Microsoft Systems Management Server

Huntland Services Ltd

Tel: +44 (0)1392-490518
Fax: +44 (0)1392-428003
Enquiries@huntland.co.uk

Reverse Engineer Files and Directories in an MSI Package

Back

This script will display on screen or dump to a comma delimited file, a list of files that might be installed from an msi package. The information includes full path, size and version and provides a mechanism whereby an administrator can check in advance what effect the package will have on system or trace back from a file the package that was responsible for installing it.

The core information is held in the msi database Directory table which has a convoluted logic all of its own. It is sufficient to say here that the rules used by this table have their antecedents in the time when the msi technology was only intended for Microsoft Office and can be used in a number of unconventional ways. The script applies all variations of the known logic including property values, built-in folders and even the possibility of custom actions of type 51 modifying the table on the fly. However having interpreted these rules as accurately as possible there are still several ways an msi package developer can still modify the table while the package is actually installing. For instance the user might be prompted for a directory during the GUI part of the install, or a command line switch could be used to set a property which in turn sets a directory entry, or the msi package could run a script or exe which changes important properties. Clearly it would be impossible to cover all these angles.

This script therefore takes the approach of hitting the 'majority' of situations where msi developers have not used exceptional esoteric mechanisms to modify the normal behaviour. It reports the results based on no user intervention and all features being installed. This is like a COMPLETE installation where everything is installed locally. This at least gives administrators the opportunity to see what effect this package might have 'in extremis'. On the other hand a major advantage is the ability to use the dumped comma delimited file in Microsoft Excel where columns can be sorted and searched. The data can be extracted into a database of reverse engineered msi packages to provide information such as: 'How did file x get into the abc folder on our systems?.

Performance may be an issue as the Directory information has to be parsed recursively and may itself be quite large. On a Dell dual 800Mhz Pent III system with 512MB ram, packages of the size and complexity of Office 2000 or Office XP take about 45 seconds to be unravelled.

Please accept this script as is. Feedback will be gratefully accepted at Debug@huntland.co.uk