Software Protection: Protecting MSI Files with Enigma Protector

Windows Installer File (MSI) files are not executable files, and can’t be protected directly with Enigma Protector. Below I will show an example, how to protect it anyway.
The Enigma Protector supports protection of executable files only, so initially we will make an executable file from our MSI installer.

Download Enigma Protector from the official site http://enigmaprotector.com/

Making EXE from MSI

When we try to start MSI file in the explorer, the Windows really starts a file msiexec.exe and pass a msi file as command line parameter.
The main idea of protection of MSI file is protecting of msiexec.exe, virtualizing MSI file and overriding command line parameters.

Where take a msiexec.exe?

msiexec.exe is a component of instmsiw.exe package. Windows XP, and higher, already contains installed instmsiw.exe package, but if you would like your program to be executed under Windows 2000 as well, read Compatibility topic below.
If you
are using Windows NT, you can take msiexec.exe from the Windows/System32 folder. Copy it to some reserved folder with our project.
If Windows/System32 folder does not contain msiexec.exe, download instmsiw.exe package from Microsoft’s site and unzip it (it is really self-extracted zip archive). Find msiexec.exe in unzipped files.

How to configure Enigma Protector?

Run Enigma Protector and follow the steps below:
1. Go to Input panel, and select the Input and Output files. As you remember, we will protect msiexec.exe file, so select it. Set the output file with the different name.

2. To protect MSI file we will use Virtual Box – Files feature. Go to Virtual Box – Files panel, enable it, and place MSI file in the files tree %default folder%

3. If you try to run msiexec.exe it will show us a message with available parameters. Same will happen if we protect our project on the current step. msiexec.exe has to know what MSI file it should install, i.e. we should pass the name of our MSI file to the command line parameter to msiexec.exe. Enigma Protector has a unique feature that allows to append or overwrite existing command line parameter, we should use it. Go to Miscellaneous – Command Line panel, enable it, check the option “overwrite parameters” and enter command line parameters that will be passed to protected executable. In our cases, command line should be looked so: ” -i ajax.msi”, without quotes. Note, command line should be started with a space symbol.

Now try to protect our project and start the protected msiexec_protected.exe file. Installation will be started automatically.

Please note, since we are using Virtual Box feature for MSI file, we do not require to distribute MSI file together with the protected exe, because protection will emulate it in memory.

Now we can use other protection and licensing features that Enigma Protector allows for our installer. For example, using Registration Feature – Standard Dialog, we can add a dialog that will ask user to enter registration key before installing the application, then lock license and installation to particular PC and other software licensing and software protection features.

Compatibility

1. Virtual Box feature of Enigma Protector is compatible only with Windows NT, it will not work on Windows 9x.
2. There are 2 kind of msiexec.exe file. One is for Windows 9x, it is located in the package instmsia.exe – as I said before, it is not compatible with the Virtual Box. Another one, for Windows NT, located in the package instmsiw.exe – it is the correct file (it can be downloaded from http://www.microsoft.com/download/en/details.aspx?id=11176)
3. As I said before, users who will run protected file on Windows 2000 may get problems due to missed MSI runtime libraries (if instmsiw.exe package is not installed there). http://www.softwareprotection.info/2011/12/software-protection-protecting-msi-files-with-enigma-protector/To make protected file compatible with the Windows 2000, you should add msi runtime libraries to the Virtual Box – Files tree also. Extract files from instmsiw.exe package and add all it’s files (except two .exe files) to %system folder%.

Then edit properties of the following files: msi.dll, msisip.dll, msihnd.dll and set “Register as ActiveX” options for them.