Msi.dll

[Mica Withington]

Errorsrelated to msi.dll can arise for a few different different reasons. For instance, a faulty application, msi.dll has been deleted or misplaced, corrupted by malicious software present on your PC or a damaged Windows registry.

In the vast majority of cases, the solution is to properly reinstall msi.dll on your PC, to the Windows system folder. Alternatively, some programs, notably PC games, require that the DLL file is placed in the game/application installation folder.

Do you have information that we do not?

Did our advice help or did we miss something?

Our Forum is where you can get help from both qualified tech specialists and the community at large. Sign up, post your questions, and get updates straight to your inbox.

MSI API: The Windows Installer API is quite old and is implemented as Win32 C/C++ functions and a layer of COM automation on top (which you can use VBScript and many other languages to access). This is all implemented in the %WINDIR%\system32\msi.dll file (and whatever other support files are involved - I am not quite sure - there is also msiexec.exe of course - the actual installation engine and command line tool to install and configure MSI packages and msihnd.dll - and a few more I think).

DTF (Deployment Tools Foundation): As the .NET framework and managed code came of age, the use of COM and Win32 functions was kind of clunky and the Deployment Tools Foundation kit - also known as DTF was implemented to help use the MSI API with managed code. The file: Microsoft.Deployment.WindowsInstaller.dll is one of the files delivered as part of DTF and the most commonly used one. The WiX toolkit now installs DTF as part of its normal installation. Please check the links below.

Msi.dll errors could apply to any program or system that might utilize the file on any of Microsoft's operating systems including Windows 11, Windows 10, Windows 8, Windows 7, Windows Vista, Windows XP, and Windows 2000.

Don't download msi.dll from a "DLL download" website. There are many reasons why downloading a DLL file is a bad idea. If you need a copy of this file, it's best to obtain it from its original, legitimate source. If you've already downloaded it, delete it from wherever you put it, and continue with these steps below.

Since that moment I get this : C:\Windows\System32\msi.dll is not suitable for windows or contains an error. Try to reinstall.. errorcode : 0xc000012f. I get this for both Java and Adobe, and of course multiple other apps.

The file C:\Windows\SysWOW64\msi.dll has become corrupted (viewing with a hex editor, the first 0x4000 bytes are zero). This is probably due to a hard drive error. This corrupt file prevents various other programs from running, e.g. MS Outlook.

However if I run sfc /scanfile=c:\windows\syswow64\msi.dll (or in fact specify any filename, even a file that doesn't exist) from an elevated cmd, the error message appears immediately in the console window:

As suggested on various websites, I checked that "Windows Modules Installer" is "Manual" and "Running" in the Services, and it is. I tried to stop and restart this service , but it never Stopped (it just stayed in the state "Stopping" until my next reboot).

I am wary of doing a System Restore as it may also roll back other changes, I'd prefer to find a way just to fix the one file (and the handful of other files mentioned in the CBS.log) rather than take that drastic step.

I have taken the good old Kaspersky Removal tool called kavremover. This tool is perfect for this example. As a host system I have Windows 7 SP1 64bit. What we will need is the SysinternalsSuite toolkit, most importantly the Process Monitor (procmon.exe). So we start procmon.exe and create a filter rule for process name called kavremover.exe so we can select only this process for analysis. Next we load kavremover.exe and search for vulnerable DLL paths. After a while I came across the following DLL that gets searched first in the execution path i.e in the root folder where the kavremover.exe is executed. (In our case it is the users desktop)

There are two functions in msi.dll called GetInfo and MsiGetProductInfoA. So lets try and modify our meterpreter dll file a little and change the main() function to either GetInfo or MsiGetProductInfoA.

The generator from my previous post generates a binary and c source file called temp.c. After setting the Metasploit server IP and port number, open the temp.c and modify the function main() to something like this:

Please note that if you use int GetInfo() the kavremover.exe will crash and we wont get a reverse shell, so use MsiGetProductInfoA, this works just fine although the whole program wont load properly of course, but it gets the job done. Once modified, compile the temp.c

Next we can upload the final msi.dll to the virtual testing system where the kavremover.exe is waiting. Start your favorite reverse shell payload via Metasploit and wait for the shell to pop up once we execute kavremover.exe

They both have their pros and cons. Querying registry is straightforward on its own, but requires awkward manipulations and accessing the data which is actually backing the Add/Remove Applet, not necessarily the Windows Installer API which uses its own complex registration. Additionally it may not work correctly with different installation context (user/machine) and you may have to query two places to get both x86 and x64 installations on a x64 system.

So to have a solution which is both fast, reliable and without any side-effects, you may go for a third solution which is more complex, but once setup can be reused not only for querying but for a whole management of MSI-based installations. And so this blog today will be about P/invoking native msi.dll to get results returned by the true Windows Installer API.

This post may be too technical if you have never programmed in C/C++ or C#. If you just want the results without understanding how to implement them on your own, scroll to the bottom, the full content of the PowerShell script is there.

To get the list of products, we pass a zero-based index to our wrapper, and if we get a success result (0) then the buffer should be filled with the actual ProductCode. The index i corresponds to the i-th entry available in the list, and therefore should be increased by one before requerying. The method returns 0 if everything went fine, and then and only then we may check the buffer. The documentation says that the buffer should have a lenght of 39 characters (which is the length of GUID 38 + 1 character for the sequence termination mark), and that the calls should be done from the same thread (which is not a problem for us).

We need to call the method in a loop, each time checking if its result is non-zero. Before the loop, a StringBuilder has to be created (with desired capacity) that will store the current ProductCode. After each call, we increase an index by one and use that index in the next call. All put together, the code looks like:

When the MsiGetProductInfo function returns, the pcchValueBuf parameter contains the length of the string stored in the buffer. The count returned does not include the terminating null character. If the buffer is not large enough, MsiGetProductInfo returns ERROR_MORE_DATA and pcchValueBuf contains the size of the string, in characters, without counting the null character.

This means that we should actually perform two concesutive calls to the same method, once passing a deliberately small buffer, reading out the required buffer length, and then making a proper call with a buffer of that size. The backing StringBuilder instance itself can be reused, given the fact that we may need to call the same code several hundreds of thousands time, we only have to take care of managing its capacity. A small function which does all of these is:

We should make sure the capacity of the buffer is set to that value we have just read from first call, increased by 1 (the capacity may be changed only if it is lower than required, we do not have to make downsizing). Then in the second call, a buffer of a proper length is used. The method accepts three parameters: ProductCode, name of the property and the StringBuilder which will be used as the buffer. Note that we call ToString() with a parameter determining the required length. Since we do not downsize the capacity, is is important to only get relevant part of the buffer at this point.

Is there a way to leverage msi.dll to retrieve a products installed features/sub components?

This is seen by going through Control Panel / Add Remove Programs / Modify / Vieweing sub components and features

Sure, use a similar approach and wrap MsiEnumFeatures (having a ProductCode, this returns all belonging features). Additionally, use MsiQueryFeatureState to determine whether the feature is installed or advertised.

Descarga el siguiente msi.dll para resolver tu problema dll. En este momento tenemos disponibles 15 versiones diferentes de este archivo.

Elige sabiamente. La mayora de las veces basta con elegir la versin ms alta.

Los errores relacionados con msi.dll pueden producirse por distintas razones. Por ejemplo, una aplicacin defectuosa, msi.dll, se ha eliminado o ubicado de forma incorrecta, ha sido corrompida por un software malicioso en tu PC o un registro de Windows daado.

En la mayora de los casos, la solucin consiste en volver a instalar adecuadamente msi.dll en tu PC, en la carpeta de sistema de Windows. Por otra parte, algunos programas, sobre todo los juegos para PC, requieren que el archivo de DLL se encuentre ubicado en la carpeta de instalacin del juego/aplicacin.

Tiene informacin que nosotros no?

Fueron de ayuda nuestros consejos o nos hemos perdido algo?

Nuestro foro es donde puede obtener ayuda de los especialistas cualificados tecnologa y la comunidad en general. Inscrbase, enve sus preguntas, y obtenga actualizaciones directamente en su bandeja de entrada.

3a8082e126