Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

[ASM] Bypassing some OS checks

.Yoss.

.Yoss.

HAARP
Joined
Dec 3, 2006
Messages
632
Reaction score
109
So I'm trying to bypass the installshield OS check because I can not install a great deal of software that is packed with it. So I decided to try to fix it by unpacking it manually but I can't seem to find where or when exactly the final check is made since it seems that the .msi executable has been packed inside at least two .exe files that seem to also belong to this installshield crap. Therefore I decided to come here to get help from you guys in an attempt to get this done faster than it will be done if I have to manually unpack this thing.

So far I've tried using automatic installshield unpackers but none worked so I have no choice but to do it manually.
Another thing I've tried is running it in compatibility mode and the installshield code got tricked in the following lines of code but it seems that it is able to get the real info from somewhere else by the time the final .msi file gets executed :*:
PHP: 
0044843D  |.  FF15 84E14700 CALL    DWORD PTR DS:[<&KERNEL32.GetVers ; [KERNEL32.GetVersion
00448443  |.  33D2          XOR     EDX,EDX
00448445  |.  8AD4          MOV     DL,AH
00448447  |.  8915 8C1C4A00 MOV     DWORD PTR DS:[4A1C8C],EDX
0044844D  |.  8BC8          MOV     ECX,EAX
0044844F  |.  81E1 FF000000 AND     ECX,000000FF
00448455  |.  890D 881C4A00 MOV     DWORD PTR DS:[4A1C88],ECX
0044845B  |.  C1E1 08       SHL     ECX,8
0044845E  |.  03CA          ADD     ECX,EDX
00448460  |.  890D 841C4A00 MOV     DWORD PTR DS:[4A1C84],ECX
00448466  |.  C1E8 10       SHR     EAX,10
00448469  |.  A3 801C4A00   MOV     DWORD PTR DS:[4A1C80],EAX
0044846E  |.  6A 01         PUSH    1                                ; /Arg1 = 1
So do you have any idea where this thing could be getting all the info from? Any specific registry file or somewhere else? Do I really have to go all the way through and try to unpack it manually?
 
Last edited:
The Best DDoS Protected Servers
.Yoss.

.Yoss.

HAARP
Joined
Dec 3, 2006
Messages
632
Reaction score
109
Thanks for helping!
Download->
You must be registered to see links
 
.Yoss.

.Yoss.

HAARP
Joined
Dec 3, 2006
Messages
632
Reaction score
109
Alright I finally extracted the MSI file
Here it is->
You must be registered to see links



EDIT:
I finally managed to bypass it! :cheer2: It is working well except for some driver that fails to initialize at startup but it doesn't affect the program so it doesn't matter!

.Yoss. - [ASM] Bypassing some OS checks - RaGEZONE Forums


Thanks again to sachav for trying to help :love:

Here's the final MSI installer in case someone needs it->
You must be registered to see links
 
Last edited:
S

sachav

Junior Spellweaver
Joined
Apr 12, 2006
Messages
121
Reaction score
26
Since I found out about the same time you posted, here's how I bypassed the OS check easily, (it should work for any .msi):

1- Download and install notepad++
2- Open notepad++
3- Press view/word wrap (for convenience)
4- Open your .MSI with notepad++
5- Search/Find
6- Now look at the message you're getting. In the OP's case, it was:
SRS HD Audio Lab requires that your computer is running Windows Vista or Windows XP
Take out the product name (SRS HD Audio Lab), and type the rest of the sentence in the search box:
.Yoss. - [ASM] Bypassing some OS checks - RaGEZONE Forums

7- Press Find Next
8- It should bring you to somewhere like this:
.Yoss. - [ASM] Bypassing some OS checks - RaGEZONE Forums

9- See this part, a little bit after the message?
(Not Version9X) And (Not VersionNT=400) And (Not VersionNT=500) And (Not VersionNT=502) And (Not (VersionNT=600 And Not (MsiNTProductType=1)))
This is the predicate that is used to check the OS (in this case, but it's easy to find it ince it looks like a predicate). If it equals true, then the install will go on. If it equals false, then it will stop.

Select the predicate, and take a look at the "Sel" number at the bottom.
.Yoss. - [ASM] Bypassing some OS checks - RaGEZONE Forums


In this case it is 142. It means that the predicate takes 142 characters. MSI installers apparently do not separate their strings by null bytes. It only counts the characters (the 142 must be stored somewhere else, but I'm too lazy to look for it).

So, we have to bypass this predicate by making a new one, that also takes 142 characters.
I will use this one:
1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 10 Or 1
It is 142 characters, and will always equal true.
So, I replace the old predicate:

(Not Version9X) And (Not VersionNT=400) And (Not VersionNT=500) And (Not VersionNT=502) And (Not (VersionNT=600 And Not (MsiNTProductType=1)))

by the new one:

1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 1 Or 10 Or 1

.Yoss. - [ASM] Bypassing some OS checks - RaGEZONE Forums


Save the file, run it, and no more OS check!
 
xRythx

xRythx

Newbie Spellweaver
Joined
Apr 26, 2005
Messages
5
Reaction score
5
why not use the MSI installer to manually unpack the file,
You must be registered to see links
 
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
190
Guests online
6,358
Total visitors
6,548
Totals may include hidden visitors.

Forum statistics

Threads
429,042
Messages
4,590,015
Members
280,419
Latest member
kiriyume
Most visitors online was 8830 , on 6 Feb 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top