Viacheslav Eremin | Windows Installer Reference

|��| |� ��| |Ѳ��| |�ѳ��| |��| |��|

�� > ��

� ��
� ��
� ��
� ��

��:
� �� Z��
� �� Iczelion'�
� �� COM
� DirectX/OpenGL
� �� Win32
� ��
� ��
� ��
� ��
� ��
� ��
� ��
� �� Z��
� ��
� ��
� BIOS/CMOS
� DOS ��!
� ��
� ��
� ��
� ��
� Linux/Unix
� Assembler.Ru
� ��

�� InstallShield 6+ � ��

� ��

��:
Dmit

�� - �� 
- MSI � ��
- IS � ��
- MS CAB/IS CAB/�� 
�� MSI-��
COM-�� ?
�� IS-��
- �� 
- ��
- ��
- �� 
��
��

�� . �� . �� .

� �� , �� Install Shield (� �� IS). IS �� Adobe, Microsoft, Intel, Compuware � �.�., � �.�. ��, �� . � �� , ��, �� . �� . � �� .

�� . �� , �� : �� + ��, �� C++, �� , �� COM (Component Object Model). �� COM �� , �� , �� . �� , �� MSI.

�� - �� 

�� , �� , �� . �� ? �� , �� , � �� MSI (Microsoft Installer) � IS (InstallShield).

MSI � ��

� �� MSI �� Gary Chirhart http://www.wise.com/filelib/MSIwhitepaper.pdf.

�� , �� , �� MSI-��, �� . ��, �� , �� MSI-�� SQL-�� MSI API- ��. �� MSI-�� RSDN.ru: http://www.rsdn.ru/article/install/wininstaller.xml?print

� �� MSI API-��, ��, �� MSDN.

�� CustomActions � MSI-��. �� , �� : http://www.codeproject.com/tips/msicustomaction.asp

�� MSI, ��, �� MS ORCA, �� Platform SDK. �� 200-�� -�� - �� , �� wasm.ru. �� http://www.codeproject.com/file/msiconsole.asp. (�� - �� , �� )

�� AdminStudio �� IS Corp. �� 5.5. �� ORCA, �� 2 �� ORCA, � 200. ��, �� Wise for MSI � �� . ��, � ��, �� , ��

� ORCA, ��, �� . � �� , �� , �� . ORCA �� MSI-��. AdminStudio ��. WinRAR �� MSI-��, �� . �� -��. �� .

IS � ��

InstallShield � �� MSI-��. �� . �� IS-��.

�� IS. �� : http://www.installsite.biz/en/products/isd_book_ch4.pdf

�� . �� , �� . � � �� MSI � IS-��. �� IDriver.exe? � ISRT.dll? � �� , �� \Common Files\InstallShield\Driver? � �� setup.inx � �� ? �� ?

��, IS � �� .�. �� . �� (�� ?) IS � ��, �� . �� , �� , �� , � ��, � �� ? ��, �� setup.inx �� , ��, � �� . � �� . Setup.inx ��, �� , � �� IS �� , �.�. �� . ��, �� IS �� ! �� ? �� inx-�� !

� �� IS �� ins, � IS 6+ �� inx. �� ins � inx �� , �� , �� , �� IS-�� , � ��, �� . � �� ins-�� NaTzGuL, �� . � �� ? �� Soft-Ice, �� , �� . �� ins-�� (�� -�� ) � ��. ��. � �� inx-�� - Installshield 6/7 script decompiler by sn00pee � Install Shield script decompiler 1.00 beta 15 by NEKOSUKI. �� wasm.ru, �� inx-�� 8+ �� (��-�, �� , �� ), � ��

�� inx-�� , �� . ��, ��, �� , �� ? �� , �� , �� .

��, �� IS �� . �� . �� zeezee: http://www.woodmann.com/fravia/zee_inst.htm

� �� . �� The InstallShield Developer Run-Time Architecture�. �� zeezee � �� IS �� , �� . �� COM � � �� . �� , �� IS � �� COM-��, � �� , �� IS � ��, ��, �� :)

�� InstallShield DevStudio. �� , �� AdminStudio, �� . �� 9.0 SP1. �� http://www.installsite.org/

��, �� , � �� (setup.inx) �� MSI-��. �� , ��. �� , �� MSI �� IS � �� . IS �� MSI, � �� . IS �� dll � ISScriptBridge.dll �� IS-�� RPC. �� .

MS CAB/IS CAB/�� 

�� MSI-�� MS CAB-��. �� MS �� . MS CAB �� MSCF � �� . �� MS � WinRAR �� . �� , �� MS CAB �� MSDN.

�� exe-��, �� MS CAB-��. � �� PE-�� (�� PE-��) �� -��, �� , �� .�., � �.�. �� WinRAR. �� Adobe Acrobat 6.0 �� VTune 7.1. �� :

      000485a0h: 01 98 4D 53 43 46 00 00 00 00 CF 4E EE 00 00 00 ; .�MSCF....�N�...
      000485b0h: 00 00 2C 00 00 00 00 00 00 00 03 01 01 00 03 00 ; ..,.............
      000485c0h: 00 00 39 30 00 00 8B 00 00 00 16 02 01 00 4A 00 ; ..90..�.......J.
      000485d0h: 00 00 00 00 00 00 00 00 36 2F 7B 89 20 00 5C 64 ; ........6/{� .\d
      000485e0h: 65 66 61 75 6C 74 4D 53 50 2E 69 6E 69 00 00 40 ; efaultMSP.ini..
@      000485f0h: 00 00 4A 00 00 00 00 00 63 2F 67 78 20 00 5C 4D ; ..J.....c/gx .\M
      00048600h: 53 50 4C 61 75 6E 63 68 65 72 2E 65 78 65 00 00 ; SPLauncher.exe..
      00048610h: 5A 0A 01 4A 40 00 00 00 00 63 2F 7C B6 20 00 5C ; [email protected]/| .\
      00048620h: 41 63 36 30 50 72 50 31 2E 6D 73 70 00 14 3B 6E ; Ac60PrP1.msp..;n

�� , �� exe, MSI � Cab.

�� MS CAB-�� IS CAB-��. �� :

�If you want to update a file in a CAB after the media build is completed, you have to use the InstallShield CAB Tool (InstallShield doesn't use the standard Microsoft CAB file format). You can use this tool to list the contents of a CAB file, and add or delete files inside the CAB. The tool runs from command line, and uses an INI file to list components. The CAB Tool is part of InstallShield 5.5 and not available as separate download. �

��, �� IS CAB �� MS CAB ��. MS CAB �� , � �� IS CAB-�� . ��, �� IS CAB �� ISc. �� . ��, �� shareware-�� ZipScan. �� . ��, WinPack 3.0 by Snoopy 81 � GUI-�� exe-�� IS CAB.

�� ! �� IS. � �� InstDev Studio �� ISCabVu, �� (+ISCAB � �� ISCabVu �� ). ��, �� wasm. �� , �� WinPack, �.�. � IS � �� ISCAB �� :

iscab data1.cab -l -i"z.ini" 
/*������ �������� ������ ������, ����������� ������ ������������ � ������ ��� � ini-����*/
iscab data1.cab -x -i"z.ini"
/*������ ������� ����� �������� ���������� �� ini-�����*/

�� -�� , �� zdatai51.dll. �� .

�� exe-�� IS. �� , �� MSI: �� PE-stub (�.�. �� PE-�� ), �� IS CAB-��. �� , �� InstallShield 7.x Unpacker, �� wasm.ru.

�� wasm �� Inno Setup Unpacker �� Inno- �� exe-��. �� Inno �� .

�� MSI-��

�� , �� , ��, ��. ��, ��, �� MSI �� , � �� IS-�� ISScriptBridge.dll. �� , IS- �� msi-�� IS �� . �� , ��

�� . �� Process Explorer/Filemon �� , �� .

�� Compuware Driver Studio 3.1. �� setup.exe �� IS, ��, �� , �� IS. ��-��. Compuware DriverStudio.msi, �� , �� IS-�� . IDriver.exe �� , ��, setup.inx � �� . ��, �� MSI. ��, �� MSI �� (� �� , ��) �� CustomActions. �� ORCA � �� :

SerialNumVerify	65	DLLWRAP.DLL	DLL6

�� ? ��, �� SerialNumVerify, �� DLLWRAP.DLL. � ��, � �� DLL6. �� dll �� , �� . �� MSI �� ORCA �� . WinRAR �� MSI-��, �� . �� (�� ISScriptBridge.dll - ��. ��). ��, �� dll �� , ��:

F:\>m_extract.exe "Compuware DriverStudio.msi" DLLWRAP.DLL
Extraction successful!

DLLWrap �� , �� msi. �� IDA � �� :

       .text:10002D8A                 public DLL6
       .text:10002D8A DLL6            proc near
       ...

�� , �� DLLx-�� , �� ini-�� . ��, �� .

�� - Wise For Visual Studio .NET 5.1. �� dll� �� . �� , �� CustomAction ��

CheckSerial	1	WiseCustomCall	g12

� Binary WiseCustomCall �� binary data (�� , �� SQL-�� MSI API). �� :

     
m_extract.exe wfvs51eval.msi WiseCustomCall
Extraction successful!

�� , ��, ��, �� dll, �� . �� g12:

     
.text:1000372F g12             proc near
.text:1000372F
.text:1000372F hInstall        = dword ptr  4
.text:1000372F
.text:1000372F                 push    0Ch
.text:10003731                 push    [esp+4+hInstall] ; MSIHANDLE hInstall
.text:10003735                 call    sub_100026E8
.text:1000373A                 pop     ecx
.text:1000373B                 pop     ecx
.text:1000373C                 retn    4
.text:1000373C g12             endp

�� . �� .

�� VPC 5.1. �� , �.�. �� xtin.org �� : �� , �� Install Shield 6.x ?� �� . �� msi-�� Connectix Virtual PC.msi, �� , �� IS-��. �� CustomActions, �� , �� :

VerifySerialNumber	1	ISScriptBridge.dll	f11

�� , �� MSI-�� IS-��. �� , �� , �� custom actions �� . �� -�� dll. MSI �� setup.inx ��! �� , �� MSI �� IS. �� IS �� , �� . ISScriptBridge.dll �� (��-�� , ��, �� -��, �?).

ISScriptBridge.dll

�� dll �� 1000 �� f1-f1000. ��, �� , �� setup.inx �� 1000 �� . Dll �� , �� RPC (� �� RPC �� LPC, �� ). �� . ISScriptBridge �� IsConfig.ini � �� dll �� (� �� ) �� msi-��. �� m_extract, �� msi-��. �� .

�� , �� , � �� IS �� . �� , �, �� , �� -�� -�� dll?

�� . �� , �� , �� . �� Process Explorer �� . ��-��, �� . ��, �� VPC (� �� ), �� OllyDbg:

/*����� ��� �������� � ��������� IDriver � ��� ���, �������� ������������� ���������� � 
�������� IDriver �������� ������ �������!*/
Module C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
/*����, ��� �� �����:
������ � ����� WINNT\system32 ��� ���������� �� ����� � ����������� dll
���� ���������� �����, ���������� � ���������� TEMP � ��� �� ��� � ISRT.dll, ���������� 
����������� dll IS, _isres.dll, ���������� ������ ���������� ����� � ����� ����� � ���-�� 
��� ��������� VfSerial.dll � ������ ���������� �� ����������� dll ��� ����������� 
��������*/
Module C:\WINNT\system32\msi.dll
Module C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{90A4C9F8-E561-4D7C-ACB2-8FA40AE66F1E}\ISRT.dll
Module C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll
Module C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\Objps7.dll
Module C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{90A4C9F8-E561-4D7C-ACB2-8FA40AE66F1E}\_isres.dll
Module
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{90A4C9F8-E561-4D7C-ACB2-8FA40AE66F1E}\VfSerial.dll
Module C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll
Module C:\WINNT\system32\INDICDLL.dll
Module C:\WINNT\system32\SHLWAPI.DLL
Module C:\WINNT\system32\COMCTL32.DLL

�� . �� .

�� - IEVR.dll � Adobe Photoshop CS. �� Asklicense.dll � ERD Commander 2004. �� MSI.

�� - ACDSee 6.0.3. ��, �� IS- ��, �� , �� MSI. �� dll - CheckReg.dll.

�� , �� MSI �� Temp �� (�� ). �� , � Temp-�� ini-�� :

      [DLL2]
      Return=[DEV_NULL],NUMBER
      Module=CheckReg.dll
      Func=DoCheck
      Arg0=in,MsiHandle,NUMBER
      Silent=No
      Source=Binary,CheckRegDLL
      [ProductCode]
      ProductCode={271B64EE-3E1B-4381-A8FE-012390050492}

�� CheckReg � Temp-�� ! �� ! �� ? Filemon �� , �� :

421	msiexec.exe:1520	READ 	
       C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DLL_{271B64EE-3E1B-4381-A8FE-012390050492}.ini
       //����� ������ �� ����� �������������
      ...
424	msiexec.exe:1520	CREATE C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CheckReg.dll
      ...
425	msiexec.exe:1520	WRITE 	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CheckReg.dll
      ... //��� ����� ������� � ����
437	msiexec.exe:1520	CLOSE	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CheckReg.dll
	... //���� ��������� � ����� ����������� ������ ini-����
468	msiexec.exe:1520	OPEN	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CheckReg.dll	
469	msiexec.exe:1520	QUERY INFORMATION	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CheckReg.dll	
470	msiexec.exe:1520	CLOSE	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CheckReg.dll		
471	msiexec.exe:1520	OPEN	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CheckReg.dll	
472	msiexec.exe:1520	DELETE 	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CheckReg.dll		
473	msiexec.exe:1520	CLOSE	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CheckReg.dll

�� , �� . ��, �� , �� . � �� dll�

��, ��-�� . � � �� m_extract �� .

�� . �� MS � MSDN. �� Debugging Custom Actions�. �� . �� (system environment variable) MsiBreak �� custom action, �� . ��:

     MsiBreak = VerifySerialNumber

Msi.dll �� . � �� Soft-Ice c faults on, � OllyDbg, � �� Visual Studio.

��, �� MSI-��, �� IS-��, �� . �� , MSI �� ISScriptBridge.dll, �� dll � �� SN �� . �� dll �� IS-��. �� , � �� IS. �� , �� IS �� COM-��. �� , �� COM.

COM-�� ?

��, �� , �� IS. �� ? �� dll, ��, �� , � �� , �� . �� , �� IS �� (�� ) � �� COM. � �� COM?

�� IS �� COM-��, �� inx-��, �� CAB-�� .�. �� , �� IS CAB-�� (��, �� , � �� MS CAB-��), �� COM-�� IS! � �� . � �� .

�� . � �� RSDN.ru - �� COM�.

�� , ��? ��, �� .

� �� COM �� Early Binding�, � �� Late Binding� (��, �� Dispid Binding� � dual-��, �� ). �� , �� , �� -�� ? �� , �� COM API �� ? ��, ��, ��

      ((ISetupScriptEngine*)isse)->Open(L�setup.inx�);

�� Open? �� -�� late � early binding. Binding (� �� ) � �� , �� , � �� , ��, ��, �� . �� , �� . �� . � ��, �� . � ��, late binding �� , �� early binding �� . ��, �� :

      .text:00411B13                 push    offset asetup ; "setup.inx"...
      .text:00411B18                 mov     eax, [ebp+ppv]
      .text:00411B1B                 mov     ecx, [eax]
      .text:00411B1D                 mov     edx, [ebp+ppv]
      .text:00411B20                 push    edx
      ; �������� �������� � ����� call ����� ���(!) push, � ���� � ���� ��� ������� 
      ; ������ ���� �������� � ��� �����! ������ �������� � ��� �this�.
      .text:00411B21                 call    dword ptr [ecx+0Ch]
      ; ����� Open ������ ��� ����������� call ���������� ������-�� ������� ������...

�� Virtual Table ��, ��, vtbl. �� ++. �� . � �� vtbl �� . �� , �� early binding � �� vtbl.

��, COM-�� , �� . �� (�� ), �� vtbl � �� vtbl. �� , �� Open �� 12 �� vtbl, � �� vtbl �� ebp+ppv.

�� , �� , ��-�� . �� . ��, ��, �� exe/dll-��, �� COM-��. ��, ��, �� IScript7.dll � �� , �� VA �� Open, �� AttachToDebugger � �.�. �� VA, �� RVA �� . �� VA. � �� COM � GUID-�� TypeLib.

�� GUID � �� , �� . 128-�� , �� , �� .�., � �.�. �� , � COM �� LIBID, APPID, CLSID, IID � �� GUID. �� COM ID�s & Registry keys in a nutshell� �� codeproject.com � �� . � �� GUID �� Microsoft �� location transparency�, �.�. �� COM-�� . �� COM-�� , � �� . � �� Phil Wilson � windevnet �� COM-��. �� Win 2000 API RegOverridePredefKey. �� , �� windevnet.com. �� , �� , � �� , �� .

��, ��, �� . � �� ? � �� TypeLib � �� COM �� . �� , �� . � �� TypeLib �� IDL � Interface Definition Language � �� , �� MS, �� . � �� (��, ��, ��, �� ). �� TypeLib �� (.tlb/.tlo-��), �� exe/dll-��. � �� TypeLib �� TYPELIB. ��, � ��, ��:

     
      Resources (RVA: 9A000)
      ResDir (0) Entries:0E (Named:01, ID:0D) TimeDate:00000000
          --------------------------------------------------------------
          ResDir (TYPELIB) Entries:01 (Named:00, ID:01) TimeDate:00000000
              ResDir (1) Entries:01 (Named:00, ID:01) TimeDate:00000000
                  ID: 00000409  DataEntryOffs: 000011E0
                  DataRVA: A0568  DataSize: 01A08  CodePage: 0
          --------------------------------------------------------------

� ��, Restorator 2004 (�� , �� wasm.ru) �� TypeLib �� , � ��, � ��, PE Explorer 1.94 �� . Wine (�� Windows �� Linux � winehq.com) �� , �� TypeLib. �� ! � �� , �� . �� VA �� vtbl. �� -�� ? � ��!

�� RSDN.ru: �Known IUnknown� - �� . �� , �� ! �� COM- �� - � �� ! �� . �� .

�� TypeLib. �� . � �� ! �� Improve your debugging by generation symbols from COM Type Libraries�. �� , ��, ��, ��.

�� . ��, � ��, ��, �� , �� -�� . �� DBG-��, �� VA-�� . ��:

      com_va IScript7.dll
      /*������� ������ ������� � �� ������������ �������� � ���������� 
      ������������ ������ vtbl*/
      
      //��� ������������� ����� ����� �������������, ��������, � ��������� ����
      coclass SetupScriptEngine GUID: {777C89DF-5C36-11D5-ABAF-00B0D02332EB}
              interface ISetupScriptEngineGUID: {777C89E1-5C36-11D5-ABAF-00B0D02332EB}
                      FUNC_PUREVIRTUAL Open VA: 0x1000c0db Offset: 0xc
                      FUNC_PUREVIRTUAL Close VA: 0x1000c192 Offset: 0x10
                      FUNC_PUREVIRTUAL AttachToDebugger VA: 0x1000c261 Offset: 0x14
                      FUNC_PUREVIRTUAL Controller VA: 0x1000c6be Offset: 0x18
              interface ISetupScriptEngine2GUID: {777C89E2-5C36-11D5-ABAF-00B0D02332EB}
                      FUNC_PUREVIRTUAL AttachToDebuggerEx VA: 0x1000c344 Offset: 0x1c
              interface IDispatchGUID: {00020400-0000-0000-C000-000000000046}
                      FUNC_PUREVIRTUAL GetTypeInfoCount VA: 0x10017ab4 Offset: 0xc
                      FUNC_PUREVIRTUAL GetTypeInfo VA: 0x10017acb Offset: 0x10
                      FUNC_PUREVIRTUAL GetIDsOfNames VA: 0x1000c42b Offset: 0x14
                      FUNC_PUREVIRTUAL Invoke VA: 0x1000c52c Offset: 0x18
      coclass ErrorObj GUID: {777C89E0-5C36-11D5-ABAF-00B0D02332EB}
              dispinterface ISetupScriptErrorGUID: {777C89E8-5C36-11D5-ABAF-00B0D02332EB}

�� wasm.ru.

��, �� , �� VA �� TypeLib. �� Late Binding. �� , �� IDispatch, ��, �� IDispatch::Invoke() � IDispatch::GetIDsOfNames �� . ��, � �� -�� VA � � �� Late Binding. �� .

�� , �� Early Binding �� . � COM �� , �� . �� , �� , �� Windows �� .

�� . �� . � �� -�� COM-�� ? �� Win API ��? ��, �� . �� . �� Detours (�� API-��, �� MS � �� wasm.ru � research.microsoft.com), �� pdf-�� : �Intercepting and Instrumenting COM Applications�.

�� Keith Brown � Chris Sells �Unobtrusive COM Tracing�. �� .

�� : DrCOM, �� http://www.wasm.ru/www.ddevel.com, � BoundsChecker 7.1 + patch. � DrCOM, � ��, �� . � � �� . �� BC 7.1, �� . �� compuware �� .

�� IS-��

� �� IS, �� .

�� 

��, �� . �� -�� . �� s � �� . �� IDriver.exe. �� , �� . �� VA-�� PTE (� �86). �� addr. �� :

:addr
/*�������� ������ ���������*/
 CR3       LDT Base:Limit  KPEB Addr PID   Name
 00030000                  8093D9E0  0008  System
 02F4E000                  82F2D5C0  0098  smss
 05ABA000                  FF5A8020  00B0  csrss
...
 1D931000                  80CADD60  032C  IDriver
...
:addr IDriver
/*������������ � �������� �������*/
:s 0 l 7ffffff 'IdohateInstallShield'
/*��������� ����� ����� ������ ������ � ������������ 3-�� ������, ��� �� � ���� ������ � 
���� � ��� ����� ������ ������ Soft-Ice*/
Pattern found at 0010:001F9508 (001F9508)
:s
/*���������, ���� �� ��� ��������� � ����� �������� ��� ������ ��� �������������*/
Pattern not found
:bpm 001F9509 rw
/*�� �� ������ ��������� �� � GetWindowTextA, �� � WM_GETTEXT � SendMessage, �� ������ � 
API � bpm rw � ������ � �������� ������!*/
/*������, ����� �������� �������� ������� � ����� �. ��������� ���������������� ������ 
��������� - ����� ����������� � ����������*/
:x
00)   BPMB #0010:001F9509 RW DR3
Break due to BP 00: BPMB #0010:001F9509 RW DR3  (ET=1.73 seconds)
  MSR LastBranchFromIp=77E1781E
    MSR LastBranchToIp=77E17867
/*���� ������� � ������ ����� ��������, ��� � ����*/
...

��, �� . bpm rw, �� -��, �� . �� , �� , �� . �� , �� dll. ��. �� -�� , �� , �� , �� . � �� . � �� .

��

��, �� , �� , �� IS �� inx- ��. � �� . �� . �� . �� -�� inx-�� ? �� -�� , �� , �� inx-��? �� , �� inx-�� , ��, �� , �� inx-��.

�� isscript.msi ��. �� , �� IS ��, �� . � �� isscript.msi �� .

�� (�� , �� !), �� , �� IDriver.exe. �� inx- �� . �� COM-�� IScript7.dll (IScript8.dll � �.�.). � �� IDriver �� :

      .text:00445236                 xor     eax, eax
      .text:00445238                 mov     [ebp+ppv], eax
      .text:0044523B                 lea     ecx, [ebp+ppv]
      .text:0044523E                 mov     edi, offset ISetupScriptEngine
      .text:00445243                 push    ecx             ; ppv
      .text:00445244                 push    edi             ; riid
      .text:00445245                 push    CLSCTX_INPROC_SERVER ; dwClsContext
      .text:00445247                 push    eax             ; pUnkOuter
      .text:00445248                 push    offset coclass_SetupScriptEngine ; rclsid
      .text:0044524D                 mov     [ebp+ret_val], eax
      ; ���������� CoCreateInstance � ����� GUID � ���� �� ��� ����������� ��������
      ; SetupScriptEngine, ������ � ��� ���������� ISetupScriptEngine
      ; �������������� OLE-COM Object Viewer �� MS Platform SDK, ����� �������� �������� 
      ; TypeLib �� IScript7.dll � ��� �� ������� GUID��
      .text:00445250                 call    ds:CoCreateInstance
      ...
      .text:00445323                 mov     ecx, [ebp+ppv]
      .text:00445326                 mov     eax, [eax]
      .text:00445328                 push    eax             ; BSTR INXFile
      .text:00445329                 push    ecx
      .text:0044532A                 mov     edx, [ecx]      ; this
      ; ������ ���������� ����� Open ���������� ISetupScriptEngine
      ; ����������, ��� offset � call �� ������ ��������, ��������, � ������� ����� �������
      .text:0044532C                 call    dword ptr [edx+0Ch] ; ISetupScriptEngine->Open
      ...
      .text:00445343                 push    eax
      .text:00445344                 push    offset aFailedToOpenSc 
      ; "Failed to open script '%s', error is %d"...
      .text:00445349                 push    esi
      ; ������, ��� ������������ IS ���� �������� ��������������� ��������� � �������� ���
      ; ��������������. ������ �� ��� �� ����� ����� ������...
      .text:0044534A                 call    MsiPrintMessage
      .text:0044534F                 add     esp, 10h
     
     IScript7.dll ���������� ����� 4 ������ ��� ������ � inx-������:
     
          interface ISetupScriptEngine : IUnknown {
              [helpstring("method Open")]
              HRESULT _stdcall Open([in] BSTR INXFile);
              [helpstring("method Close")]
              HRESULT _stdcall Close();
              [helpstring("method AttachToDebugger")]
              HRESULT _stdcall AttachToDebugger(
                              [in] BSTR DebugFileSearchPath, 
                              [in] IUnknown* pUnkServiceProvider);
              [propget, helpstring("property Controller")]
              HRESULT _stdcall Controller([out, retval] ISetupScriptController** pVal);
          };

��, �� Open, �� IDriver.exe. �� . �� :

�� OLE-COM Viewer � �� IDL �� IScript7.dll,
�� IDL-�� *.h � *.c-�� MIDL-��, �� Visual Studio � �� : midl IScript7.IDL /h "Iscript7.h"
�� tlb, *.h � *.c �� , �� IDE � �� VS 2003, ��, ��, � �� IDE �� .

�� :

   
    #include "stdafx.h"
    #include "Iscript7.h" //������������������� ����
    /*
    ����� ������������ ������������������� .c-����, ��������� �������� ���������� 
    �������� ���������� ���� CLSID_SetupScriptEngine
    */
    void main(void)
    {
    	void *isse = 0;
    
    	CoInitialize(0);
    	
    	HRESULT result = CoCreateInstance(CLSID_SetupScriptEngine, 0, 
       CLSCTX_ALL, IID_ISetupScriptEngine, &isse);
       /*
       ��� � ����� ������� � ���� �������� ��������� �������� ������� � ���������, ���������
       � ��� ��� ���������
       */
    	((ISetupScriptEngine*)isse)->Open(L"setup.inx");
       ((ISetupScriptEngine*)isse)->Release();
    	
    	CoUninitialize();
    }

� ��, ��, � ��:

    #import "libid:777C89DE-5C36-11D5-ABAF-00B0D02332EB" no_implementation, \
    	raw_interfaces_only, rename_namespace("IScript"), no_auto_exclude
    /*
    � ���� ������ �� ��� �� ���������� MIDL-���������� � ������ MSDN �� ��������� ����� 
    import
    */
    
    void Test()
    // �������� � ��������� ���������, ����� Release() �������� �� CoUninitialize()
    {
    	IScript::ISetupScriptEnginePtr pGlobal;
    	pGlobal.CreateInstance(__uuidof(IScript::SetupScriptEngine));
    	pGlobal->Open(L"setup.inx");
    }
    
    void main(void)
    {
    	CoInitialize(0);
    	Test();
    	CoUninitialize();
    }

Open �� MMF-�� c inx-�� CreateFileA, CreateFileMappingA, MapViewOfFile, UnMapViewOfFile, CloseHandle. ��, �� , �� MapViewOfFile. � �� bpm � Soft-Ice � �� , � �� . ��, �� -��, �� . ��, �� , �� .

� �� InstallShield Corp. � �Debug a Setup on any Computer�. ��, �� . �� . � �� ISDbg.exe � ��, �� (�� /regserver), �.�. �� COM-��. �� : ISDbg.exe �� , �� ISDbgCnv.exe. �� setup.dbg � setup.rul �� . �� . �� . �� , �� , �� , �� . ��-�� , � �� rul/dbg-�� , �� , ��, �� . �� inx-��. �� , � �� .

�� . IS-�� /regserver. � IScript7/8.dll �� :

      [helpstring("method AttachToDebugger")]
      HRESULT _stdcall AttachToDebugger(
                      [in] BSTR DebugFileSearchPath, 
                      [in] IUnknown* pUnkServiceProvider);
      
      [helpstring("method AttachToDebuggerEx")]
      HRESULT _stdcall AttachToDebuggerEx(
                      [in] BSTR DebugFileSearchPath, 
                      [in] IUnknown* pUnkServiceProvider, 
                      [in] BSTR KeywordList, 
                      [in] BSTR BreakpointsList);

�� CLSIDFromProgID/CoCreateInstance:

      .text:1000A3DF                 lea     eax, [ebp+rclsid]
      .text:1000A3E5                 push    eax             ; lpclsid
      .text:1000A3E6                 push    offset aIpw_scriptdebu ; lpszProgID
      ; unicode 0, <IPW.ScriptDebugger.1>,0
      .text:1000A3EB                 call    ds:CLSIDFromProgID
      .text:1000A3F1                 cmp     eax, ebx
      .text:1000A3F3                 jl      loc_1000A6C6
      .text:1000A3F9                 push    esi             ; ppv
      .text:1000A3FA                 push    offset stru_10028B18 ; riid
      .text:1000A3FF                 push    5               ; dwClsContext
      .text:1000A401                 lea     eax, [ebp+rclsid]
      .text:1000A407                 push    ebx             ; pUnkOuter
      .text:1000A408                 push    eax             ; rclsid
      .text:1000A409                 call    ds:CoCreateInstance

�.�. ��, �� IScript.dll.

��, ��, �� dbg-��, �� IScript.dll, �� ISDbgCnv.exe �� DBGHELP �� . �� , dbg-��, rul-��, �� .

��

�� inx-�� InstallShield DevStudio. �� 9.0 SP1. �� inx �� Compile.exe � Compiler.dll. ��, � �� , �, ��, �� inx-��. �� include-�� obs-�� . ��, �� 500 ��. � �� IDE �� 600 ��. ��

�� , �� . �� , �� .

Inx-�� rul-�� (�� .c/.cpp �� C/C++). �� obs-�� (�� obj-�� C/C++). Rul-�� IS �� C-�� . �� InstallScript �� :

http://helpnet.installshield.com/robo/projects/devstudio9helplangref/LangrefHome.htm

�� :

Compile.exe /IIfx\Include;isrt\Include setup.rul isrt\Lib\ISRT.obl

Compile.exe �� . �� :

/LibPath<dir> add <dir> to library search path
/obsolete - ???
/C compile only, no link
/D<name>=<text> define macro
/E<num> display a maximum of <num> errors
/G[I] generate debug info [include with .inx]
/I<dir> add <dir> to include search path
/L make .obl library
/N no checksum in .obs file
/O<filename> name output filename
/Q suppress copyright message and version information
/V<num> set warning level to <num>
/W<num> display a maximum of <num> warnings

Compile.exe, �� , �� Compiler.dll. �� dll � �� . �� :

        Entry Pt  Ordn  Name
        00013F20     2  InstrcCreate
        00014C40     3  InstrcCompile		---> obs-����
        00014F50     4  InstrcSetInfo
        00015000     5  InstrcQueryInfo
        00015070     6  InstrcSetPfn
        000150B0     7  InstrcDefineSym
        000151B0     8  InstrcDestroy
        000151D0     9  InstrcStop
        000151F0    10  InstrcGetErrorCount
        000147C0    11  InstrcLink			---> inx-����
        00013F80    12  InstrcCreateLib
        00015200    13  InstrcGetWarnCount
        00013F00    14  DllMain

InstrcCompile �� obs-��. �� API �� rul-��, � �� obs-��.

�� , ��, ��, �� InstallScript �� obs-��. �� :

obs-��, � �� inx-��, �� (��. ��),
�� obs-�� , �.�. � �� , �� inx-�� , � obs-�� ,
obs-�� , �� INX (��, �� )

�� \0�48\0�4F\0�F3\0�C9. �� 0�10014DA7 � �� 0�10001150.

�� zeezee, �� -�� . �� 0�1005F658, �� 0�100349E0. �� -�� :

      .text:100349FF                 push    ebx             ; token_name
      .text:10034A00                 call    index_in_the_swith_table
      ; ������ ��� ������ ������������� � ��� ��� ������ ���-������, ����� ���������� �����
      ; ����������� � �������� ����� token_table ��� ������ �������� ������ ������� 
      ; (�� ����� � ��� ����� ������������ �%�)
      .text:10034A05                 mov     esi, eax
      .text:10034A07                 add     esp, 4
      .text:10034A0A                 mov     [esp+10h+name], esi
      .text:10034A0E                 mov     edi, token_table[esi*4]
      ; token_table ���������� � ������ 0�1005FFA8 � �������� ���:
      ; 	.data:1005FFAC                 dd 0
      ;	.data:1005FFB0                 dd offset EXTERNAL
      ;	.data:1005FFB4                 dd offset case
      ;	.data:1005FFB8                 dd 0
      ;	.data:1005FFBC                 dd 0
      ;	.data:1005FFC0                 dd offset typedef
      ; �.�. �������� ���������, ��������� �� ���������
      ; ����� ������ ��������� ������� �� 4 DWORD, 2-� �� ������� �������� ���������
      ; ���������� �� ASCII-������ ������, ��� ���:
      ;	.data:1005FB58 StrToNum        dd offset put           
      ;	.data:1005FB5C                 dd offset aStrtonum     ; "StrToNum"
      ;	.data:1005FB60                 dd 201h
      ;	.data:1005FB64                 dd offset word_1005F91C
      ; 3-� DWORD �������� �.�. ������� �������� - �� ������� � �������
      ; ���� ������� ��� ������ ������� ������; � ������ ���������� ������� 3-� DWORD
      ; ������ ����� 0x201.

�� -��, �� , �� obs-��. �� rul-�� , � �� obs-��. �� (�� IS, �� IS 6 � 7).

��

0x1 while

0x2 abort

0x3 exit

0x4 if(condition)

0x5 goto()

0x6 arg1=arg2

0x7 ++ (�� 1)

0x8 %

0x9 <

0xA >

0xB <=

0xC >=

0xD =

0xE !=

0xF - (�� )

0x10 * (��)

0x11 /

0x12 &

0x13 |

0x14 ^

0x15 ~

0x16 <<

0x17 >>

0x18 ||

0x19 &&

InstrcLink �� inx-��. �� inx-�� aLuZ�. �� 0�10021150, �� InstrcLink.

��, �� inx-��, �� - �� , �� -�� , �� . �� , �� , �� , ��, �� -�� . �� 0�10037551. �� , �� inx-��. �� :

      unXorIDX.exe < Setup.inx > 1.inx

�� wasm.ru. �� , �� NEKOSUKI � sn00pee ��-�� inx- ��. ��, �� , �� -�� , �� . �� . ��:

�� , �� . �� , ��, �� . ��, sid �� 0�19, �� Ȼ �� .
�� 9.0 inx-��. �.�. �� aLuz�, �� . �� obs-��.
�� . �.�. �� (�� compile.exe). ��, �� , �� , �� , �� , �� . �� .
��, �� rul-��, �� dbg-��, �� ISDbgCnv.exe.
�� , ��-��. �� , �� !=�, �==�, �=�, �>�, �<� � �.�.

��, �� , � �� . �� . ��, ��-�� -�� . � �� .

�� 

�� .

�� Alexander SPK. �� IS-��. �� , �� dll � �� . �� setup.inx:

      
       /* 00005F27: 000D */   n0007 = n0000 == 0x0000025A;
       /* 00005F36: 0004 */   if(! n0007) goto label_0006;                
       /* 00005F42: 0021 */   function_017F(0x00000003, "Installation Error"); 
       /* 00005F62: 0021 */   function_01E7("Invalid Key", 0xFFFF0003); 
       /* 00005F7B: 0002 */   abort;

�� n0007 �� true �� n0000 �� 0x25A. � �� n0000?

label_000F:  
       /* 00006163: 000D */   n0008 = n0000 == 0x00000001;
       /* 00006172: 0004 */   if(! n0008) goto label_0012;                        
       /* 0000617E: 0021 */   function_016F("SdKey", 0x0000000B, s0002); 
       /* 00006194: 0028 */   StrLengthChars(s0002); //���������� ������� 
       /* 0000619B: 0006 */   n0008 = LAST_RESULT; 
       /* 000061A5: 000D */   n0008 = n0008 == 0x00000011; //��� �������, ��� ��� ��������?
       /* 000061B4: 0004 */   if(! n0008) goto label_0010;
       //����������� ���������� ����� �� ������� ���� ����� 000061C0 
       /* 000061C0: 0006 */   n0001 = 0x00000259; 
       /* 000061CC: 0006 */   n0003 = 0x00000001;

�� BlackICE 3.6. �� WARNING! The license key entered is invalid.� �� (�� Search&Replace). �� inx-��. �� :

       WARNING!  The license key entered is invalid.\n  //-002-/ 00016CE2,00016E6A,

��, �� 0x16ce2:

       /* 00016C6D: 0020 */	ICEinstall.TrimWhiteSpace(g_str0010, s0003);
       //����� ������� ������� � ��� dll ��� ����������, �����, ��� �������������� �������
       /* 00016C79: 0006 */	g_str0010 = s0003;
       /* 00016C83: 0020 */	iceblockWINAPI.KeyValidate(g_str0010);
       /* 00016C8C: 0006 */	n0000 = LAST_RESULT;
       /* 00016C96: 000E */	n0001 = n0000 != 0x00000001;
       /* 00016CA5: 0004 */	if(! n0001) goto label_01A7;
       /* 00016CB1: 0021 */	function_019B("TITLE_CAPTIONBAR");
       /* 00016CCA: 0006 */	s0004 = LAST_RESULT;
       /* 00016CD4: 0021 */	function_0127(0x00000006, s0004);
       /* 00016CE2: 0007 */	s0004 = "WARNING!  The license key entered is invalid.\n" + 
"\nDo you want to re-enter your license key?\n\n";
       /* 00016D49: 0007 */	s0004 = s0004 + "Click YES to re-enter the key.\n";
       /* 00016D75: 0007 */	s0004 = s0004 + "Click NO to abort the installation.";

�� : �� inx-��, �� /�� KeyValidate.

�� Statistica 6.0. �� Process Explorer, �� , �� setup.inx �� + �� -�� dll - ihsta6.dll. �� , �� :

CompViewEx_Add        100036D0 1 
CompViewEx_ChangeSize 10003770 2 
CompViewEx_Close      100037C0 3 
CompViewEx_FinishInit 10003730 4 
CompViewEx_Init       10003610 5 
ComponentViewExProc   100024D0 6 
GetIHSTA6Error        10003600 7 
Processor             10006110 8 
start                 1000EECF

�� . ��, �� . � �� isd by NEKOSUKI. �� , �� The CD-Key is incorrect�. �� , �� :

value.shl:
ERROR_INVALID_LICENSECOUNTS=The License Key is incorrect!

�� ERROR_INVALID_LICENSECOUNTS:

ERROR_INVALID_LICENSECOUNTS //-013-/
0000E20C,0000EAA1,0000EB36,0000EBCB,0000ECD8,0000ED93,0000EE28,0000EEBD,0000EF6A,0000F007,
0000F09C,0000F131,0000F23E,

�-��-��! ��-�� -�� . �� .

       /* 0000EB1B: 000D */	n0004 = n0000 == 0xFFFFFF8F;
       /* 0000EB2A: 0004 */	if(! n0004) goto label_015A;
       /* 0000EB36: 0021 */	function_0184("ERROR_INVALID_LICENSECOUNTS");

�� n0004 �� true �� , �� n0000 �� 0�FFFFFF8F. ��, � �� n0000? �� .

      /* 0000EA00: 0020 */	IHSTA6.Processor(g_str000D, g_str0011, n0001, n0002, n0003);
      /* 0000EA15: 0006 */	n0000 = LAST_RESULT;
      /* 0000EA1F: 000E */	n0004 = n0000 != 0x00000000;
      /* 0000EA2E: 0004 */	if(! n0004) goto label_016C;

��, �� ihsta6.dll Processor. �� :

      /* 0000E06E: 0020 */	IHSTA6.Processor(s0000, s0001, n0001, g_number001D, n0002);
      /* 0000E083: 0006 */	n0000 = LAST_RESULT;
      /* 0000E08D: 000D */	n0003 = n0000 == 0xFFFFFF94;
      /* 0000E09C: 0004 */	if(! n0003) goto label_013F;
      �
      /* 0000E1B9: 000D */	n0003 = n0000 == 0xFFFFFF8F;
      /* 0000E1C8: 000D */	n0004 = n0000 == 0xFFFFFF8E;
      /* 0000E1D7: 0018 */	n0003 = n0003 || n0004;
      /* 0000E1E4: 000D */	n0004 = n0000 == 0xFFFFFF90;
      /* 0000E1F3: 0018 */	n0003 = n0003 || n0004;
      /* 0000E200: 0004 */	if(! n0003) goto label_0142;
      /* 0000E20C: 0021 */	function_0184("ERROR_INVALID_LICENSECOUNTS");

��, �� Processor. �� .

      .text:100061E8                 mov     edx, [esp+18h]
      .text:100061EC                 mov     eax, offset sub_10006690
      .text:100061F1                 push    edx
      .text:100061F2                 mov     edx, [esp+18h]
      .text:100061F6                 push    edx
      .text:100061F7                 mov     edx, [esp+14h]
      .text:100061FB                 push    esi
      .text:100061FC                 push    edx
      .text:100061FD                 push    ecx
      .text:100061FE                 call    eax ; sub_10006690
      ; � �������� ����� ��������� ����� ��������� mov eax, 0FFFFFF8Fh
      .text:10006200                 pop     esi
      .text:10006201                 retn    14h

��, ��, �� n0000 � �� . �� , �� 10006690 �� License Key Checksum ERROR� �� License checksum failed�. ��, �� . ��, �� .

��

� �� MSI � IS. �� , �� (�� ) �� , �� . �� , �� MSI- ��. �.�. IS �� COM, �� , �� COM-�� . �� IS �� inx-��. �� , �� inx-��, �� Developer Studio �� 9.0 SP1. �� , �� , �� inx-��, � ��, � ��, �� inx-��.

��

� �� . � �� . �� , �� , �� , �� . �� . ��-�� , ��-�� . ��-�� , �� .

�� Flankerx�� .

�� SkY[vN] �� .

�� to ZENiTH �� , �� .

Great thanks and a lot of appreciation to fravia/woodman forum members � nikolastela and Solomon for the useful discussion about shareware COM-utilities and the internal structure of the COM TypeLib.

Quantum �� -�� . ��-�� IS Corp �� setup /d �� !

� ��, � �� Dmit �� IS. � �� Flankerx�� . �� Dmit �� !

[C] Volodya, Flankerx

� �� (10)

������ > ������������ ��������

������������ InstallShield 6+ � ����� �������

�� > ��

�� InstallShield 6+ � ��