DolphinVM dll ref count not incremented?

Hi,

I have been looking a bit into the dolphin msi and msm install files using
the Orca tool. One thing that caught my attention is that (as far as my
understanding of the msi files is correct) dolphin VM dll is not marked as
shared dll. My suspection is also confirmed by registry edit, while dolphin
3 vm (installed by the old style installer) is present in SharedDll and has
appropriate ref counts, the new version 4 dll is not there.

Davorin Rusevljan

Davorin,

you mention an "Orca tool". What exactly does Orca ?
I looked around on the web, but there are tons of references to
Orca tools (all distinct)...

Ingo

"Davorin Rusevljan" <[hidden email]> schrieb im Newsbeitrag
news:9b3v48$3806$[hidden email]...
> Hi,
>
> I have been looking a bit into the dolphin msi and msm install files using
> the Orca tool. One thing that caught my attention is that (as far as my
> understanding of the msi files is correct) dolphin VM dll is not marked as
> shared dll. My suspection is also confirmed by registry edit, while
dolphin
> 3 vm (installed by the old style installer) is present in SharedDll and
has
> appropriate ref counts, the new version 4 dll is not there.
>
> Davorin Rusevljan
>
>
>

"Ingo Blank" <[hidden email]> wrote in message
news:3ad5863a$0$124$[hidden email]...
> you mention an "Orca tool". What exactly does Orca ?
> I looked around on the web, but there are tons of references to
> Orca tools (all distinct)...

Orca tool is part of Microsoft Wndows Installer SDK which is available for
free download:

http://msdn.microsoft.com/downloads/default.asp?ShowPane=false&URL=/code/sam
ple.asp?url=/msdn-files/027/001/457/msdncompositedoc.xml

In general msi files are in fact one relational database where all
information about install is stored in some 20-30 tables. Orca tool lets you
view those tables, add/delete/modify records, and some other handy
operations.  In theory, one could create msi installation files using only
this tool, and in fact there is a minimalistic example in SDK docs. But in
reality it is gets too complicated without help of some authoring tool. So
main use of orca is for quick look into existing msi files, learning, and
maybe a bit of experimenting.

Davorin Rusevljan

I have forgot one potential use of Orca, which will for shure not be missed
by hackers community: creating trojan installs which act just like original
ones, but with payload attached :(

Anyway, I believe MS intends to add some crypto signing in future versions
in order to solve this problem and/or extract some more money from
developers.

rush

Hello all,

> In general msi files are in fact one relational database where all
> information about install is stored in some 20-30 tables. Orca tool lets
you
> view those tables, add/delete/modify records, and some other handy
> operations.  In theory, one could create msi installation files using only
> this tool, and in fact there is a minimalistic example in SDK docs. But in
> reality it is gets too complicated without help of some authoring tool. So
> main use of orca is for quick look into existing msi files, learning, and
> maybe a bit of experimenting.

To Davorin's excellent summary, I'll add that Orca can be used to create
empty tables (though I encountered various problems with the field sizes not
matching those in existing MS-generated msi files), and can be used to
validate installer databases.  Validation is important, because even a
well-intentioned vendor can (in theory at least) fry your machine with a
badly formed installer database.  The risks are to be exepected, of course,
because you can always fry your own machine with something as "simple" as
regedit.

Have a good one,

Bill

--
Wilhelm K. Schwab, Ph.D.
[hidden email]