« The mystic variable “$I” during for each
Debugging Tools for Windows is now part of the WDK »

The Shim Database

The Shim database is a mystic area inside windows… For example it will display an UAC (admin) prompt if your application-name contains the word “*instal*”.
You can display all available shims with the Application Compatibility Administrator by using the /x command line switch.
Also there is a tool from Heath Steward which dumps the database into an XML file.
Of course, he failed to prvide the source-code of his sample project.
Also, Alex Ionescu wrote a small dump tool, but also has never published it…

So I decided to dig into this almost not documented world and write a small Shim-Dumper and Exe-matching tool (whitch source code ;) ).

Shim Database Tool (sdb) v1.0
Copyright (C) 2010 Jochen Kalmbach

Usage:  sdb.exe [-noids] [-match] [PathToShimDatabse] [PathToFileName]
 -noids  Will prevent the output of the TagIds
 -match  Will match the provided file with the installed databases
         and displays the activated shims
         In this case 'PathToFileName' is required

NOTE: If no shim database path is provided,
      the default database will be used.

You can use it either for dumping the shimdatabase like:

sdb.exe >ShimDatabase.xml

This will redirect the output to an xml-file and will look something like:

  <EXE typ="LIST">
   <NAME typ="STRINGREF">setup32.exe</NAME>
   <APP_NAME typ="STRINGREF">WordPerfect Office 2000</APP_NAME>
   <VENDOR typ="STRINGREF">Corel</VENDOR>
   <EXE_ID typ="BINARY" len="0x10" guid="BC47CDF2-14B4-3040-B4E7B72C01DF2482" />
   <APP_ID typ="BINARY" len="0x10" guid="0FB56022-BF5C-7445-A5CCA93B5C443E6A" />
   <MATCH_MODE typ="WORD" />
   <MATCHING_FILE typ="LIST">
    <NAME typ="STRINGREF">*</NAME>
    <COMPANY_NAME typ="STRINGREF">Corel Corporation</COMPANY_NAME>
    <PRODUCT_NAME typ="STRINGREF">Corel Setup Wizard</PRODUCT_NAME>
   </MATCHING_FILE>
   <MATCHING_FILE typ="LIST">
    <NAME typ="STRINGREF">programs\wpwin9.exe</NAME>
    <COMPANY_NAME typ="STRINGREF">Corel Corporation Limited</COMPANY_NAME>
    <PRODUCT_NAME typ="STRINGREF">WordPerfect&#174; 9</PRODUCT_NAME>
   </MATCHING_FILE>
   <MATCHING_FILE typ="LIST">
    <NAME typ="STRINGREF">appman\tools\cset90.exe</NAME>
   </MATCHING_FILE>
   <SHIM_REF typ="LIST">
    <NAME typ="STRINGREF">WinXPSP1VersionLie</NAME>
    <SHIM_TAGID typ="DWORD">0x284e0</SHIM_TAGID>
    <INEXCLUDE typ="LIST">
     <INCLUDE typ="NULL" />
     <MODULE typ="STRINGREF">$</MODULE>
    </INEXCLUDE>
    <INEXCLUDE typ="LIST">
     <MODULE typ="STRINGREF">*</MODULE>
    </INEXCLUDE>
   </SHIM_REF>
  </EXE>

(be aware: the current Win7 database is about 17 MB!)

You also can use this tool to find out, if an application has a shim applied:

C:>sdb -match MyInstaller.exe
Shim found for file: MyInstaller.exe
Flags: 0x0:
Exe-Shim: 0x35472, Flags: 0x0:
Layer-Flags: 0x0:
Shim-Database: 11111111-1111-1111-1111111111111111

Currently it just displays the TagId of the Shim. You can use this to search the xml-file for the corresponding id.

Have fun, using this tool ;)

The project (VS2008) can be found here:
http://blog.kalmbachnet.de/files/sdb_v1.zip
It will compile for x86 and x64.

This entry was posted on Monday, February 22nd, 2010 at 10:58 and is filed under WinAPI. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “The Shim Database”

  1. Jochen Kalmbach’s Blog » Blog Archive » Die Shim Datenbank Says:
    February 22nd, 2010 at 11:03

    […] Wenn jemand mal interesse an den Tiefen der Shim-Datenbank hat, der kann gerne auf mein Projekt verweisen, welches ich in meinem englischen Blog gepostet habe: The Shim Database […]

Leave a Reply