现在的位置: 首页Windows7>正文
Winsxs结构探究之二——组件安装文件Manifest
2011年10月10日 Windows7 暂无评论

话说上次大概的把主要组件和manifest的对应关系写了一下,现在就来看看每个组件包的manifest文件的作用。

话说大家精简的时候,用vlite的时候都会提示不可逆删除的吧,其实这个删除过程是可逆的。只要你按照我上一篇提到的方法,正确地找到对应的组件包manifest,恢复组件其实是很简单的一件事。

好吧,直接举例子吧,这次举什么例子呢,无聊一点就举一下磁盘配额组件,manifest文件名是amd64_microsoft-windows-dskquota_31bf3856ad364e35_6.1.7600.16385_none_da0863a5ce0e335f.manifest,好的,先列出文件内容:

<?xml version="1.0" encoding="UTF-8"?>

<assembly xmlns="urn:schemas-microsoft-com:asm.v3" manifestVersion="1.0" copyright="Copyright (c) Microsoft Corporation. All Rights Reserved.">

  <assemblyIdentity name="Microsoft-Windows-dskquota" version="6.1.7600.16385" processorArchitecture="amd64" language="neutral" buildType="release" publicKeyToken="31bf3856ad364e35" versionScope="nonSxS" />

  <dependency discoverable="no" resourceType="Resources">

    <dependentAssembly>

      <assemblyIdentity name="Microsoft-Windows-dskquota.Resources" version="6.1.7600.16385" processorArchitecture="amd64" language="*" buildType="release" publicKeyToken="31bf3856ad364e35" />

    </dependentAssembly>

  </dependency>

  <file name="dskquota.dll" destinationPath="$(runtime.system32)" sourceName="dskquota.dll" sourcePath="." importPath="$(build.nttree)">

    <securityDescriptor name="WRP_FILE_DEFAULT_SDDL" />

    <asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2">

      <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">

        <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" />

      </dsig:Transforms>

      <dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" />

      <dsig:DigestValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">Tw9m4u7tLWJ2J5ecwyrn5ScJXppTVZ7pZ8yNBGAlVX0=</dsig:DigestValue>

    </asmv2:hash>

  </file>

  <registryKeys>

    <registryKey keyName="HKEY_CLASSES_ROOTCLSID{7988B571-EC89-11cf-9C00-00AA00A14F56}" owner="false">

      <registryValue name="" valueType="REG_SZ" value="Microsoft Disk Quota" operationHint="replace" owner="true" />

      <securityDescriptor name="WRP_KEY_DEFAULT_SDDL" />

    </registryKey>

    <registryKey keyName="HKEY_CLASSES_ROOTCLSID{7988B571-EC89-11cf-9C00-00AA00A14F56}InProcServer32" owner="false">

      <registryValue name="" valueType="REG_EXPAND_SZ" value="%SystemRoot%System32dskquota.dll" operationHint="replace" owner="true" />

      <registryValue name="ThreadingModel" valueType="REG_SZ" value="Both" operationHint="replace" owner="true" />

    </registryKey>

    <registryKey keyName="HKEY_CLASSES_ROOTCLSID{7988B571-EC89-11cf-9C00-00AA00A14F56}ProgID" owner="false">

      <registryValue name="" valueType="REG_SZ" value="Microsoft.DiskQuota.1" operationHint="replace" owner="true" />

    </registryKey>

    <registryKey keyName="HKEY_CLASSES_ROOTCLSID{7988B571-EC89-11cf-9C00-00AA00A14F56}VersionIndependentProgID" owner="false">

      <registryValue name="" valueType="REG_SZ" value="Microsoft.DiskQuota" operationHint="replace" owner="true" />

    </registryKey>

    <registryKey keyName="HKEY_CLASSES_ROOTCLSID{7988B571-EC89-11cf-9C00-00AA00A14F56}TypeLib" owner="false">

      <registryValue name="" valueType="REG_SZ" value="{7988B57C-EC89-11cf-9C00-00AA00A14F56}" operationHint="replace" owner="true" />

    </registryKey>

    <registryKey keyName="HKEY_CLASSES_ROOTCLSID{7988B571-EC89-11cf-9C00-00AA00A14F56}Version" owner="false">

      <registryValue name="" valueType="REG_SZ" value="1.0" operationHint="replace" owner="true" />

    </registryKey>

    <registryKey keyName="HKEY_CLASSES_ROOTCLSID{7988B571-EC89-11cf-9C00-00AA00A14F56}Programmable" owner="false" />

    <registryKey keyName="HKEY_CLASSES_ROOTMicrosoft.DiskQuota.1" owner="false">

      <registryValue name="" valueType="REG_SZ" value="Microsoft Disk Quota" operationHint="replace" owner="true" />

    </registryKey>

    <registryKey keyName="HKEY_CLASSES_ROOTMicrosoft.DiskQuota.1CLSID" owner="false">

      <registryValue name="" valueType="REG_SZ" value="{7988B571-EC89-11cf-9C00-00AA00A14F56}" operationHint="replace" owner="true" />

      <securityDescriptor name="WRP_KEY_DEFAULT_SDDL" />

    </registryKey>

    <registryKey keyName="HKEY_CLASSES_ROOTMicrosoft.DiskQuota" owner="false">

      <registryValue name="" valueType="REG_SZ" value="Microsoft Disk Quota" operationHint="replace" owner="true" />

    </registryKey>

    <registryKey keyName="HKEY_CLASSES_ROOTMicrosoft.DiskQuotaCLSID" owner="false">

      <registryValue name="" valueType="REG_SZ" value="{7988B571-EC89-11cf-9C00-00AA00A14F56}" operationHint="replace" owner="true" />

      <securityDescriptor name="WRP_KEY_DEFAULT_SDDL" />

    </registryKey>

    <registryKey keyName="HKEY_CLASSES_ROOTMicrosoft.DiskQuotaCurVer" owner="false">

      <registryValue name="" valueType="REG_SZ" value="Microsoft.DiskQuota.1" operationHint="replace" owner="true" />

    </registryKey>

    <registryKey keyName="HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{3610eda5-77ef-11d2-8dc5-00c04fa31a66}" owner="false">

      <registryValue name="" valueType="REG_SZ" value="Microsoft Disk Quota" operationHint="replace" owner="true" />

      <registryValue name="DisplayName" valueType="REG_EXPAND_SZ" value="@%SystemRoot%System32dskquota.dll,-100" operationHint="replace" owner="true" />

      <registryValue name="NoMachinePolicy" valueType="REG_DWORD" value="0x00000000" operationHint="replace" owner="true" />

      <registryValue name="NoUserPolicy" valueType="REG_DWORD" value="0x00000001" operationHint="replace" owner="true" />

      <registryValue name="NoSlowLink" valueType="REG_DWORD" value="0x00000001" operationHint="replace" owner="true" />

      <registryValue name="NoBackgroundPolicy" valueType="REG_DWORD" value="0x00000001" operationHint="replace" owner="true" />

      <registryValue name="NoGPOListChanges" valueType="REG_DWORD" value="0x00000001" operationHint="replace" owner="true" />

      <registryValue name="PerUserLocalSettings" valueType="REG_DWORD" value="0x00000000" operationHint="replace" owner="true" />

      <registryValue name="RequiresSuccessfulRegistry" valueType="REG_DWORD" value="0x00000001" operationHint="replace" owner="true" />

      <registryValue name="EnableAsynchronousProcessing" valueType="REG_DWORD" value="0x00000000" operationHint="replace" owner="true" />

      <registryValue name="DllName" valueType="REG_EXPAND_SZ" value="%SystemRoot%System32dskquota.dll" operationHint="replace" owner="true" />

      <registryValue name="ProcessGroupPolicy" valueType="REG_SZ" value="ProcessGroupPolicy" operationHint="replace" owner="true" />

    </registryKey>

    <registryKey keyName="HKEY_LOCAL_MACHINESystemCurrentControlSetServicesEventLogApplicationDiskQuota" owner="false">

      <registryValue name="EventMessageFile" valueType="REG_EXPAND_SZ" value="%SystemRoot%System32dskquota.dll" operationHint="replace" owner="true" />

      <registryValue name="TypesSupported" valueType="REG_SZ" value="0x00000007" operationHint="replace" owner="true" />

    </registryKey>

    <registryKey keyName="HKEY_CLASSES_ROOTTypeLib{7988B57C-EC89-11cf-9C00-00AA00A14F56}" owner="false">

      <securityDescriptor name="WRP_KEY_DEFAULT_SDDL" />

    </registryKey>

    <registryKey keyName="HKEY_CLASSES_ROOTTypeLib{7988B57C-EC89-11cf-9C00-00AA00A14F56}1.0" owner="false">

      <registryValue name="" valueType="REG_SZ" value="Microsoft Disk Quota 1.0" operationHint="replace" owner="true" />

    </registryKey>

    <registryKey keyName="HKEY_CLASSES_ROOTTypeLib{7988B57C-EC89-11cf-9C00-00AA00A14F56}1.0" owner="false" />

    <registryKey keyName="HKEY_CLASSES_ROOTTypeLib{7988B57C-EC89-11cf-9C00-00AA00A14F56}1.0win32" owner="false">

      <registryValue name="" valueType="REG_EXPAND_SZ" value="%SystemRoot%System32dskquota.dll" operationHint="replace" owner="true" />

    </registryKey>

  </registryKeys>

  <trustInfo>

    <security>

      <accessControl>

        <securityDescriptorDefinitions>

          <securityDescriptorDefinition name="WRP_FILE_DEFAULT_SDDL" sddl="O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:P(A;;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;GRGX;;;BA)(A;;GRGX;;;SY)(A;;GRGX;;;BU)S:(AU;FASA;0x000D0116;;;WD)" operationHint="replace" description="Default SDDL for Windows Resource Protected file" />

          <securityDescriptorDefinition name="WRP_KEY_DEFAULT_SDDL" sddl="O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:P(A;CI;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CI;GR;;;SY)(A;CI;GR;;;BA)(A;CI;GR;;;BU)" operationHint="replace" />

        </securityDescriptorDefinitions>

      </accessControl>

    </security>

  </trustInfo>

  <localization>

    <resources culture="en-US">

      <stringTable>

        <string id="description" value="Manifest for dskquota.dll" />

        <string id="displayName" value="dskquota.dll" />

      </stringTable>

    </resources>

  </localization>

</assembly>

还是可爱的xml结构哦<assemblyIdentity />定义了组件名、版本、语言、架构、公用密钥,而<dependentAssembly></dependentAssembly>之间定义了所依赖的组件包,在这里是Microsoft-Windows-dskquota.Resources,在manifest文件夹里也可以找到相应的文件,里面定义的是mui文件路径,这里就不多说,看完这篇文章自然会懂resources文件夹如何处理。

<file>和</file>之间,大家可以看到name属性,当然就是winsxs对应文件夹里的文件名了,destinationPath="$(runtime.system32)"这里定义的是目标文件夹,system32,自然就是system32了,不同的文件会有不同的目标文件夹,譬如$(runtime.system32)driver之类,这个大家自己看;sourceName="dskquota.dll" sourcePath="."这个是winsxs对应文件夹的相对文件路径,importPath="$(build.nttree)"这个不需要多担心,是nt文件树的定义。<asmv2:hash></asmv2:hash>之间定义的是哈希值,文件校验用,在安装时会有校验。下面就是万恶的<registryKeys>键,顾名思义是定义的注册表registryKey keyName,registryValue name不用我说就是键名和值名,valueType和value当然就是值类型和值了,后面跟着的operationHint和owner自然是指的是安装方式,一般以replace即覆盖为主。<securityDescriptorDefinitions>这里是文件安全WRP组件所用的描述值,一般在精简中不用理会。<stringTable>定义了一些字符串,用来描述文件和组件用的,这个也不用理会。

这样,一个组件的复制文件和注册表,就可以从manifest获知,当然恢复组件或者删除组件也不是什么难事了,其实只需要稍稍写一个程序就可以了。

好吧,头疼了,就写到这里。

本文地址:http://yuri-x.com/2011/10/winsxs_manifest/转载请注明

给我留言

留言无头像?


×
腾讯微博