Windows Installer Package
An MSI file is a Windows Installer package containing a relational database of installation instructions. FileDex provides reference information only.
Windows installer package. Cross-platform conversion is not applicable.
أسئلة شائعة
How can I inspect the contents of an MSI file without installing it?
Use Microsoft's free Orca tool from the Windows SDK to open the MSI and browse its database tables directly. You can also run an administrative install with `msiexec /a` to extract files to a folder. For quick inspection, 7-Zip can open MSI files and list the embedded cabinet contents.
What is the difference between an MSI and an EXE installer?
An MSI is a declarative database consumed by the Windows Installer service, while an EXE installer is an executable that can contain any logic. MSI packages support built-in repair, rollback, and Group Policy deployment. EXE installers often wrap an MSI internally but add bootstrapper logic for prerequisites.
Can I edit an MSI file to change installation settings?
Yes, using Orca or InstEd you can modify table entries such as default install directory, feature selections, and property values. Creating a transform (.mst) is preferred over direct editing because it preserves the original package. Note that modifying a signed MSI invalidates its digital signature.
Why does Windows keep MSI files cached after installation?
Windows caches a stripped copy in %WINDIR%\Installer so the Installer service can perform repairs, modifications, and uninstalls without requiring the original media. These cached copies lack the large cabinet streams, so they consume less space than the originals. Deleting them breaks uninstall and repair operations for the corresponding software.
ما يميز .MSI
Microsoft Windows Installer packages (.msi) are OLE Compound Document files identified by the magic bytes D0 CF 11 E0 A1 B1 1A E1. Inside each package sits a relational database that the Windows Installer service reads to determine what to install, where to place it, and how to undo it.
اكتشف التفاصيل التقنية
Internal Database Structure
MSI files are relational databases — Windows Installer stores components, features, file paths, and registry entries in SQL-like tables queryable with Orca, Microsoft's free table editor. The core tables include File (source media layout), Component (atomic install units), Feature (user-visible groupings), Registry (keys to write), and CustomAction (arbitrary logic executed during installation). Each row in the File table maps a cabinet entry to a target directory, while the Component table links files to registry entries and shortcuts through foreign keys. The LaunchCondition table gates installation on system prerequisites, and the Upgrade table coordinates major version transitions through product code relationships.
Custom Actions and Transforms
Custom actions range from Type 1 (DLL calls) through Type 51 (property assignments), giving package authors the ability to run arbitrary code during install sequences. This flexibility carries serious risk — a malicious custom action executes with the privilege level of the Windows Installer service, which often runs as SYSTEM. Deferred custom actions are particularly dangerous because they execute in the elevated server-side sequence after the user has already approved the installation. Transforms (.mst files) modify an MSI's database tables without altering the original package, and patches (.msp) deliver delta updates by replacing specific cabinet streams.
Execution Model
The msiexec.exe command-line tool drives installation through two phases: acquisition (UI sequence) and execution (server-side sequence). Administrative installs extract the package contents to a network share via msiexec /a, bypassing the execute sequence entirely. The Installer service maintains a rollback script during execution, allowing complete reversal if any step fails. This transactional model means a power failure mid-install leaves the system in its pre-install state rather than a corrupted intermediate. Group Policy can assign or publish MSI packages to domain-joined machines, enabling silent deployment across thousands of endpoints from a single administrative action.
Repair and Maintenance
Windows caches a stripped copy of each installed MSI in %WINDIR%\Installer. When a component goes missing or a registry key is deleted, the Installer service reads this cached database and restores only the affected rows — a targeted repair rather than full reinstallation. The cached copy lacks cabinet streams, so source media may be required for file-level repairs. Running msiexec /f triggers this self-healing process manually, with option flags controlling whether files, shortcuts, registry entries, or all three are verified and restored.
المرجع التقني
- نوع MIME
application/x-msi- Magic Bytes
D0 CF 11 E0 A1 B1 1A E1OLE2 Compound Binary File header, same as DOC/XLS.- المطوّر
- Microsoft
- سنة التقديم
- 1999
- معيار مفتوح
- لا
OLE2 Compound Binary File header, same as DOC/XLS.
البنية الثنائية
OLE Compound Document container (magic D0 CF 11 E0 A1 B1 1A E1) holding a FAT-based filesystem of streams. The root storage contains database tables serialized as string/integer pools, plus cabinet streams holding compressed file payloads. Each table stream encodes columns, types, and rows in a proprietary binary format readable by MsiOpenDatabase API calls.
نقاط الضعف
- Arbitrary code execution via custom actions running as SYSTEM during installation
- Privilege escalation through the Windows Installer service's elevated execution context
- Supply chain compromise by modifying database tables or injecting malicious transforms (.mst) that alter install behavior silently
الحماية: FileDex does not execute, install, mount, or parse these files. Reference page only.