Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Quick compilation of available freeware MSI packer/unpacker viewer tools
37 views
Skip to first unread message
Arlen Holder
Nov 15, 2020, 6:40:26 PM11/15/20
to
Quick compilation of available freeware MSI packer/unpacker viewer tools.
This new compilation was triggered by thread in the a.c.f newsgroup today:
o Portable Backup Program?
<https://groups.google.com/g/alt.comp.freeware/c/AjBvwWkSwjo>
Mostly based on this post by occam on whether to trust freeware MSI files:
"Beware of some of those. The favourite ('Duplicati' for Windows)
has download file which is marked 'beta' and is an .msi fil.
Do you trust an .msi installer from MS as a 'portable' program?"
<https://groups.google.com/g/alt.comp.freeware/c/AjBvwWkSwjo/m/qmRFS3laBAAJ>
Where this freeware was suggested to ameliorate that problem set:
"lessmsi (formerly known as Less Msierables) is a free utility with
a graphical user interface and a command line interface used for viewing
and extracting the contents of a Windows Installer (.msi) file."
o Less MSIerables, (lessmsi), version 1.6.1.0
Specifically see this post by Shadow which covers lessmsi unpacker:
<https://groups.google.com/g/alt.comp.freeware/c/AjBvwWkSwjo/m/qqbWWCdrBAAJ>
Which, eventually, referenced this set of URLs:
<https://sourceforge.net/projects/lessmsi.mirror/>
<https://sourceforge.net/projects/lessmsi.mirror/files/latest/download>
<https://cfhcable.dl.sourceforge.net/project/lessmsi.mirror/v1.7.0/lessmsi-v1.7.0.zip>
Name: lessmsi-v1.7.0.zip
Size: 508025 bytes (496 KiB)
CRC32: 864F0EC5
CRC64: B011D6438F8EBE88
SHA256: FE9C27FDD5525ABA46F20B45BB5B7214E541DB0802798D1B24497FD745F1F3D9
SHA1: 8DFA59D2C1AB73A8A4FC74C12E74CF99E5385726
BLAKE2sp: 287C1D37AF810E95F7D4E6F23051266DA996278663114A48DD63672AECA4276D
Given that, I would like to also add Mayayana's MSI-related freeware:
o Mayayana's JSWare MSI unpackers & viewers
<https://www.jsware.net/jsware/msicode.php5>
<https://www.jsware.net/jsware/msicode.php5#unpackx>
<https://www.jsware.net/jsware/zips/jsmsix19.zip>
<Name: jsmsix19.zip>
Size: 68893 bytes (67 KiB)
CRC32: AD57A770
CRC64: 6FBDD27DC2F3BBFB
SHA256: 08112AFF0C9D0D7A72E06CFFEC843B207EF5DC652B4EEF62F1C5D0DD13341659
SHA1: 3007E6A637925733DE072EAD14918E6DA021B928
BLAKE2sp: 26AD4960465718CF098C5CDA75660E7B3F7116BD2CE34107D237BAD2B19BEC08
<https://www.jsware.net/jsware/zips/msiext.zip>
Name: msiext.zip
Size: 198560 bytes (193 KiB)
CRC32: D4DCA945
CRC64: F82CE7C9E226ADF4
SHA256: D025C15A1975A09D8CADB09F7CFC57A25BF9A53AB650CC4F83B96658718BCF4A
SHA1: 7EE68EA7621BE9E0D97EADF6C16FC022DA8C9F8A
BLAKE2sp: DD06B778F7EFBF71D4F5A03FF6F637B40FE7024B51E72D1420AF24907C7A41D8
<https://www.jsware.net/jsware/zips/msiext2.zip>
Name: msiext2.zip
Size: 36538 bytes (35 KiB)
CRC32: 83E7BEC9
CRC64: 9FF2C4DCD07C4E1C
SHA256: 5D8DA93DCC4E3F530E5388594372E02B553EF1F710D08A13278D638EC0BD8458
SHA1: 5D950602EB4A34835CF0D746FF17BCBBDC3E44D1
BLAKE2sp: E2139C6613DBBBBF84F67503DB3E48764F082BE0484B3367BA1AC14010EFD565
And, from my old syslogs, the following somewhat related MSI tool freeware:
o AppDeploy Repackager
<https://www.itninja.com/community/appdeploy-repackager>
o Dark.exe (dark.exe -x outputfolder MySetup.msi)
<https://wixtoolset.org/documentation/manual/v3/overview/alltools.html>
o EMCO Network Software Scanner
<https://emcosoftware.com/network-software-scanner/download>
o EMCO Remote Installation/Uninstallation tool
<https://emcosoftware.com/remote-installer>
o InstEd msi editor built for professionals
<http://www.instedit.com/>
o Owidiffdb.vbs (cscript.exe widiffdb.vbs "Setup 1.msi" "Setup 2.msi")
<https://docs.microsoft.com/en-us/windows/win32/msi/view-differences-between-two-databases>
o Orca for creating & editing Windows installer packages
<https://docs.microsoft.com/en-us/windows/win32/msi/orca-exe>
o Super Orca (may be limited to a single use???)
<http://www.pantaray.com/msi_super_orca.html>
o Smart Packager Community Edition (CE), formerly WinINSTALL LE
The Free version is for packaging non-MSI applications only.
<http://ww1.scalablesmartpackager.com/>
As always, this is posted so that others can flesh it out better than I
can, with the result being we all benefit from their freeware knowledge.
--
The problem with freeware is there is so much of it to test out.
This new compilation was triggered by thread in the a.c.f newsgroup today:
o Portable Backup Program?
<https://groups.google.com/g/alt.comp.freeware/c/AjBvwWkSwjo>
Mostly based on this post by occam on whether to trust freeware MSI files:
"Beware of some of those. The favourite ('Duplicati' for Windows)
has download file which is marked 'beta' and is an .msi fil.
Do you trust an .msi installer from MS as a 'portable' program?"
<https://groups.google.com/g/alt.comp.freeware/c/AjBvwWkSwjo/m/qmRFS3laBAAJ>
Where this freeware was suggested to ameliorate that problem set:
"lessmsi (formerly known as Less Msierables) is a free utility with
a graphical user interface and a command line interface used for viewing
and extracting the contents of a Windows Installer (.msi) file."
o Less MSIerables, (lessmsi), version 1.6.1.0
Specifically see this post by Shadow which covers lessmsi unpacker:
<https://groups.google.com/g/alt.comp.freeware/c/AjBvwWkSwjo/m/qqbWWCdrBAAJ>
Which, eventually, referenced this set of URLs:
<https://sourceforge.net/projects/lessmsi.mirror/>
<https://sourceforge.net/projects/lessmsi.mirror/files/latest/download>
<https://cfhcable.dl.sourceforge.net/project/lessmsi.mirror/v1.7.0/lessmsi-v1.7.0.zip>
Name: lessmsi-v1.7.0.zip
Size: 508025 bytes (496 KiB)
CRC32: 864F0EC5
CRC64: B011D6438F8EBE88
SHA256: FE9C27FDD5525ABA46F20B45BB5B7214E541DB0802798D1B24497FD745F1F3D9
SHA1: 8DFA59D2C1AB73A8A4FC74C12E74CF99E5385726
BLAKE2sp: 287C1D37AF810E95F7D4E6F23051266DA996278663114A48DD63672AECA4276D
Given that, I would like to also add Mayayana's MSI-related freeware:
o Mayayana's JSWare MSI unpackers & viewers
<https://www.jsware.net/jsware/msicode.php5>
<https://www.jsware.net/jsware/msicode.php5#unpackx>
<https://www.jsware.net/jsware/zips/jsmsix19.zip>
<Name: jsmsix19.zip>
Size: 68893 bytes (67 KiB)
CRC32: AD57A770
CRC64: 6FBDD27DC2F3BBFB
SHA256: 08112AFF0C9D0D7A72E06CFFEC843B207EF5DC652B4EEF62F1C5D0DD13341659
SHA1: 3007E6A637925733DE072EAD14918E6DA021B928
BLAKE2sp: 26AD4960465718CF098C5CDA75660E7B3F7116BD2CE34107D237BAD2B19BEC08
<https://www.jsware.net/jsware/zips/msiext.zip>
Name: msiext.zip
Size: 198560 bytes (193 KiB)
CRC32: D4DCA945
CRC64: F82CE7C9E226ADF4
SHA256: D025C15A1975A09D8CADB09F7CFC57A25BF9A53AB650CC4F83B96658718BCF4A
SHA1: 7EE68EA7621BE9E0D97EADF6C16FC022DA8C9F8A
BLAKE2sp: DD06B778F7EFBF71D4F5A03FF6F637B40FE7024B51E72D1420AF24907C7A41D8
<https://www.jsware.net/jsware/zips/msiext2.zip>
Name: msiext2.zip
Size: 36538 bytes (35 KiB)
CRC32: 83E7BEC9
CRC64: 9FF2C4DCD07C4E1C
SHA256: 5D8DA93DCC4E3F530E5388594372E02B553EF1F710D08A13278D638EC0BD8458
SHA1: 5D950602EB4A34835CF0D746FF17BCBBDC3E44D1
BLAKE2sp: E2139C6613DBBBBF84F67503DB3E48764F082BE0484B3367BA1AC14010EFD565
And, from my old syslogs, the following somewhat related MSI tool freeware:
o AppDeploy Repackager
<https://www.itninja.com/community/appdeploy-repackager>
o Dark.exe (dark.exe -x outputfolder MySetup.msi)
<https://wixtoolset.org/documentation/manual/v3/overview/alltools.html>
o EMCO Network Software Scanner
<https://emcosoftware.com/network-software-scanner/download>
o EMCO Remote Installation/Uninstallation tool
<https://emcosoftware.com/remote-installer>
o InstEd msi editor built for professionals
<http://www.instedit.com/>
o Owidiffdb.vbs (cscript.exe widiffdb.vbs "Setup 1.msi" "Setup 2.msi")
<https://docs.microsoft.com/en-us/windows/win32/msi/view-differences-between-two-databases>
o Orca for creating & editing Windows installer packages
<https://docs.microsoft.com/en-us/windows/win32/msi/orca-exe>
o Super Orca (may be limited to a single use???)
<http://www.pantaray.com/msi_super_orca.html>
o Smart Packager Community Edition (CE), formerly WinINSTALL LE
The Free version is for packaging non-MSI applications only.
<http://ww1.scalablesmartpackager.com/>
As always, this is posted so that others can flesh it out better than I
can, with the result being we all benefit from their freeware knowledge.
--
The problem with freeware is there is so much of it to test out.
Arlen Holder
Nov 15, 2020, 7:37:16 PM11/15/20
to
Update:
(As always, for all to benefit from every action; please improve!)
Note this post by Paul on freeware msi installers we may download:
<https://groups.google.com/g/alt.comp.microsoft.windows/c/xKgKyvS0Fvs/m/pAuFFRazBgAJ>
where the problem we're addressing is the risk of "what's inside"
any given MSI installer we may download when installing freeware.
To pitch in toward the solution of freeware msi debugging tools,
I downloaded the latest available of the described set.
1. AppDeploy Repackager v1.2
<https://www.itninja.com/community/appdeploy-repackager>
<https://www.itninja.com/community/appdeploy-repackager/download>
Name: appdeploy_repackager_v1.2
Size: 740352 bytes (723 KiB)
CRC32: E64E7F04
CRC64: A07DE930ED50AD7F
SHA256: 369EB56E7493D5FB6FA8E13F252B0FFFAB731AC5CC0F26A7C0463C4FF38B4E57
SHA1: 4094877411BDB7141E60EB4780BFDFBF3A4FD1D4
BLAKE2sp: 6A67045F9B9C9FBA8F839F816FC9F960F0C4FE7A8F2FD2FD2817E01A133D5760
2. Dark.exe (dark.exe -x outputfolder MySetup.msi)
<https://wixtoolset.org/documentation/manual/v3/overview/alltools.html>
<https://wixtoolset.org/releases/>
<https://github.com/wixtoolset/wix3/releases/tag/wix3112rtm>
Name: wix311.exe
Size: 27977104 bytes (26 MiB)
CRC32: CB87FC8A
CRC64: 04372798112334E0
SHA256: 32BB76C478FCB356671D4AAF006AD81CA93EEA32C22A9401B168FC7471FECCD2
SHA1: 4E3B473DF6128B9A699EA184B9722D9729D90CF7
BLAKE2sp: 34DA08B4D56D1D31610A5522D78A16A82DA649900174725ECBC8EF8F0FEC97D5
3. EMCO Network Software Scanner for Windows, Version 2.0.8 June 5, 2020
<https://emcosoftware.com/network-software-scanner/download>
<https://storage.emcosoftware.com/download/networksoftwarescanner/NetworkSoftwareScannerSetup.exe>
Name: NetworkSoftwareScannerSetup.exe
Size: 65332528 bytes (62 MiB)
CRC32: E149F400
CRC64: 3ECFD11530F5DCE7
SHA256: B16D1BF44160F201183A20581765A6D4F6402EF9FDB7F7AB4077700B41E1F6BF
SHA1: A836D6C98794E69B3A815EB8F0325581099C79C9
BLAKE2sp: ED206BF2D4B6B6FAB44F66326E2E7FD812EAD32F7EBE8D8853F5C7574F1FBE88
4. EMCO Remote Installation/Uninstallation tool, Version 6.0.8 June 5, 2020
<https://emcosoftware.com/remote-installer>
<https://emcosoftware.com/remote-installer/download>
<https://storage.emcosoftware.com/download/remoteinstaller/RemoteInstallerSetup.exe>
Name: RemoteInstallerSetup.exe
Size: 113956656 bytes (108 MiB)
CRC32: D11F2092
CRC64: 62BEE9825D795BA5
SHA256: 471C6547ED7FE321748407253307185622C309325834D23C82FD26540ADDF417
SHA1: C6DEBEA848CEE6E42CDB946FECD0FE693014EEBD
BLAKE2sp: 47DFF598F6DE02371CADA06E22BF7FF207CF6E268055AE203C210E4C6419C3A3
5. InstEd 1.5.15.26 msi editor built for professionals, Apr 30, 2012
<http://www.instedit.com/>
<http://www.instedit.com/download.html>
<http://www.instedit.com/download2.html?file=InstEd-1.5.15.26.msi>
<http://apps.instedit.com/releases2/InstEd-1.5.15.26.msi>
Name: InstEd-1.5.15.26.msi
Size: 4595712 bytes (4488 KiB)
CRC32: ADD5D88E
CRC64: 4752375B9D47CEC0
SHA256: 389BB1B01682BB27BE4666776EEF69EAC3B817AC28907939C5CEEC547D138301
SHA1: E9893DDDE47216BF812F8A6BA0FF607204DBCBA2
BLAKE2sp: BDCAACBECE3AF06CDADC331532B7ACCC742A8A0E63776D26A9925FE14715B633
6. Mayayana's JSWare MSI unpackers & viewers
7. Less MSIerables, (lessmsi), version 1.6.1.0
<https://docs.microsoft.com/en-us/windows/win32/msi/orca-exe>
9. SuperOrca (direct replacement for Orca MSI Editor from Microsoft)
<http://www.pantaray.com/msi_super_orca.html>
<http://www.pantaray.com/SuperOrcaSetup.exe>
Name: SuperOrcaSetup.exe
Size: 2926519 bytes (2857 KiB)
CRC32: 602324C9
CRC64: AADC2E7C3EA1B9ED
SHA256: 68ED565438E206E805F81980374E6439E6F4F60F63A3FCB6F0840C8A8DE189DA
SHA1: C2751E72BD5A8593F4EB4EBD000ACE791DB0A9C7
BLAKE2sp: 64ADBF1D66CC6B1F2D5929E4A80A0257E48FEA4194102149A3BEF1FFA552DEEE
10. widiffdb.vbs (cscript.exe widiffdb.vbs "Setup 1.msi" "Setup 2.msi")
<https://docs.microsoft.com/en-us/windows/win32/msi/view-differences-between-two-databases>
No download URL located.
11. WinInstall (aka Smart Packager)
<http://ww1.scalablesmartpackager.com/>
No download URL located.
12. Are there any other MSI related freeware tools you recommend?
Specifically we want to solve the problem set of what's inside
the MSI package before we run the MSI freeware installer.
As always, if you have experience with MSI related tools,
please add value so that others benefit from what you can impart.
--
Usenet is a great way to learn about other tools before you install them.
(As always, for all to benefit from every action; please improve!)
Note this post by Paul on freeware msi installers we may download:
<https://groups.google.com/g/alt.comp.microsoft.windows/c/xKgKyvS0Fvs/m/pAuFFRazBgAJ>
where the problem we're addressing is the risk of "what's inside"
any given MSI installer we may download when installing freeware.
To pitch in toward the solution of freeware msi debugging tools,
I downloaded the latest available of the described set.
1. AppDeploy Repackager v1.2
<https://www.itninja.com/community/appdeploy-repackager>
<https://www.itninja.com/community/appdeploy-repackager/download>
Name: appdeploy_repackager_v1.2
Size: 740352 bytes (723 KiB)
CRC32: E64E7F04
CRC64: A07DE930ED50AD7F
SHA256: 369EB56E7493D5FB6FA8E13F252B0FFFAB731AC5CC0F26A7C0463C4FF38B4E57
SHA1: 4094877411BDB7141E60EB4780BFDFBF3A4FD1D4
BLAKE2sp: 6A67045F9B9C9FBA8F839F816FC9F960F0C4FE7A8F2FD2FD2817E01A133D5760
2. Dark.exe (dark.exe -x outputfolder MySetup.msi)
<https://wixtoolset.org/documentation/manual/v3/overview/alltools.html>
<https://wixtoolset.org/releases/>
<https://github.com/wixtoolset/wix3/releases/tag/wix3112rtm>
Name: wix311.exe
Size: 27977104 bytes (26 MiB)
CRC32: CB87FC8A
CRC64: 04372798112334E0
SHA256: 32BB76C478FCB356671D4AAF006AD81CA93EEA32C22A9401B168FC7471FECCD2
SHA1: 4E3B473DF6128B9A699EA184B9722D9729D90CF7
BLAKE2sp: 34DA08B4D56D1D31610A5522D78A16A82DA649900174725ECBC8EF8F0FEC97D5
3. EMCO Network Software Scanner for Windows, Version 2.0.8 June 5, 2020
<https://emcosoftware.com/network-software-scanner/download>
<https://storage.emcosoftware.com/download/networksoftwarescanner/NetworkSoftwareScannerSetup.exe>
Name: NetworkSoftwareScannerSetup.exe
Size: 65332528 bytes (62 MiB)
CRC32: E149F400
CRC64: 3ECFD11530F5DCE7
SHA256: B16D1BF44160F201183A20581765A6D4F6402EF9FDB7F7AB4077700B41E1F6BF
SHA1: A836D6C98794E69B3A815EB8F0325581099C79C9
BLAKE2sp: ED206BF2D4B6B6FAB44F66326E2E7FD812EAD32F7EBE8D8853F5C7574F1FBE88
4. EMCO Remote Installation/Uninstallation tool, Version 6.0.8 June 5, 2020
<https://emcosoftware.com/remote-installer>
<https://emcosoftware.com/remote-installer/download>
<https://storage.emcosoftware.com/download/remoteinstaller/RemoteInstallerSetup.exe>
Name: RemoteInstallerSetup.exe
Size: 113956656 bytes (108 MiB)
CRC32: D11F2092
CRC64: 62BEE9825D795BA5
SHA256: 471C6547ED7FE321748407253307185622C309325834D23C82FD26540ADDF417
SHA1: C6DEBEA848CEE6E42CDB946FECD0FE693014EEBD
BLAKE2sp: 47DFF598F6DE02371CADA06E22BF7FF207CF6E268055AE203C210E4C6419C3A3
5. InstEd 1.5.15.26 msi editor built for professionals, Apr 30, 2012
<http://www.instedit.com/>
<http://www.instedit.com/download.html>
<http://www.instedit.com/download2.html?file=InstEd-1.5.15.26.msi>
<http://apps.instedit.com/releases2/InstEd-1.5.15.26.msi>
Name: InstEd-1.5.15.26.msi
Size: 4595712 bytes (4488 KiB)
CRC32: ADD5D88E
CRC64: 4752375B9D47CEC0
SHA256: 389BB1B01682BB27BE4666776EEF69EAC3B817AC28907939C5CEEC547D138301
SHA1: E9893DDDE47216BF812F8A6BA0FF607204DBCBA2
BLAKE2sp: BDCAACBECE3AF06CDADC331532B7ACCC742A8A0E63776D26A9925FE14715B633
6. Mayayana's JSWare MSI unpackers & viewers
<https://sourceforge.net/projects/lessmsi.mirror/>
<https://sourceforge.net/projects/lessmsi.mirror/files/latest/download>
<https://cfhcable.dl.sourceforge.net/project/lessmsi.mirror/v1.7.0/lessmsi-v1.7.0.zip>
Name: lessmsi-v1.7.0.zip
Size: 508025 bytes (496 KiB)
CRC32: 864F0EC5
CRC64: B011D6438F8EBE88
SHA256: FE9C27FDD5525ABA46F20B45BB5B7214E541DB0802798D1B24497FD745F1F3D9
SHA1: 8DFA59D2C1AB73A8A4FC74C12E74CF99E5385726
BLAKE2sp: 287C1D37AF810E95F7D4E6F23051266DA996278663114A48DD63672AECA4276D
8. Orca for creating & editing Windows installer packages
<https://sourceforge.net/projects/lessmsi.mirror/files/latest/download>
<https://cfhcable.dl.sourceforge.net/project/lessmsi.mirror/v1.7.0/lessmsi-v1.7.0.zip>
Name: lessmsi-v1.7.0.zip
Size: 508025 bytes (496 KiB)
CRC32: 864F0EC5
CRC64: B011D6438F8EBE88
SHA256: FE9C27FDD5525ABA46F20B45BB5B7214E541DB0802798D1B24497FD745F1F3D9
SHA1: 8DFA59D2C1AB73A8A4FC74C12E74CF99E5385726
BLAKE2sp: 287C1D37AF810E95F7D4E6F23051266DA996278663114A48DD63672AECA4276D
<https://docs.microsoft.com/en-us/windows/win32/msi/orca-exe>
Quick compilation of available freeware MSI packer/unpacker viewer tools
<https://groups.google.com/g/alt.comp.freeware/c/bkw22YQnddA>
9. SuperOrca (direct replacement for Orca MSI Editor from Microsoft)
<http://www.pantaray.com/msi_super_orca.html>
<http://www.pantaray.com/SuperOrcaSetup.exe>
Name: SuperOrcaSetup.exe
Size: 2926519 bytes (2857 KiB)
CRC32: 602324C9
CRC64: AADC2E7C3EA1B9ED
SHA256: 68ED565438E206E805F81980374E6439E6F4F60F63A3FCB6F0840C8A8DE189DA
SHA1: C2751E72BD5A8593F4EB4EBD000ACE791DB0A9C7
BLAKE2sp: 64ADBF1D66CC6B1F2D5929E4A80A0257E48FEA4194102149A3BEF1FFA552DEEE
10. widiffdb.vbs (cscript.exe widiffdb.vbs "Setup 1.msi" "Setup 2.msi")
<https://docs.microsoft.com/en-us/windows/win32/msi/view-differences-between-two-databases>
No download URL located.
11. WinInstall (aka Smart Packager)
<http://ww1.scalablesmartpackager.com/>
No download URL located.
12. Are there any other MSI related freeware tools you recommend?
Specifically we want to solve the problem set of what's inside
the MSI package before we run the MSI freeware installer.
As always, if you have experience with MSI related tools,
please add value so that others benefit from what you can impart.
--
Usenet is a great way to learn about other tools before you install them.
Arlen Holder
Nov 15, 2020, 7:43:26 PM11/15/20
to
On Mon, 16 Nov 2020 00:37:11 -0000 (UTC), Arlen Holder wrote:
> As always, if you have experience with MSI related tools,
> please add value so that others benefit from what you can impart.
What is the LOGIC one would use to choose a zip vs exe vs msi installer?
> As always, if you have experience with MSI related tools,
> please add value so that others benefit from what you can impart.
For the record, here's Paul's input in a thread where it was asked the
logical question of how to choose _which_ to download, when given choices:
a. zip (including portable, but not always portable)
b. exe (including portable, but not always portable)
c. msi (how can we tell what the heck is inside them?)
From Paul: Sep 20, 2020, 7:13:38 PM
<https://groups.google.com/g/alt.comp.microsoft.windows/c/xKgKyvS0Fvs/m/pAuFFRazBgAJ>
The OS recognizes the .msi as requiring the Windows Installer service.
Mayayana knows more about that, how it works inside.
An EXE could have anything in it. In the case of an INNO installer,
the first stage is probably an unpacker into %temp%. It is there to
help prevent casual inspection, with a secondary purpose to
compress the data and reduce download costs.
The ZIP is usually an attempt to compress the data, where the
obfuscation stage is saved for the next layer inside. For example,
someone might discover that the ZIP layer saves two bytes, then the
EXE inside the ZIP prevents casual inspection.
The MSI was probably intended to prevent casual inspection too,
to a point. Sometimes these things are given anonymous names
inside, and there's some sort of map file inside which maps
them to real names for later.
I would say the MSI offers the greatest promise of inspect-ability,
whereas the others are just as likely to be hiding the inevitable.
Some installers can "sniff" their environment, and avoid completing
the installation process as a result. For example, one installer could
tell you were using Linux and WINE on it. It could sense it was
inside a VM. It would only complete all operations at Host level
in a pure Windows environment. Now, if you didn't have an unpacker
for that one, you might not be able to inspect it. What was weird
about that product (commercial), is the thing the guy was protecting
was broken, and hardly worth the effort he put into it. AKA, a
mental case. It's like having a bank vault filled with Fools Gold.
In some cases, the "tools" on Virustotal can't inspect them either.
But usually it's the lesser-lights items on Virustotal that
are the clueless ones. The mainstream ones are generally pretty
good at disassembly. The only exception is virus scanners that
crash on large enough tarballs. The free Kaspersky scanner
crashes on a Firefox tarball for example. I try to sort
tarballs and put them some place not normally receiving
on-demand scans, so that won't happen.
Paul
--
What is the LOGIC one would use to choose a zip vs exe vs msi installer?
B. R. 'BeAr' Ederson
Nov 16, 2020, 12:07:47 AM11/16/20
to
On Mon, 16 Nov 2020 00:43:20 -0000 (UTC), Arlen Holder wrote:
> The MSI was probably intended to prevent casual inspection too,
> to a point.
Then, administrative install (aka extract only) wouldn't exist:
> The MSI was probably intended to prevent casual inspection too,
> to a point.
msiexec.exe /a MySetup.msi TARGETDIR=D:\Extract\ /qn /l*v D:\Extract.log
It isn't even necessary to run msiexec.exe. Each *.msi file can be "run"
with these options, itself.
F'Up2 acf set.
BeAr
--
===========================================================================
= What do you mean with: "Perfection is always an illusion"? =
===============================================================--(Oops!)===
Mayayana
Nov 16, 2020, 9:26:39 AM11/16/20
to
"B. R. 'BeAr' Ederson" <use.r...@this.is.invalid> wrote
| > The MSI was probably intended to prevent casual inspection too,
| > to a point.
|
| Then, administrative install (aka extract only) wouldn't exist:
| msiexec.exe /a MySetup.msi TARGETDIR=D:\Extract\ /qn /l*v D:\Extract.log
|
I don't see the original thread here, but admin install
is not really an unpacking. It's true that it won't always
work. And it requires admin status. But even then,
the point is only to create an on-disk setup package
for multiple machines on a network to access.
I'm not aware of any such thing as a way to obfuscate
an MSI, except by cheating and putting it inside an
EXE, or putting an EXE in the MSI. That sort of thing.
InstallShield produces that kind of monstrosity, or at
any rate it can.
If you want to actually unpack (and
document) an MSI, see here:
www.jsware.net/jsware/msicode.php5
The EXE version is the simplest and uses the direct
msi.dll API. The script/HTA version might be useful if
1) you want to write your own code or 2) you want
more information about the MSI layout. The two VBS
versions use only VBScript, accessing the msi.dll COM
interfaces.
There's also an HTA-based MSI editor, which could
be useful to do things like remove install restrictions.
The only other program I'm aware of that can actually
unpack an MSI is Less MSIerables, which does it by using
Microsoft's wrapper library kit via .Net. The libraries wrap
msi.dll. In turn, they're .Net-based. A lot of bloat, but
it works. (The actual API is in msi.dll, offering both
dispatch COM interfaces and Stdcall API functions. There's
a complete set of each.
LessM doesn't offer a list of Registry entries the install
will make, but it can unpack an MSI. Other rumored options
are either not designed for actual unpacking (msix.exe) or
can't unpack them at all (7-zip). 7-Zip treats an MSI as
a compound storage file, which is correct, but separating
the storage sections provides nothing useful.
| > The MSI was probably intended to prevent casual inspection too,
| > to a point.
|
| Then, administrative install (aka extract only) wouldn't exist:
| msiexec.exe /a MySetup.msi TARGETDIR=D:\Extract\ /qn /l*v D:\Extract.log
|
is not really an unpacking. It's true that it won't always
work. And it requires admin status. But even then,
the point is only to create an on-disk setup package
for multiple machines on a network to access.
I'm not aware of any such thing as a way to obfuscate
an MSI, except by cheating and putting it inside an
EXE, or putting an EXE in the MSI. That sort of thing.
InstallShield produces that kind of monstrosity, or at
any rate it can.
If you want to actually unpack (and
document) an MSI, see here:
www.jsware.net/jsware/msicode.php5
The EXE version is the simplest and uses the direct
msi.dll API. The script/HTA version might be useful if
1) you want to write your own code or 2) you want
more information about the MSI layout. The two VBS
versions use only VBScript, accessing the msi.dll COM
interfaces.
There's also an HTA-based MSI editor, which could
be useful to do things like remove install restrictions.
The only other program I'm aware of that can actually
unpack an MSI is Less MSIerables, which does it by using
Microsoft's wrapper library kit via .Net. The libraries wrap
msi.dll. In turn, they're .Net-based. A lot of bloat, but
it works. (The actual API is in msi.dll, offering both
dispatch COM interfaces and Stdcall API functions. There's
a complete set of each.
LessM doesn't offer a list of Registry entries the install
will make, but it can unpack an MSI. Other rumored options
are either not designed for actual unpacking (msix.exe) or
can't unpack them at all (7-zip). 7-Zip treats an MSI as
a compound storage file, which is correct, but separating
the storage sections provides nothing useful.
Arlen Holder
Nov 16, 2020, 10:53:32 AM11/16/20
to
On Mon, 16 Nov 2020 09:26:40 -0500, Mayayana wrote:
> I don't see the original thread here
Normally I'd respond to the known racist Mayayana simply by saying:
> I don't see the original thread here
o "Which is why Mayayana always proves to be ignorant of basic facts."
*However, in _this_ case, Mayayana is the _expert_ on this MSI topic.*
Rest assured, Mayayana doesn't even _need_ this thread, as he knows his MSI
stuff rather well (I pointed to his MSI software, for example, in the OP).
For others to benefit, as always, please defer to Mayayana on MSI issues.
o I wrote this MSI compendium for those who know far less than Mayayana.
--
The one thing you can trust with me is I truthfully tell it as I see it.
B. R. 'BeAr' Ederson
Nov 16, 2020, 12:15:36 PM11/16/20
to
On Mon, 16 Nov 2020 09:26:40 -0500, Mayayana wrote:
> "B. R. 'BeAr' Ederson" <use.r...@this.is.invalid> wrote
>
>|> The MSI was probably intended to prevent casual inspection too,
>|> to a point.
>|
>| Then, administrative install (aka extract only) wouldn't exist:
>| msiexec.exe /a MySetup.msi TARGETDIR=D:\Extract\ /qn /l*v D:\Extract.log
>|
>
> I don't see the original thread here, but admin install
> is not really an unpacking. It's true that it won't always
> work. And it requires admin status. But even then,
> the point is only to create an on-disk setup package
> for multiple machines on a network to access.
You totally missed my point: If "MSI was [...] intended to prevent
>
>|> The MSI was probably intended to prevent casual inspection too,
>|> to a point.
>|
>| Then, administrative install (aka extract only) wouldn't exist:
>| msiexec.exe /a MySetup.msi TARGETDIR=D:\Extract\ /qn /l*v D:\Extract.log
>|
>
> I don't see the original thread here, but admin install
> is not really an unpacking. It's true that it won't always
> work. And it requires admin status. But even then,
> the point is only to create an on-disk setup package
> for multiple machines on a network to access.
casual inspection", then "administrative install [...] wouldn't exist".
I explicitly did /not/ recommend this method as a general extraction
method. Although, in about 90% of all cases, it /can/ be used to extract
all relevant files, in my experience. And - contrary to some of the
"unpackers" available - it provides correct filenames, immediately.
Beside the extracted files it creates a (smaller) *.msi to initiate
network based installation. But this can be omitted, when the intention
is just to get to the extracted files of a program which is said to be
portable after extraction from *.msi.
Running administrative install without GUI usually comes closest to
a pure extract, while running it in GUI mode (/qf option) may leave
a couple of files out of the process. (Depending on the GUI settings
chosen.) But these details are of no concern for me in this sub-thread,
because they just detour from above point I tried to make.
Mayayana
Nov 16, 2020, 4:33:39 PM11/16/20
to
"B. R. 'BeAr' Ederson" <use.r...@this.is.invalid> wrote
|
|
| You totally missed my point: If "MSI was [...] intended to prevent
| casual inspection", then "administrative install [...] wouldn't exist".
|
I didn't know your point. As I said, I don't see the thread.
| casual inspection", then "administrative install [...] wouldn't exist".
|
Now that you explain it, I can't say it makes much sense. MSIs
do, indeed, include a great deal of frivolous complexity and
obfuscation. The existence of admin install is certainly not
an indicator that they're designed for inspection.
It it surprising, though, how available MSIs are. So many
software developers are secretive and don't want their
setup packages opened. And InstallShield accommodates
that, to some extent, for people who use their system. It
creates an MSI but they're often wrapped in an IS SFX,
or include custom binaries to do the install, or both, so that
the end result is barely an MSI.
At any rate, I piped up because I've written just about
the only complete unpack solution myself. And I also know
there's a lot of misinformation around. So this was a chance
to clear some of it up. And as I said, if you actually want
to unpack it there's no reason to screw around with admin
install. There's no reason to settle for "90% of the time it
sort of works". It doesn't, really. It's not designed for that.
Arlen Holder
Nov 16, 2020, 5:25:10 PM11/16/20
to
On Mon, 16 Nov 2020 16:33:40 -0500, Mayayana wrote:
> At any rate, I piped up because I've written just about
> the only complete unpack solution myself.
This can't possibly be true even as Mayayana is an expert in MSI's.
> At any rate, I piped up because I've written just about
> the only complete unpack solution myself.
o And it needs to be pointed out that it likely is NOT true (IMHO).
Logically, if Mayayana is ignorant of the programs _already_ listed
(which he, himself, admitted he didn't even _read_ about), then it's
illogical that his statement is correct (given his ignorance of them).
His statement "might" be correct - but only due to sheer luck since there's
no evidence Mayayana is even _aware_ of the dozen or so programs listed.
Again, it's why I say Mayayana speaks usually from complete ignorance
o However, in the special case of MSI's, I readily admit he's an expert.
Hence, it would be nice if Mayayana indicates that he's even _aware_ of the
programs listed, which appear to claim to do what he says they don't do.
--
Note this isn't to say Mayayana is wrong - just that we know him to be a
classic racist who bases his strongly held opinions on very little data and
then he imputes the rest, e.g., he sees one black person robbing a bank and
then claims all black people rob banks. It's who Mayayana is. We know him
well. And I have long ago provided _plenty_ of evidence to that fact, as I
do not bullshit. I tell it as it easily shows itself in the Usenet record.
B. R. 'BeAr' Ederson
Nov 16, 2020, 11:57:41 PM11/16/20
to
On Mon, 16 Nov 2020 16:33:40 -0500, Mayayana wrote:
> "B. R. 'BeAr' Ederson" <use.r...@this.is.invalid> wrote
[...]
>| You totally missed my point: If "MSI was [...] intended to prevent
>| casual inspection", then "administrative install [...] wouldn't exist".
>|
> I didn't know your point.
You even cited it in the first place. You just chimed in without any
>| casual inspection", then "administrative install [...] wouldn't exist".
>|
> I didn't know your point.
thought about what was written, just to be able to announce, that you
wrote an *.msi unpacker, yourself. I don't know about others, but I
already knew this. - And: I couldn't care less.
> Now that you explain it, I can't say it makes much sense. MSIs
> do, indeed, include a great deal of frivolous complexity and
> obfuscation. The existence of admin install is certainly not
> an indicator that they're designed for inspection.
to hide the internals of the file format. Not only extracts admin install
all necessary files in most cases. Quite often, the log files created
provide additional information. Again: If MS "intended to prevent [...]
inspection", then "administrative install [...] wouldn't exist".
Mayayana
Nov 17, 2020, 8:46:01 AM11/17/20
to
"B. R. 'BeAr' Ederson" <use.r...@this.is.invalid> wrote
| And: I couldn't care less.
|
I gathered that. You couldn't care less about much of
|
anything, except your dedication to not being able to
care less. But this is a public forum for discussion and
sharing information. It's not about you, as the saying goes.
Arlen Holder
Nov 17, 2020, 10:10:13 AM11/17/20
to
On Tue, 17 Nov 2020 08:46:02 -0500, Mayayana wrote:
>| And: I couldn't care less.
>|
>
> I gathered that. You couldn't care less about much of
> anything, except your dedication to not being able to
> care less. But this is a public forum for discussion and
> sharing information. It's not about you, as the saying goes.
I know Mayayana well, as he is _always_ this way, on fact.
>| And: I couldn't care less.
>|
>
> I gathered that. You couldn't care less about much of
> anything, except your dedication to not being able to
> care less. But this is a public forum for discussion and
> sharing information. It's not about you, as the saying goes.
o Mayayana prefers to remain ignorant & yet he holds his opinions firm.
Always purposefully utterly devoid of facts.
o As do all racists like Mayayana always proves to be.
At least Bear is working from a standpoint of knowledge.
o Bear knew, from the start, of the listed tools
o And Bear knew, from the thread, what Paul had written
Mayayana, on the other hand, brazenly disputes it all...
o Even _after_ stating he never ever bothered to even _read_ the details!
Yet again, while I take nothing away from Mayayana's MSI skills
o Mayayana's brain is such that he always operates within his own ignorance
--
And yet, like all classic racists, he holds a strong opinion nonetheless.
o Even as it's purely based upon his own intentional ignorance of fact.
0 new messages