Archive: how extract files from installer without running install-script
how extract files from installer without running install-script
hi
i have there an install-file that uses NSIS
i'm wondering how to extract just the files from the installer
without executing the script-commands that were executed on an normal start of the installer
i just want to get the files inside and not install them
additionally is there a posibility to know which commands the installer would have executed if i ran the installer in "normal mode"?
sorry for my bad english
This has been asked before and to save space on the Winamp Forums webserver, we ask that you first search the forums before you post.
1) No, there is no way to extract files from an installer. What I suggest is that you install it, but then run the uninstaller. But since you don't want to install it, then sorry.
2)For this you would need the original NSI Script File. If you recently reformatted your hard drive, then you are royally screwed. There is no way to decompile a already compiled installer.
-DJ
nsisfe - http://www.incomplete.co.uk/nsis.htm
I am also writing a 'decompiler' type application at the moment to reconstruct .nsi files from an exe; the above program is the basic stub which contains code to load the NSIS headers, strings and code entries.
All I have to do now is get the Labels in files sorted out.
just goes to show - don't believe everything you read in the forums. Asking a question a 2nd time may get you a better answer - if people hadnt been talking crap the first time anyway
s'pose Id better shut up now before I get lynched :D :D
(Ive been using smilies much more since that wee bit appeared over at the left...)
So are there any extractors yet?
I have here a file which I'm pretty sure is a virus that uses NSIS for distribution.
I want to extract it to look at it's guts and I definately don't want to run it.
It's been over a year since this thread was active, and the link above is dead.
Any improvement on this situation, or is it still a dead end?
This strikes me as a *really* interesting problem that I would like to take a crack at. I'm quite busy at the moment but I will probably have a go at this soon (soon being "in the next couple of weeks"). Unfortunately that's the earliest I can do so :eek:
I've written such an extractor (which is essentially a very limited decompiler) for 1.98... I have only tested it on simple scripts, so I'm sure it needs a lot more testing to iron out the kinks.
I have not tested it with any other versions/mods and I'm pretty sure it will not work with most of them (if any). In general, NSIS is very hostile to decompilers (I think this is by design) and it is very easy
to break any such decompiler with literally miniscule changes to the code.
At any rate, I'll release what I have with the source in a couple of days and someone else can take it from there...
i want the source!
If you make a new script you can use the attached script. This way you can extract the script from the installer.
Hope it helps
Re: So are there any extractors yet?
Originally posted by DelicatesI got one of those as well. Time for a bump ...
I have here a file which I'm pretty sure is a virus that uses NSIS for distribution.
Better yet....
Better yet why not someone create a mini env like the windows simulated environment? So it installs it and makes a mock registry and mounted drive so any installer can be tested. Would that not work or would it be insanely hard to make a system like that?
I mean if microsoft can make a test env... (to buy for an insanely giant price) Then is it possible to make some sort of shell program to test applications in? If one already exists where could you get that? Many times I wanna use the files from installers and make a giant pack for system recoveries. This topic seemed to match my question so i might as well throw it out there.
I know this doesn't really make a pure script but ... if you know what the installer does in a controlled env then isn't that enough..
Oh, and by the way. There is new files being shared on p2p networks that pose as music packs (I don't think saying this is violating board rules...sorry if im incorrect) And its a giant exe that installs SAAP.exe and VX adware which will cripple your computer. I fell for that once :) and im usually smarter then that ... lol.