Jump to content

Using AutoIT to call an msi? Major concern


Recommended Posts

I have been wanting to use AutoIT to compile a script which entails running an msi file with administrator rights.

My concern is not so much the script, but the source file.

for example: i create a script that launces 123.msi with administrative credentials to install the 123 program. My question if one was to replace with the 123.msi with a differenent software product and call that 123.msi. Will my script continue to run and install the newly renamed 123.msi file? I dont see any methods or validation checks to prevent this from happening as it is simply a script.

I hope i was clear.

Thanks.

Link to comment
Share on other sites

use FileInstall() so that noone can rename until run.

use FileGet*Size() or something similar to identify file.

Edited by bogQ

TCP server and client - Learning about TCP servers and clients connection
Au3 oIrrlicht - Irrlicht project
Au3impact - Another 3D DLL game engine for autoit. (3impact 3Drad related)



460px-Thief-4-temp-banner.jpg
There are those that believe that the perfect heist lies in the preparation.
Some say that it’s all in the timing, seizing the right opportunity. Others even say it’s the ability to leave no trace behind, be a ghost.

 
Link to comment
Share on other sites

  • Moderators

Hi, turbochugz, welcome to the forum. Is this an issue you've actually run into, or just a "what if" question? I've been repackaging MSIs for a very long time, and cannot recall ever having two different products with the exact same MSI name (different versions of the same product, maybe).

As bogQ mentions above, you can look at the attributes of the MSI file to confirm you're interacting with the one you want, or better yet use FileInstall to include the MSI in your script and remove the possibility of the script installing the wrong product.

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to comment
Share on other sites

sounds like an integrity question. Maybe using MD5sum could be useful to you?

this would ensure that a renamed binary of the same name would not be able to run unless the checksum matched that of the original, which isn't impossible, but it's less probable.

---"Educate the Mind, Make Savage the Body" -Mao Tse Tung

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...