MSI

Supported formats

Microsoft Installer (MSI)

Description

This backend extracts files and metadata from Microsoft Installer (MSI) files. The format is primarily used for software installation on Windows systems.

info

Available in Contextal Platform 1.0 and later.

Symbols

Object

LIMITS_REACHED → limits triggered while processing the archive

Children

TOOBIG → this child object was not extracted as it exceeds the limits

Example Metadata

{
   "work_id": "4TmBNmp2gcIjFF5OCy6ejwtx",
   "org": "ctx",
   "object_id": "9f8f58faadcda3b49e371c1ae353b30b3713652b0ad8d05b57383142757a74d0",
   "object_type": "MSI",
   "object_subtype": null,
   "recursion_level": 1,
   "size": 2085376,
   "hashes": {
      "sha256": "9f8f58faadcda3b49e371c1ae353b30b3713652b0ad8d05b57383142757a74d0",
      "md5": "ebae9b70769458cf723022ec89b95c32",
      "sha512": "3550c281fc8dcd8078caf6c0cef847280d6ec78216b0e018b01942e82c79499538f3a0553409e3c716edf584ff5c359ce991440bab14d4794f6ae3393788a102",
      "sha1": "3d3135b87fe274988b86f50d24bde82cc08556bf"
   },
   "ctime": 1716827209.844879,
   "relation_metadata": {},
   "ok": {
      "symbols": [],
      "object_metadata": {
         "_backend_version": "1.0.0",
         "author": "C_5214F838684B46",
         "codepage_id": 1252,
         "codepage_name": "Windows Latin 1",
         "comments": [
            "This installer database contains the logic and data required to install C_5214F80238684B."
         ],
         "generated_by": "Advanced Installer 12.3 build 64631",
         "is_signed": false,
         "languages": [
            "en-US"
         ],
         "subject": "C_5214F80238684B",
         "timestamp": {
            "nanos_since_epoch": 850000000,
            "secs_since_epoch": 1260532064
         },
         "title": "Installation Database",
         "uuid": "e651adf3-3dab-43f9-b6f4-01e712edb68d"
      },
      "children": [
         {
            "org": "ctx",
            "object_id": "4f92e804a11453382ebff7fb0958879bae88fe3366306911dec9d811cd306eed",
            "object_type": "Image",
            "object_subtype": null,
            "recursion_level": 2,
            "size": 318,
            "hashes": {
               "sha512": "5cc5ad0ae9f8808dea013881e1661824be94fb89736c3cb31221e85be1f3a408d6e5951accd40ee34b3baf76d8e9dd8820d61a26345c00cddc0a884375ee1185",
               "sha1": "dd373901c73760ca36907ff04691f5504ff00abe",
               "sha256": "4f92e804a11453382ebff7fb0958879bae88fe3366306911dec9d811cd306eed",
               "md5": "c23cbf002d82192481b61ed7ec0890f4"
            },
            "ctime": 1716827209.844879,
            "relation_metadata": {
               "stream_length": 318,
               "stream_name": "Binary.New"
            },
[...]

Example Queries

object_type == "MSI"
  && @match_object_meta($generated_by starts_with("Advanced Installer"))
  && @count_children(object_type == "PE") == 1

This matches a MSI object, in which the generated_by metadata entry starts with the string "Advanced Installer" (case sensitive), and which contains exactly one direct children object of the PE type.

Configuration Options

max_processed_size → maximum size of the input object that will be processed (default: 262144000)
max_children → maximum number of children objects to create (default: 100)
max_child_input_size → maximum size of a single input children object (default: 41943040)
max_child_output_size → maximum size of a single output children object (default: 41943040)

Supported formats​

Description​

Symbols​

Object​

Children​

Example Metadata​

Example Queries​

Configuration Options​