From Collaborative RCE Tool Library

Jump to: navigation, search

Installer Tools


Tool name: All-Seeing Eye
Rating: 5.0 (1 vote)
Author: Fortego Security                        
Website: http://www.fortego.com/en/ase.html
Current version: 0.7.1
Last updated: 2007
Direct D/L link: http://www.fortego.com/resources/ase071.zip
License type: Free
Description: Tool for automated diff-style checking of many sensitive system areas that malware and other programs often try to modify silently. Like Tripwire on speed.
Also listed in: File System Diff Tools, Install Monitoring Tools, Registry Monitoring Tools, System Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Adobe Mobile Packager
Rating: 4.0 (1 vote)
Author: Adobe Labs                        
Website: http://labs.adobe.com/technologies/distributableplayer/
Current version: 1.1
Last updated:
Direct D/L link: Locally archived copy
License type: free but closed source
Description: Extremely Rare: Adobe no longer offers this "free beta" application although during the beta program it was offered for free as a utility for Flash Lite apps.

This app turns your SWF apps into SIS files that can be installed on Nokia S60 Symbian phones, and CAB files for Windows Mobile phones. You can even sign your apps with a certificate if you have one.

Included:

- Adobe Mobile Packager 1.1 (Windows)
- Flash Lite Player 2.1 Standalone (Symbian, WinMo, etc)
- Flash Lite Player 3.1 Standalone (Symbian)
Also listed in: Flash Tools, Mobile Platform Packers, Mobile Platform Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SysAnalyzer
Rating: 4.0 (2 votes)
Author: David Zimmer (iDefense Labs)                        
Website: http://sandsprite.com/blogs/index.php?uid=7&pid=185
Current version:
Last updated: March 21, 2011
Direct D/L link: http://sandsprite.com/CodeStuff/SysAnalyzer_Setup.exe
License type: GPL2
Description: Update: This tool is no longer available for download through the iDefense website. An updated installer has been made available by the author.

SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary takes on a system. SysAnalyzer can automatically monitor and compare:

* Running Processes
* Open Ports
* Loaded Drivers
* Injected Libraries
* Key Registry Changes
* APIs called by a target process
* File Modifications
* HTTP, IRC, and DNS traffic

SysAnalyzer also comes with a ProcessAnalyzer tool which can perform the following tasks:

* Create a memory dump of target process
* parse memory dump for strings
* parse strings output for exe, reg, and url references
* scan memory dump for known exploit signatures

Full GPL source for SysAnalyzer is included in the installation package.
Also listed in: API Monitoring Tools, Disk Monitoring Tools, File Monitoring Tools, Install Monitoring Tools, Memory Dumpers, Network Monitoring Tools, Registry Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: unSIS
Rating: 3.0 (1 vote)
Author: the3sky                        
Website: http://www.noeman.org/gsm/symbian-os-9-1-applications/24590-unsis-v3-1-the3sky.html
Current version: 3.1
Last updated: June 4, 2006
Direct D/L link: Locally archived copy
License type: free but closed source
Description: UnSIS is an extraction tool that removes the files in a packaged SIS archive for easy decompiling.

uNsis v3.1 by: the3sky

UNsis 3.0 update : - Revised interface,optimize the code - Pkg file generated manually set up to support it. - Solutions support packages installed manually opened after the release of Contents. - Drag and drop support, Beyond all understanding before the software package.

UNsis 3.1 update : -User-defined language support
Also listed in: Installer Extraction Tools, Mobile Platform Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Attack Surface Analyzer
Rating: 0.0 (0 votes)
Author: Microsoft Corporation                        
Website: http://go.microsoft.com/?linkid=9758398
Current version: Beta
Last updated: January 18, 2011
Direct D/L link: http://go.microsoft.com/?linkid=9758398
License type: Freeware
Description: Attack Surface Analyzer is the same tool used by Microsoft's internal product teams to catalogue changes made to the operating system by the installation of new software.

Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface.

This allows:
- Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
- IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
- IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
- IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)
Also listed in: File System Diff Tools, Install Monitoring Tools, Registry Diff Tools, System Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: InnoCry
Rating: 0.0 (0 votes)
Author: koranto / proletsearch / tobi                        
Website: N/A
Current version: 1.2.7
Last updated: January 14, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: InnoCry is a tool that removes the password from <NON-ArchFour> password protected setups, created with InnoSetup.

Usage:
1. Start the target installation.
2. Start InnoCry and push the "patch" button.
3. Proceed with the installation by pressing the "Next" button.

Supported InnoSetup Engines:
-InnoSetup version 1.3.26
-InnoSetup version 2.0.19
-InnoSetup version 3.0.7
-Version 4.x
-Version 5.x up to ver. 5.2.2

Note: The very first version of InnoSetup is 16 bit and no support for it will be ever added.

-Support for <install-us> password protected software packages.

Known limitations:
1.InnoCry works only on NT based Windows versions (Win9x /ME - not supported).
2.InnoCry has no support for ArcFour encrypted setup packages.
3.InnoCry can patch only one InnoSetup installation, when more than one installation is started at the same time.

Authors:
koranto - coding and code optimization
proletsearch - cracking and coding
tobi - GFX

*With ideas at the very beginning helped a very good reverser: cnbragon/iPB with his article about InnoSetup. So big thanks also to him!*

*****************************
InnoCry v1.2.7 Public release
*****************************

14-January-2008

- Added experimental support for custom InnoSetup dll modules
- Optimized support for advanced custom InnoSetup password scripts
- Added "Enabler" option, that can be used by disabled control items like a disabled <Next> button (in combination with Method 1)

*****************************
InnoCry v1.2.6 Public release
*****************************

04-January-2008

- Added support for standard custom InnoSetup password scripts
- Added support for advanced custom InnoSetup password scripts
- Because of the larger GUI and for the convenience of the user, InnoCry will start above the target installation.
- Brand new gfx design by tobi

*****************************
InnoCry v1.2.5 Public release
*****************************

30-December-2007

- Fixed ARCFOUR detection for the latest InnoSetup engine (ver. 5.2.2)
Also listed in: Installer Extraction Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: InnoExtractor
Rating: 0.0 (0 votes)
Author: Havy Alegria / Havysoft                        
Website: http://www.havysoft.cl/innoextractor.html
Current version: 5.2.1.185
Last updated: October 8, 2015
Direct D/L link: Locally archived copy
License type: Free / Plus
Description: InnoExtractor is a powerful application that helps you to unpack Inno Setup installers using InnoUnp technology.

With InnoExtractor you can explore the internal structure and content of the installer and you can to extract them to a local folder or a portable devices, without having to run the setup.

Key Features:

- Open Inno Setup-based installers into the application by drag and drop executables from Windows Explorer.
- Use VirusTotal technology to quickly search virus and threats in the installer.
- Research/scan all Inno Setup-based installers available in your hard drive.
- Explore and inspect internal content (files and more) of the installer.
- Get the full source code of installer.
- Edit the script of the installer with internal highlighted text editor or with external Inno Setup compiler if is currently installed.
- Extract files to a local folder, to a zip package, to a self-extracting module (portable) or by drag and drop feature.
- Dump/export "Code" (RemObjects Pascal in assemply code), "Registry" and "INI" sections from the script to a readable file.
- Extract the installer/setup icon.
- Run files of the installer into the same application with double click.
- Identify encrypted files of the installer.
- Perform file searches by keyword.
- Input panel, that allows you to enter a valid password to extract encrypted installers.
- Properties panel to see advanced information about the installer.
- History for recently opened installer.
- Other miscellaneous options.
- Support older and latest versions of Inno Setup.
- Support older and latest versions of InnoUnp.
- Application available in multiple languages.
- Designed for Windows 2000/XP/Vista/7/8/8.1/10.
- Full Unicode support.
- Much more!

System Requirements:

- Windows 2000/XP/Vista/7/8/8.1/10.
- Inno Setup-based installers.
Also listed in: Installer Extraction Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: InstallShield (by one exe-file) Unpacker
Rating: 0.0 (0 votes)
Author: Pit0n and SkYuS//vN                        
Website: N/A
Current version: 0.99
Last updated: April 6, 2004
Direct D/L link: Locally archived copy
License type: Free
Description: This tool unpacks two of three known forms of InstallShield Self-Extracting .EXE-files (like 3DMark03.exe).

First form is All-in-One. All files are stored one by one in IS-exe-container like this:
___________
data1.hdr
data1.cab
data2.cab
engine32.cab
layout.bin
setup.exe
setup.ini
setup.boot
~~~~~~~~~~~~

Second form is All-in-CAB. All files are stored in simple
Microsoft Cabinet File (*.cab) in IS-exe.

Third form is too hard for me to understand, but it's a All-in-MSI (with some files to run *.msi like setup.ini and so on). There are a litte bit of encryption (or compression?) in exe-file. But after you run IS-exe-file you can see in WinDir's Temp folder unpacked *.Msi-file (Microsoft Installer) and you can dig it on your own ;)
Also listed in: Installer Extraction Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: InstallShield Decompiler 6.xx
Rating: 0.0 (0 votes)
Author: NEKOSUKI                        
Website: http://deioncube.in/files/cw2k/isd6
Current version: 1.00 beta 16 (cw2k's *retro-build*)
Last updated: August 1, 2011
Direct D/L link: http://deioncube.in/files/cw2k/isd6/isd_beta16.7z
License type: Free RE-Tool
Description: Updates from Beta 15 (2001/05/06) to Beta 16 (2011/08/01)
* added support for encrypted IS61(IS2011) setups (ISDGoBack.exe)

* Support for new unicode Types(WSTRING, WPOINTER)

* translated Japanese error messages into english (via google).

[ To bad that this box don't support any formating options :(
Click on website above for a nicer view. ]

Target Examples

Setup.inx
00000000 61 4C 75 5A 00 00 43 6F 70 79 72 69 67 68 74 20 aLuZ Copyright
00000010 28 63 29 20 31 39 39 30 2D 32 30 30 32 20 49 6E (c) 1990-2002 In
00000020 73 74 61 6C 6C 53 68 69 65 6C 64 20 53 6F 66 74 stallShield Soft
00000030 77 61 72 65 20 43 6F 72 70 2E 20 41 6C 6C 20 52 ware Corp. All R
00000040 69 67 68 74 73 20 52 65 73 65 72 76 65 64 2E 00 ights Reserved.
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Setup.dbg
00000000 6B 55 74 5A 00 6F 70 79 72 69 67 68 74 20 28 63 kUtZ opyright (c
00000010 29 20 31 39 39 30 2D 31 39 39 39 20 53 74 69 72 ) 1990-1999 Stir
00000020 6C 69 6E 67 20 54 65 63 68 6E 6F 6C 6F 67 69 65 ling Technologie
00000030 73 2C 20 4C 74 64 2E 20 41 6C 6C 20 52 69 67 68 s, Ltd. All Righ
00000040 74 73 20 52 65 73 65 72 76 65 64 2E 00 00 00 00 ts Reserved.
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Isrt.obl
00000000 70 4F 64 41 01 00 00 00 2F 00 00 00 10 00 44 65 pOdA / De
00000010 62 75 67 53 79 6D 62 6F 6C 73 2E 6F 62 73 EB 03 bugSymbols.obsë
00000020 00 00 B3 08 00 00 0E 00 41 63 74 69 76 61 74 69 ³ Activati
00000030 6F 6E 2E 6F 62 73 9E 0C 00 00 9E 4C 00 00 0A 00 on.obsž žL
00000040 41 73 73 65 72 74 2E 6F 62 73 3C 59 00 00 8D 49 Assert.obs<Y I
00000050 00 00 09 00 42 61 74 63 68 2E 6F 62 73 C9 A2 00 Batch.obsɢ

ISRTScriptDialogs.obs
00000000 48 4F F3 C9 76 33 2E 39 39 2E 30 30 32 00 00 00 HOóÉv3.99.002
00000010 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 31 39 Copyright (c) 19
00000020 39 30 2D 32 30 30 32 20 49 6E 73 74 61 6C 6C 53 90-2002 InstallS
00000030 68 69 65 6C 64 20 53 6F 66 74 77 61 72 65 20 43 hield Software C
00000040 6F 72 70 2E 20 41 6C 6C 20 52 69 67 68 74 73 20 orp. All Rights
00000050 52 65 73 65 72 76 65 64 2E 00 00 00 00 00 00 00 Reserved.

NewSetup61.inx (Encrypted)
00000000 74 C4 2C 84 E1 E5 D4 28 10 FB 00 20 3C 24 FB 4D tÄ,„áåÔ( û <$ûM
Also listed in: Installer Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: JABi (Just Another Bin2inc)
Rating: 0.0 (0 votes)
Author: PsYcHoCoDe                        
Website: N/A
Current version: 0.0a
Last updated: April 20, 2012
Direct D/L link: Locally archived copy
License type: Freeware
Description: -> What's NEW in v.0.0a:
+ SYNTAX: the D programming language now supported :P
+ SYNTAX: Windows Registry Entry
+ Added: lil' bit better documented plugin sample and SDK...
+ Added: CRC32 internal function is now accessible for use in your plugins ;)
- Bugfix: tiny C syntax problem...
Enjoy! ;)

*** WHAT THE HELL iS THAT?!
-> JABi is a binary file to source include file generator. The 'syntaxes' are the supported output formats >:)

*** Why could i possibly need ANOTHER tool for this job?!
-> JABi is actually *REALLY FAST* and *TINY* (pure ASM code), totally commandline driven (to use it in your compilation scripts), has support for Pre/PostProcessing PLUGINS! and currently supports MASM/TASM/FASM, C, NASM, D language and Windows Registry Entry Syntaxes. I'm planning on expanding the 'supported syntax' list, depending on your feedback, of course, any suggestions are encouraged ;)

*** You said something about pre/postprocessing plugins -> now what the hell is that?!
-> These plugins are actually DLLs, so one could easily expand his JABi features :P Preprocessors receive control just before the actual dumping of the binary file to the memory, while postprocessors execute right after the dumping to memory! So basically, the coder has the full control over what is getting dumped and how it's gonna look in the end of the process >:) The only limit is the coder's imagination actually :P

*** That sound's nice, actually... So, how do I create a new *Processor?!
-> I've included a lil' SDK in the package. It's done in MASM32, but i'm ready to include user contributed SDK's in the package, any ports of the SDK will be appreciated. I just code mostly asm.

*** Are combined plugins a supported option?! (PREPROCESSOR+POSTPROCESSOR=Single Plugin)
-> Yep, they sure ARE supported. However, if you specify such a combined plugin only as a POSTPROCESSOR on the command line, it's PREPROCESSING phase WILL NOT BE executed, and vice versa. If one want's to use BOTH processor phases, he MUST supply BOTH PRE and POST parameter @ the command line the given plugin's name. Actually the plugin example, bundled with the SDK is such a combined processor ;)

*** I LiKE the tool! How could I assist in the further development?
-> You could send plugins you've developed, send samples of other syntaxes, that aren't currently supported by JABi, so i am able to further expand the list... I'm open to any kind of support and ideas on this tiny project.

PS: I believe there's need for a new category for this kind of tools (binary/source embedders maybe, just an idea), since they're must-have for anyone, who digs selfmodifying code, be it a software protectionist, reverse engineer or whatever. The problem comes, when one get's to need one of those, since there're plenty of 'solutions' in the field, but almost none of them is actually suitable for such coder's needs... :/ That was actually why I coded this one... I hope you'll like it...
Also listed in: Assemblers, Code Snippet Creators, Needs New Category, Patch Packaging Tools, Source Code Tools, Specific by Compiler, Tool Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Less Msiérables (Lessmsi)
Rating: 0.0 (0 votes)
Author: Scott Willeke                        
Website: http://blog.scott.willeke.com/
Current version: v1.0.8
Last updated: December 5, 2010
Direct D/L link: http://lessmsi.googlecode.com/files/lessmsi-v1.0.8.zip
License type: MIT License
Description: This is a utility with a graphical user interface and a command line interface that can be used to view and extract the contents of an MSI file.

For usage on the command line: lessmsi [/x <msiFileName> [<outouptDir>]]

Features
- Windows Explorer Integration:
Lessmsi also integrates with Windows Explorer so that you can right-click on a Windows Installer file (.msi file) and select "Extract Files" to extract it into a folder right there.

- GUI:
In addition to allowing you to extract files from the command line and from inside Windows Explorer, lessmsi has a graphical user interface that allows you to view detailed information about any MSI file.

- MSI Table Viewer:
Windows Installer (.msi files) are based on an internal database of tables. Lessmsi features a viewer for those tables. Useful for people who work a lot with installers.
Also listed in: Compressed Archive Tools, Installer Extraction Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: myAut2Exe
Rating: 0.0 (0 votes)
Author: cw2k                        
Website: http://myaut2exe.tk/
Current version: 2.10
Last updated: February 2011
Direct D/L link: http://deioncube.in/files/MyAutToExe/myAutToExe2_10_src.7z
License type: Open Source
Description: AutoIT Script Decompiler

Decompiles:
compiled AutoIT scripts(*.a3x and *.exe) to *.au3 and
compiled AutoHotKey scripts (*.exe) to *.ahk.
... and extracts attached files.

DeObfuscates:
'Jos van der Zande AutoIt3 Source Obfuscator'
'EncodeIt 2.0' and
'Chr() string encode.

Last tested Versions:
AutoIT  : v3. 3. 5.6
AutoIT  : v3. 3. 0.0 and
AutoIT  : v2.64. 0.0 and
AutoHotKey: v1. 0.48.5
Also listed in: Decompilers, Installer Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Orca
Rating: 0.0 (0 votes)
Author: Microsoft                        
Website: http://msdn2.microsoft.com/en-us/library/aa370557(VS.85).aspx
Current version:
Last updated:
Direct D/L link: http://www.microsoft.com/downloads/details.aspx?FamilyId=C2B1E300-F358-4523-B479-F53D234CDCCF&displaylang=en
License type: Proprietary
Description: Orca is a database table editor for creating and editing Windows Installer packages and merge modules. The tool provides a graphical interface for validation, highlighting the particular entries where validation errors or warnings occur.

This tool is only available in the Windows SDK Components for Windows Installer Developers. It is provided as an Orca.msi file. After installing the Windows SDK Components for Windows Installer Developers, double click Orca.msi to install the Orca.exe file.
Also listed in: Installer Decompilers, Installer Extraction Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SandboxDiff
Rating: 0.0 (0 votes)
Author: majoMo (Rui Morais)                        
Website: N/A
Current version: 2.3
Last updated: January 10, 2011
Direct D/L link: Locally archived copy
License type: Freeware
Description: 'SandboxDiff' allows tracking changes in Registry and Files when using 'Sandboxie' (an amazing application created by Ronen Tzur).

All Registry entries and File system created/modified by a program sandboxed (or any action sandboxed) are monitored and listed with SandboxDiff.

Very useful when users want (before to install an application) to know all changes made by the installer in Registry and File system.
Also listed in: File Monitoring Tools, File System Diff Tools, Install Monitoring Tools, Monitoring Tools, Registry Diff Tools, Registry Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: UnMakeSIS
Rating: 0.0 (0 votes)
Author: atzplzw                        
Website: N/A
Current version: 0.2b
Last updated:
Direct D/L link: Locally archived copy
License type: free but closed source
Description: Extracts the files within a Symbian SIS installer archive.
Also listed in: Installer Extraction Tools, Mobile Platform Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Winalysis
Rating: 0.0 (0 votes)
Author:                         
Website: http://www.winalysis.com
Current version: 3.1
Last updated: January 13, 2006
Direct D/L link: Locally archived copy
License type: Shareware
Description: Winalysis is a software application that can help you manage change on computers running Windows. The program can:

Make compressed Snapshots of local and remote computer configurations. Test for changes from snapshots at any time.

Monitor for changes to files, the registry, users, groups, security policies, services, shares, scheduled jobs, the system environment and more.

Monitor remote computers from a central location. There is no need to install Winalysis on the remote machines.

Restore files and/or the registry from compressed snapshots with the ability to undo a restore at any time.
Also listed in: Install Monitoring Tools, System Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There are 3 subcategories to this category.





Views