installationwindows-installerreverse-engineering

Reverse Engineering an Installer


Has anyone got any experience in doing this?

Specifically, I'd like to find out if any registry keys are being written and what files are going where when I run an MSI.

I was thinking of using ProcMon to see what the msiexec process is doing while I run through it but just thought I'd run it by here to see if anyone has a better method.


Solution

  • Bit rusty, but here's a few (maybe) helpful pointers.

    There is a tool called Orca that you can use to edit MSI files.

    There was also Wise for Windows, which is now called something else, and I'm not sure what you'll be able to do with the trial, it definitely had the ability to edit MSI files.

    I was going to suggest FileMon and RegMon on their own, but I just saw they've actually been merged into ProcMon, shows how behind the times I am :)