|
|
19th February 2003, 10:47
|
#1 |
|
Senior Member
Join Date: Feb 2003
Location: outter space
Posts: 139
 |
De-compile NSIS-Uninstaller
Dear folks,
is there a way to decompile an unistaller package built with NSIS? This question has a special background: Yesterday I called the uninstaller of "myDevStudio" which IS a pretty nice tool for building *.nsi, BUT this f***ing little tool killed several systemfiles (e.g. NTDETECT.COM, NTLDR and all the funky *.sys stuff in the root-directory). It told that it did that after pressing the "details" button of the uninstaller...(and voilà, it did) That's not very nice of course, because this took me about 15 minutes to re-establish my system. No, seriously: If this is build in the uninstaller to look, search and delete these files, this tool should be banned (AND I WILL DO THIS, E.G. POSTS IN PUBLIC FORUMS...) and I would like to verify this, or is the uninstaller spread wide open to infect itself by a virus, and showing this under Uninstall "details". So is there a way to check this? Thx Mo |
|
|
|
19th February 2003, 11:54
|
#2 |
|
Major Dude
Join Date: Jun 2002
Location: Swindon, UK
Posts: 559
|
Not really. There are now many posts in this forum about decompiling NSIS installers (this applies to uninstallers too).
NSIS itself won't do what you've reported, those actions will have been performed by NSIS because the script writer asked it to. As for a virus, well I've never heard of anything that targets NSIS installers, and to be honest I'd be suprised if NSIS is high profile enough to attract that kind of attention. As has been said *many* times before on this forum you cannot decompile an NSIS installer unless you have a tool to do so, and that tool does not exist because it would need to be able to understand the binary generated by many different versions of NSIS (which has changed considerably over time) and also would need to be psychic because it would need to potentially also understand NSIS installers that were built from modified NSIS source (it is open source remember). |
|
|
|
|
19th February 2003, 12:08
|
#3 |
|
NSIS MUI Dev
Join Date: Nov 2001
Posts: 3,717
|
Where did you download myDevStudio? From the website of the author?
Looks like a serious issue, you should contact the author. |
|
|
|
|
19th February 2003, 12:15
|
#4 |
|
Senior Member
Join Date: Feb 2003
Location: outter space
Posts: 139
|
So we can point out, that this "feature" MUST be programmed and can't be manipulated elsewhere (e.g. virus, etc.).
That's fine because I don't know if anybody ever had this too. I had it and I am not very pleased about a uninstaller trying to kill my system. (WinXP Pro on NTFS). Maybe somebody has had the same effect? Otherwise be warned! Think we should post this in archive too. "Running myDevStudio-uninstaller can kill your system! (Perhaps this is M$'s fault :-)" Is there anybody who wants to verify this? (I think nobody does) Thx Sunjammer The dam**d URL [http://mydevstudio.cjb.net/] ------[edited] JOST: I downloaded via NSIS.ARCHIVE, I took the link... You think this is a "Versehen" (don't know the english word for that). Really I don't like to contact him... I would like to post it in several forums... :-) (e.g. heise.de, securitytracker.com, etc. think this would be very nice ------ |
|
|
|
|
19th February 2003, 12:18
|
#5 |
|
Major Dude
Join Date: Jun 2002
Location: Swindon, UK
Posts: 559
|
Well like any other program if someone were to hexedit it they might be able to make it do other things, but that can be checked by doing a crc check with a download that the author considers to be virus free. Any random hex editing would likely cause the installer to crash rather than change it's behaviour anyway.
I think you should contact the authors before posting something somewhere else. The official site is at http://www.vvvsoft.com/ds/index.html. It might not be their fault, or it might be an unknown bug, either way the authors should be given a chance to rectify the problem before you flame them (IMO). |
|
|
|
|
19th February 2003, 12:21
|
#6 |
|
Senior Member
Join Date: Feb 2003
Location: outter space
Posts: 139
|
OK, this way you like it....
Think I'm a bit upset now! So now in my way I knew what to do, my little sister wouldn't :-) |
|
|
|
|
19th February 2003, 12:22
|
#7 |
|
Senior Member
Join Date: Feb 2003
Location: outter space
Posts: 139
|
What about: http://mydevstudio.cjb.net/
that's the link from NSIS.ARCHIVE? |
|
|
|
|
19th February 2003, 12:27
|
#8 |
|
Major Dude
Join Date: Jun 2002
Location: Swindon, UK
Posts: 559
|
I presume that's a mirror or something, it has vvvsoft links on it and looks the same as the vvvsoft site. In fact I think it forwards to vvvsoft.com so it's exactly the same page.
|
|
|
|
|
19th February 2003, 12:43
|
#9 |
|
Senior Member
Join Date: Feb 2003
Location: outter space
Posts: 139
|
I wrote a mail to vvvsoft. Let's sit and wait for response. If they ever will respond.
|
|
|
|
|
19th February 2003, 21:42
|
#10 |
|
Senior Member
Join Date: Aug 2000
Posts: 397
|
Have you verified that this occurs on other systems as well? I tend not to blame the author before I'm sure its not a problem on my own system.
|
|
|
|
|
20th February 2003, 08:21
|
#11 |
|
Senior Member
Join Date: Feb 2003
Location: outter space
Posts: 139
|
I think if the installer tells me that it killed these files it's not my systems fault, hmm?
By the way, the author hasn't written back right now... (I'm still waiting!) ;-) Mo |
|
|
|
 |
|
|||||||
«
Previous Thread
|
Next Thread
»
| Thread Tools | Search this Thread |
| Display Modes | |
Hybrid Mode
|
|
Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.