lessmsi poc: Try to extract an embedded .msi file

This Proof of Concept code tries to find a .msi file embedded inside an .exe, if the .exe cannot be loaded directly as msi.

This allows to inspect the .msi file from the VMware tools setup.

It is a quick & dirty implementation.

Is this something you would be interested in moving forward? If so, please suggest changes you'd like to see.

Sep 16 '25 18:09 learn-more

@activescott is this something you would be interested in?

Sep 24 '25 17:09 learn-more

[ ] tests - add a e2e test (we have a precedent, but feel free to ask if you want a pointer)

For the tests, can I just drop in the vmware setup or do I have to figure out the license for that? (it is about 30 MB) I managed to use wix3 to build an exe, but that has yet another format. (It seems that a .cab file is appended)

[ ] ideally this would be in the core dll and could somehow work with the CLI and the windows GUI. If you want to keep this smaller, I'd just say move the core detection and extraction logic into the core dll and call it from the GUI - and create an issue to follow up on for you or someone else later to add it to CLI.

Sure, I'll take a look at that

[ ] What if there are multiple MSIs in an exe? Is that even a thing? I'm fine to ignore it too, just curious if you thought about it or know about it.

~No clue, skimming over the documentation this seems supported but I have no idea how this all would be packaged.~ I created a test .exe with 2 msi files embedded using wix3, and that adds a .cab file inside the exe instead of the raw MSI file. Considering this is a completely new path, and results in potentially having to unpack multiple msi files, that needs an api-redesign. It doesn't seem that the current ui can handle opening multiple msi files, so let's postpone that for now.

Sep 25 '25 11:09 learn-more

All good from my side. Let me know if you have a question.

Oct 02 '25 20:10 activescott

FYI @mega5800 check this out!

Oct 02 '25 20:10 activescott

In general I'm super supportive! 💪 :shipit: I left a couple minor comments on the details. A couple other things I think need considered:

[ ] tests - add a e2e test (we have a precedent, but feel free to ask if you want a pointer)

[ ] ideally this would be in the core dll and could somehow work with the CLI and the windows GUI. If you want to keep this smaller, I'd just say move the core detection and extraction logic into the core dll and call it from the GUI - and create an issue to follow up on for you or someone else later to add it to CLI.

[ ] What if there are multiple MSIs in an exe? Is that even a thing? I'm fine to ignore it too, just curious if you thought about it or know about it.

@activescott I have added a test, I'm unsure if this is the exact test you were looking for? I moved the extraction logic to the core component, so it can be reused later I did not yet implement it in the CLI, that had multiple places where msi files were loaded, and I couldnt not really thing of a clean way to add it there without modifying them all. It would probably be better to think about an api design first, that could possibly also handle multiple msi files in one 'archive' (cab or exe).

Oct 13 '25 11:10 learn-more

Test looks good to me.

Oct 15 '25 02:10 activescott

@mega5800 Could you please give this a try and let us know what you think?

Oct 15 '25 02:10 activescott

Hi @activescott, let me check this PR during the weekend.

Thanks

Oct 15 '25 12:10 mega5800

Hello @learn-more.

Thank you for this PR. I left some comments about the readability of the presented logic. Please take a look and feel free to apply the ones you find helpful.

Thanks.

Hello @mega5800,

Thanks for the review!

I do believe that all comments should be resolved or answered now,

Thanks.

Oct 27 '25 20:10 learn-more