4E 4D A7 ED 4F C4 81 A5 62 2A 45  >´0a6NM§íOÄ¥b*E


$ ==>    >2053575A
$+4      >0008317A  <-- uncompressed size in header
$+8      >00043F86
$+C      >0000005D

The compressed file itself has a size of 43F97h

           
           invoke LoadLibrary,chr$("LZMA.DLL")
           mov edi,eax
           invoke GetProcAddress,edi,chr$("LzmaDec")
           mov esi,eax
           nop
           push SOURCELEN  ; 00043F97h
           push SOURCE     ; 01B90000h compressed file start VA
           push DESTLEN    ; 0021FCB8h enough buffer space
           push DEST       ; 03D10000h buffer to decompress into
           call esi        ; LzmaDec

So whats wrong now?

greetz

Link to comment

comma seperating :DWORD in the inc file probably was the error

I compiled another version that should also have included the uuid.lib - it still referenced it anyhow so something requires it probably, even with NODEFAULTLIB it still showed up - unless some of my settings are incorrect, which is also a possibility.

LzmaLib.zip

  • Like 1
Link to comment

Hi fearless,

so its still not working also with comma fix (sorry I didnt seen that in your inc file) and I get same lib error as before with uuid.lib. :( So can I not disable this in linker options or so?Also your new lib is over 7 MB large.Ok listen,just post the dll (not packet) itself then I can use dll 2 lib tool where I can zero the linker options (-defaultlib:LIBC -defaultlib:OLDNAMES ) before bulding a lib.In the past the libs I made was working for me in WinASM without to get any extra error of missing xy libs etc you know.One more question about that LzmaUncompress function.So what are the last 2 parameter mean?

lpdwDest,lpdwDestLen,lpdwSrc,dwSrcLen,lpdwOutProps,lpdwOutPropsLen

lpdwOutProps
lpdwOutPropsLen

Are this just a buffer for a error messages or something?

greetz

Link to comment

1) ZWS is flash header signature and has nothing to do with LZMA. LZMA-compressed data start much later in file. SWF file specification to the rescue.

2) If I remember it right, it was pointer to destination size, not the size itself. Really, check the au3 file for documentatation.

Link to comment

Hi,

so in SWF ID it also does show LZMA as compression.So what should it be then?I can decompress flash CWS (+8 for header) with zlib so thats working and now I am looking for anything to decompress that LZMA too as SWF ID also does.Zlib dosent decompress that ZWS / LZMA.

greetz

Link to comment

Hi Techlord,

I check this too but dosent know what to do with that asm files.So I found some infos here...

https://gponster.blogspot.com/2015/03/lzma-compressed-swf-file-vs-7z-lzma-file.html

def unzip(inData):
    if inData[0] == 'C':
        # zlib SWF
        debug('zlib compressed swf detected.')
        decompressData = zlib.decompress(inData[8:])
------------------------------------------------------
    elif inData[0] == 'Z':
        # lzma SWF
        debug('lzma compressed swf detected.')               
        decompressData = pylzma.decompress(inData[12:])
-------------------------------------------------------
    elif inData[0] == 'F':
        # uncompressed SWF
        debug('Uncompressed swf detected.')
        decompressData = inData[8:]
    else:
        #exit('not a SWF file')
        decompressData = []
        return decompressData

...so what I need now for that pylzma?How to decompress it with what.The LZMA from kao didnt work also not if I start / set pointer to byte 12.So for the CWS I use zlib function uncompress starting from byte 8 and it works but this ZWS I dont get it.

greetz

Link to comment
1 hour ago, LCF-AT said:

I check this too but dosent know what to do with that asm files

There is a "DOC" folder in that archive with detailed instructions and notes :)

 

1 hour ago, LCF-AT said:

so what I need now for that pylzma?How to decompress it with what

Ok, coming to the Python code that you pasted .. Pylzma is just Python bindings for the LZMA library Do you need explanation of thestatements or anything like that :o - I do not understand the question ...

The python  script will compress any uncompressed or zlib-compressed Flash 11 (SWF version 13 or higher) SWF with LZMA (of course you only posted a part of the script) ...

Do you want details of how to run that script ? Please be more specific ...

You basically need to convert the SWF in the LZMA format in to teh 7z LZMA format first by editing the header and then proceed from there : (This is from the Adobe SIte from this page) :

 

Quote

 

Issue

When you decompress an LZMA-compressed SWF file using the ByteArray.uncompress method, an exception is thrown.

Solution

The LZMA header format Flash authoring uses does not match the header 7z format uses. You can convert the SWF file in the LZMA format into the 7z LZMA format by updating the header.

SWF file LZMA header

bytes 0-3: ZWS+version bytes 4-7: Uncompressed length (includes ZWS+version (4 bytes) and uncompressed length (4 bytes)) bytes 8-11: Compressed length bytes 12-16: LZMAproperties bytes 17-n: Compressed data

7z LZMA header

bytes 0-4: LZMA properties bytes 5-12: Uncompressed length (take the swf lzma length - 8 (don't include ZWS+version + uncompressed length)) bytes 13-n: Compressed data


 

 

Why don't you just post a tiny SWF example that you're having trouble decrypting, and maybe we all can work on it and see the library etc that works correctly with it ?

Greetz :)

  • Like 1
Link to comment

Hi again,

so I dont  wanna use that script or something,just wanna know what I have to use to decompress that SWF LZMA (ZWS).Zlib dosent work and also not the LzmaDec function postet by kao.Ok below a example of a compressed file you can check and which I wanna decompress with any xy function later.

Player.rar

greetz

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...