locked
Decompile\Decompress\Disassemble an msi file? RRS feed

  • Question

  • Hi,

    Is it possible or is there some tool that can decompile\disassemble an msi file in order to see what is it exactly installing and which registry keys are modified or created? 

    Thank you in advance.

    Mihail

    Monday, June 14, 2010 5:00 PM

Answers

  • From this post:

    "You can extract your MSI package to a local folder and then run .Net Reflector to decompile binaries you are interested at. Only managed code can be decompiled.

    To extract files from MSI, see http://devonenote.com/2010/03/uncompress-msi-file/
    To decompile managed binaries, get .Net reflector from http://www.red-gate.com/products/reflector/"

    If someone ran an obfuscator (such as Dotfuscator) on the code, though, all bets are off.  That's one reason software authors use obfuscators - to prevent others from reverse-engineering their code and to protect their intellectual property.

    Regards,

     


    - Kemp Brown [MSFT]
    • Marked as answer by YiChun Chen Tuesday, June 22, 2010 2:46 AM
    Tuesday, June 15, 2010 11:32 PM
  • see what is it exactly installing and which registry keys are modified or created? 

    In addition to Kemp Browns answer, if you wish to see what RegKeys and Files are Created during an installation run Process Monitor while installing.

    FYI: Many installers aren't .Net code and you wont be able to use reflector in a lot of these cases, for example you cant decompile an installer made from Nullsofts' NSIS in Reflector. For that sort of stuff you'll have to adventure into reverse engineering with IDA Pro, OllyDbg & etc.

    To try out Kemps advice here's a site that sells unobfuscated* .Net code: http://www.duoserve.com/

    * It was unfuscated a couple of years ago

    HTH


    Jeremy - MCP | MCAD.Net | MCSD.Net
    Wednesday, June 16, 2010 2:49 AM
  • Hi Mihail,

    Thank you for your post.

    I'm not quite sure what you mean "decompile\disassemble an msi file".

    If you want to check any MSI file,
    Orca is a table-editing tool available in the Windows Installer SDK and it can be used to edit your .msi files. It is generally applied in the scenario that we need to edit the existing Windows Installer package (.msi) files directly.
    We can check the information of files and registry keys that will be added or installed.

    Hope this helps! If I misunderstood, please feel free to let me know.

    Best regards,
    Yichun Chen
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    • Marked as answer by YiChun Chen Tuesday, June 22, 2010 2:46 AM
    Wednesday, June 16, 2010 9:02 AM

All replies

  • From this post:

    "You can extract your MSI package to a local folder and then run .Net Reflector to decompile binaries you are interested at. Only managed code can be decompiled.

    To extract files from MSI, see http://devonenote.com/2010/03/uncompress-msi-file/
    To decompile managed binaries, get .Net reflector from http://www.red-gate.com/products/reflector/"

    If someone ran an obfuscator (such as Dotfuscator) on the code, though, all bets are off.  That's one reason software authors use obfuscators - to prevent others from reverse-engineering their code and to protect their intellectual property.

    Regards,

     


    - Kemp Brown [MSFT]
    • Marked as answer by YiChun Chen Tuesday, June 22, 2010 2:46 AM
    Tuesday, June 15, 2010 11:32 PM
  • see what is it exactly installing and which registry keys are modified or created? 

    In addition to Kemp Browns answer, if you wish to see what RegKeys and Files are Created during an installation run Process Monitor while installing.

    FYI: Many installers aren't .Net code and you wont be able to use reflector in a lot of these cases, for example you cant decompile an installer made from Nullsofts' NSIS in Reflector. For that sort of stuff you'll have to adventure into reverse engineering with IDA Pro, OllyDbg & etc.

    To try out Kemps advice here's a site that sells unobfuscated* .Net code: http://www.duoserve.com/

    * It was unfuscated a couple of years ago

    HTH


    Jeremy - MCP | MCAD.Net | MCSD.Net
    Wednesday, June 16, 2010 2:49 AM
  • Hi Mihail,

    Thank you for your post.

    I'm not quite sure what you mean "decompile\disassemble an msi file".

    If you want to check any MSI file,
    Orca is a table-editing tool available in the Windows Installer SDK and it can be used to edit your .msi files. It is generally applied in the scenario that we need to edit the existing Windows Installer package (.msi) files directly.
    We can check the information of files and registry keys that will be added or installed.

    Hope this helps! If I misunderstood, please feel free to let me know.

    Best regards,
    Yichun Chen
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    • Marked as answer by YiChun Chen Tuesday, June 22, 2010 2:46 AM
    Wednesday, June 16, 2010 9:02 AM