MSIEXEC -Embedding

Question

Good afternoon,

I need some help from some Microsoft gurus that deal with windows installer?

I am trying to monitor msiexec utilising the debug keys within windows on a virtual machine and trying to fully understand how Msiexec is fully parsing command lines.

I have set up the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec.exe

Redirected into a sample application to monitor command line parsed.

I have come across numerous examples from removing applications and installing for example C++ redistributable's.

I understand the standard normal command line but cannot get to understand how the -embedding switch is utilised.

The syntax is generally -Embedding 2FD6A2BDD8FE7E3EE9AD31C2970C272C A

I have tried searching through the registry and no avail for semi Guid?

A - seems to signify a install. C - seems to signify a removal.

Anyone know of good documentation that i can look at to understand what is happening, this is on the back of another question i asked a few days ago which i feel has been answered.

External handler for msiexec MsiSetExternalUI

-embedding is for internal use. The guids are typically rearranged. Do you have an actual problem or are you just curious? Why monitor msiexec? — PhilDW, Feb 19 '18 at 18:01
I am more interested, i want to monitor source locations and how msi are cached from external installer with embedded msi. How are the guids rearranged? — user1403598, Feb 19 '18 at 18:34
https://blogs.msdn.microsoft.com/astebner/2005/03/02/more-info-about-how-msi-custom-actions-work-behind-the-scenes/ — Hans Passant, Feb 28 '18 at 15:24

score 0 · Answer 1 · answered Feb 28 '18 at 14:36

How are the guids rearranged

They are what Microsoft calls "compressed". Quite why they bother is a mystery but...whatever. I also seen them referred to as "Darwinian transformed GUIDs." Here's a script that you can feed GUIDs to to get a compressed one and vice-versa:

'strCode    = "{87E21645-7A8E-454D-B899-0317F2AEE9B9}"
strMungedCode   = "4659EEA429F218A4CAEDA156497418B7"

'Call MungeProductCode(strCode, strMungedCode)
'WScript.Echo strCode & " munged becomes " & strMungedCode

Call UnMungeProductCode(strMungedCode, strCode)
WScript.Echo strMungedCode & " unmunged becomes " & strCode

Sub MungeProductCode(ByVal strProductCode, ByRef strMungedCode)
    '// This routine munges the ProductCode into the munged format 
    '// used by various registry entries for Windows Installer
    '// For example:    {D650B8A9-C547-42D3-A7DF-0FAD0AC6E9ED}
    '//             becomes
    '//         9A8B056D745C3D247AFDF0DAA06C9EDE

    Dim arrSortOrder
    Dim strNewCode
    Dim intIndex

    arrSortOrder                = Array(9,8,7,6,5,4,3,2,14,13,12,11,19,18,17,16,22,21,24,23,27,26,29,28,31,30,33,32,35,34,37,36)

    '// Generate the munged code
    For intIndex = 0 To UBound(arrSortOrder)
        strNewCode          = strNewCode & Mid(strProductCode,arrSortOrder(intIndex),1)
    Next

    strMungedCode               = strNewCode
End Sub

Sub UnMungeProductCode(ByVal strMungedCode, ByRef strProductCode)
    '// This routine reconstructs a ProductCode from the munged format 
    '// used by various registry entries for Windows Installer
    '// For example:    9A8B056D745C3D247AFDF0DAA06C9EDE
    '//             becomes
    '//         {D650B8A9-C547-42D3-A7DF-0FAD0AC6E9ED}

    Dim arrSortOrder
    Dim intIndex
    Dim strPartTemp
    Dim strPart1
    Dim strPart2
    Dim strPart3
    Dim strPart4
    Dim strPart5

    '// Part 1
    strPartTemp             = Left(strMungedCode, 8)
    strPart1                = StrReverse(strPartTemp)

    '// Part 2
    strPartTemp             = Mid(strMungedCode, 9, 4)
    strPart2                = StrReverse(strPartTemp)

    '// Part 3
    strPartTemp             = Mid(strMungedCode, 13, 4)
    '// Excuse me! May I borrow these variables for a moment?
    strPart3                = Left(strPartTemp, 2)
    strPart4                = Right(strPartTemp, 2)
    strPart3                = StrReverse(strPart4) & StrReverse(strPart3)

    '// Now deal with part 4 properly
    strPartTemp             = Mid(strMungedCode, 17, 2)
    strPart4                = Mid(strMungedCode, 19, 2)
    strPart4                = StrReverse(strPartTemp) & StrReverse(strPart4)

    strPartTemp             = Mid(strMungedCode, 21, 12)

    arrSortOrder                = Array(2,1,4,3,6,5,8,7,10,9,12,11)
    '// Generate the product code
    For intIndex = 0 To UBound(arrSortOrder)
            strPart5            = strPart5 & Mid(strPartTemp,arrSortOrder(intIndex),1)
    Next

    strProductCode              = ""
    strProductCode              = strProductCode & "{"
    strProductCode              = strProductCode & strPart1
    strProductCode              = strProductCode & "-"
    strProductCode              = strProductCode & strPart2
    strProductCode              = strProductCode & "-"
    strProductCode              = strProductCode & strPart3
    strProductCode              = strProductCode & "-"
    strProductCode              = strProductCode & strPart4
    strProductCode              = strProductCode & "-"
    strProductCode              = strProductCode & strPart5
    strProductCode              = strProductCode & "}"
End Sub

Some notes on the nomenclature: according to Bob Baker's book "*Getting Started with InstallShield Developer and Windows Installer Setups*" there are `Packed GUIDs` (the rearranged GUIDs with the braces and dashes removed), and there are `Compressed GUIDs` (just 23 characters) and `Darwin descriptors`. Compressed GUIDs are primarily used to construct [Darwin descriptors](https://www.symantec.com/connect/articles/darwin-descriptors-basics-and-directions) - which are combinations of the product code GUID, a feature name, and a component code GUID - they are used for MSI's advertisement features. — Stein Åsmul, Feb 28 '18 at 16:54
I can also add that packed GUIDs are apparently used to make registry searches more efficient. I am unfamiliar with the exact technical details involved. — Stein Åsmul, Feb 28 '18 at 17:01

MSIEXEC -Embedding

1 Answers1

Linked