Huntland Services Ltd

Tel: +44 (0)1392-490518
Fax: +44 (0)1392-428003
Enquiries@huntland.co.uk

Reverse Engineer Registry Settings in an MSI Package

This script will display on screen or dump to a comma delimited file, a list of registry changes that might ensue from the execution of an msi package.  The information includes full path, value and data and what action is to be taken e.g. create if present or remove if present.

The core information is extracted from the msi database Registry table.

 This is a simple exposition of the Registry table contents.  However some keys will be modified differently depending on the exact circumstances at installation time.  For example the script may report a path as "HKCU(per user) or HKLM(per machine)\Key\Value\Data" indicating, obviously, which key will be used if the install is per user or per machine.  Even within this category there could be different behaviour for Win2k and above systems.  For example Win2k and above systems may store Software\Classes information in HKCU (per user) or HKLM (per machine) which other systems cannot.  The script reports these as "(Win2k+\HKCU(per user) or HKLM(per machine)) else HKLM\Software\Classes\Value\Data" so the user must exercise their judgment  as to where the actual key resides.

Performance may be an issue as the Registry table can be very large.  On a Dell dual 800Mhz Pent III system with 512MB ram, packages of the size and complexity of Office 2000 or Office XP take about 2+ minutes to be unravelled.  Office 2000 for example has over 13,000 potential registry keys.

Please accept this script as is.  Feedback will be gratefully accepted at debug@huntland.co.uk