All geek questions in one place

Installer reverse engineering

Does anyone have any experience with this?

In particular, I would like to know if any registry keys are written and which files go when I start MSI.

I was thinking about using ProcMon to find out what the msiexec process does while I look through it, but just thought I ran it here to find out if anyone has a better method.

+4
source share
2 answers

The bit is rusty, but here are some (possibly) useful pointers.

There is an Orca tool that you can use to edit .msi files.

There was also Wise for Windows , which is now called something else, and I'm not sure what you can do with the test; it definitely had the ability to edit MSI files.

I was going to offer FileMon and RegMon on my own, but I only saw that they really were combined in ProcMon, shows how this time is for me :)

+2
source

Ideally, the installation author used only registry tables and COM, so it’s very easy to see what is done with Orca. However, many installation authors produce less than installation ideas. In these cases, I use InstallWatch to snapshot the registry before and after to create a difference.

InstallWatch Pro

You will see different line noise from processes running on the machine, but you will learn how to filter those who have experience. (For example, the installation did not change the crypto seed or MRU and ShellBags)

+2
source

Source: https://habr.com/ru/post/1338156/

More articles:


All Articles