Hi Friedrich,

I have a 250MB bin file and a 3MB exe file(UAC-aware setup). A Full
integrity check takes too much time.

Is it possible to implement a "weak" integrity check.

For example:
When SB compiles the setup, it could generate a random 32 byte number.
This number could be stored in the exe and at the end of the bin file.
When the bin file is complete, the compiler could also put the
information about the length of the bin file in the setup.exe.

When the setup starts, it can verify, that the bin file has the correct
length and the correct 32 byte number at the end.

This would detect the most cases for corrupted bin-files: interrupted
downloads.

Or is there a possibility, to do this via script?

Markus

Hi Markus,

>
> Or is there a possibility, to do this via script?
>

First of all, two problems:

1. The .exe is created first and after that the .bin is compiled. So you
can't add the CRC32 of the .bin to the .exe because it is "unknown" at .exe
generation time ("hen-and-egg" problem).

2. Okay, so in theory, two compiles would be able to solve this problem.
Compile the .exe and .bin, then calculate the CRC32 of the .bin, add it to
the .exe, then recompile. But this is only in theory. The next problem is
that the binary contents of the .bin changes for each and every compile.
Why? Because the .bin stores the Created/Modified/Access time for all
included files. And the "Access" time of files changes on a regular basis
(e.g. a simple compile opens the file to read and compress it -- this file
"access" already changes the "Access" information so when you do the
recompile, the CRC32 of the .bin changes).

But the following method should work. The demo project creates an .exe, a
..bin, and an additional filehash.ini. The compiler automatically calculates
the CRC32 of the .bin and writes it into a filehash.ini
(generate_crc32_ini.exe is called after the compile; source code included).
The installer .exe reads the CRC32 value at runtime from the INI and only if
the original and calculated values match then the install continues. The
only "drawback" is that you have to ship an additional filehash.ini file.

http://www.lindersoft.com/projects/filehash.zip

Unzip the above into a folder and open and compile test_bin.sb7.

BTW, we developed a test and it checked a 278 MB .bin file in 2.5 seconds
here.

Does this help?

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder is Windows 7 installation -- "point. click. ship"

-- Official Comodo Code Signing and SSL Certificate Partner

Hi Friedrich,

thanks for your suggestions. I don't want a third file, but you gave me
a new idea:

To bundle .exe and .bin:
1.) Generate a file with a random number.
2.) Include this file as support file and as install file too.
3.) compare this files at setup runtime.

==> possible via script, but it would be nice, if SB would handle this



To check bin-integrity without reading 278MB over slow network:
1.) After compilation:
1.1) Read bin file size as 64 Bit integer (8 Bytes)
1.2) build CRC32 Checksum about the first and the last 1024 bytes of the
bin file ( 4 Bytes)
1.3) Append this 12 Bytes to the bin file
2.) At Setup runtime:
2.1) Read bin file size as 64 Bit integer and compare with saved size
(diff = 12 Bytes)
2.2) build checksum as in 1.2 and compare with saved checksum

==> possible via my own dll, but it would be nice, if SB would handle this

QUESTION: Can SB run into problems because of the 12 additional bytes?

Thanks
Markus

Markus,

>
> QUESTION: Can SB run into problems because of the 12 additional bytes?
>

I think the additional 12 bytes at the end of the .bin file should not cause
a problem.

Friedrich

Hi Friedrich,

to ensure the integrity of the exe and bin file, I have the following idea:

a) For the exe integrity, I use the existing "Enable Installer Integrity
Check" feautre.
b) For the integrity of the bin file, the SB compiler could do the
following:

At compile time:
1.) Whe the compile starts, generate a GUID.
2.) Integrate this GUID in the exe
3.) Add this GUID at the beginning of the bin file
4.) After the bin file is written, calculate the checksum
5.) at this checksum add the end of the bin file

At runtime:
1.) After startup, compare the GUID in the exe and in the bin file and
show an error message, if they differ
2.) Calculate the checksum for the bin file (exclude the last few bytes,
which contains the stored checksum) and compare with the stored
checksum. Show an error message, when they differ.

What do you think?

Markus

Hi Markus,

>
> What do you think?
>

We played with it last year and the extra bytes confuse the disk-spanning
algorithm. So adding extra bytes at the beginning or at the end of a .bin
file is not possible.

But it should be possible to come up with a solution (in SB8) to support
such a pre-install integrity check scenario in a 'for UAC-aware systems'
setup type that only has one .bin file. I'll see what we can do.

Friedrich

I like this idea also, Friedrich.

For installations on CD, I do have the burning software verify after
burning. But it would still be nice to make sure the end-user isn't
possibly trying to run a corrupt installer.

Jane

Hi Jane,

> I like this idea also, Friedrich.
>
> For installations on CD, I do have the burning software verify after
> burning. But it would still be nice to make sure the end-user isn't
> possibly trying to run a corrupt installer.

Yes, the more I think about it, the more I like the idea. It should not be
a problem to handle this in two file .exe / .bin setup type.

Friedrich

Hi Friedrich,

I've had again a defect bin file (corrupt download). What about this
feature?

Thanks.

Markus

Hi Markus,

> I've had again a defect bin file (corrupt download). What about this
> feature?

This is a SetupBuilder 8.0 feature.

Friedrich

Great.

Do you want again to align your SB8 realese with Windows8? Or can we
expect SB8 earlier?

Markus

Hi Markus,

> Great.
>
> Do you want again to align your SB8 realese with Windows8? Or can we
> expect SB8 earlier?

We are working hard on SetupBuilder 7.6 right now to introduce support for
Windows 8. Quite a few changes are necessary to support Win8, but we are
nearly there. I think 7.6 will be the last 7 dot release.

But in fact, the version number is just what it is, a number <g>. Beginning
with SetupBuilder 7.3 Build 3228 (February 09, 2011), all changes in
SetupBuilder come directly from the SetupBuilder 8 development.

BTW, we expect "SetupBuilder 9" when "Windows 8" goes gold by the end of
2012.

Friedrich

> Great.
>
> Do you want again to align your SB8 realese with Windows8? Or can we
> expect SB8 earlier?

Update: we will check if it is possible to port that feature back from 8.0
to 7.6. No promise, but we will do our best.

I'll keep you posted.

Friedrich

Thank you.

Markus Zander

Hi Friedrich,

any news about this?

Markus

Hi Markus,

>
> any news about this?
>

Already integrated in internal test builds and is expected to be available
in V7.8.

Friedrich

Hi Friedrich,

where can I find this feature in SB8?

Markus

Markus,

>
> where can I find this feature in SB8?
>

---
IMPROVEMENT: Add "Archive Integrity Checking" technology to the "Custom (for
UAC-aware systems)" Media Type Generator Setting with single
.bin volume.
---

The compiler handles it automatically (if integrity check is enabled and you
generate a single .bin volume).

Friedrich

OK, so I have nothing to do. Fine.

Thank you!

Markus Zander

>
> OK, so I have nothing to do. Fine.
>

Yes, just recompile and you are done.

Friedrich