Windows installer cannot be found

The Windows Installer service could not be accessed

I’ve had this on and off windows service installer message from time to time, and mostly gotten around it.

 

If you’re tried the usual MVP advice of “sfc ‘/scannow” , the unreg/regserver stuff as well with msiexe.exe, no difference. and so on, read on for MFP advice..

First (or last) check in the registry

 

SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\MsiExecCA32

on my machine points to, ok so first issue…

C:\Windows\syswow64\msiexec.exe

Mine was pointing to an msiexec in the download folder, I believe that’s how I got past it once before.. Anyway that reset and still same error.

 

 

So I did what any normal person would do.. Since I  wanted to try CNC’ing a stencil on my modified CNC that I’d been working on this morning, for a mylar stencil for the layerone badge 2014 prototype and none of the eagle DXF’s would import into the GCODE generator software I was testing, I installed Adobe Illustrator from creative cloud ( since I killed my mac version last night by stupidly installing Mavericks, hint if it gets stuck at A minute remaining, go to the title bar and look at the logging, you’ll see a message repeated ( I left mine for 12 hours showing “less than a minute remaining ) , I forced a reboot and it started doing a fresh setup, put in my normal account, went through all that OSX baloney and it shut off, reboot, made a second account, logged out, logged in, then deleted the second account ( and my normal second account form 10.8 had also disappeared) then it deleted all the registry keys and apps for creative cloud and parallels, so I had to reinstall both those, after making sure I found my original parallels 7 key to use my parallels 8 key that I’d just bought,  then parallels “lost” all my existing VM setups, so I had to reimport all of those and reinstall all my adobe apps and re-regged them. SO ANYWAY

Ahh yes, windows installer.

Illustrator was failing with usual check the logs, and sure enough back to the msi installer logs missing.

I loaded vc_redistx86.exe and traced it, it writes out an installer to a temp path

c:\356d6a546677486af533fa9c7a0e\.\install.exe

That’s the one that actually has the error message generated.

So loaded that into IDA32 via windbg, and it fails here.

cmp     [ebp+VersionInformation.dwMajorVersion], 5
jnz     short loc_CB2675

text:00CB2675 loc_CB2675:                             ; CODE XREF: CMsiWrapper::CheckDarwin(ulong,ulong,ulong)+64j

jbe     short check_darwin

.text:00CB267E call    ?LoadDarwinLibrary@C

check_darwin:

MsiWrapper@@CGPAUHINSTANCE__@@XZ ; CMsiWrapper::LoadDarwinLibrary(void)
.text:00CB2683 mov     ecx, ?g_Logger@@3AAVCLogging@@A ; CLogging & g_Logger
.text:00CB2689 mov     [ebp+hLibModule], eax
.text:00CB268F test    eax, eax
.text:00CB2691 jz      cannot_find_windows_installer

text:00CB279C cannot_find_windows_installer:          ; CODE XREF: CMsiWrapper::CheckDarwin(ulong,ulong,ulong)+92j
.text:00CB279C push    offset aCannotFindWind          ; "Cannot find Windows Installer."
.text:00CB27A1 call    ?LogEvent@CLogging@@QAEXPBG@Z   ; CLogging::LogEvent(ushort const *)

Ok so what does that do ? Ok down the rabbit hole…..

 

HMODULE __cdecl CMsiWrapper::LoadDarwinLibrary()
{

  DWORD cbData; // [sp+4h] [bp-214h]@1
  HKEY hKey; // [sp+8h] [bp-210h]@1
  BYTE Dst[2]; // [sp+Ch] [bp-20Ch]@1
  char v6; // [sp+Eh] [bp-20Ah]@1
  unsigned int v7; // [sp+214h] [bp-4h]@1
  int v8; // [sp+218h] [bp+0h]@1

v7 = (unsigned int)&v8 ^ __security_cookie;
  *(_WORD *)Dst = 0;
  hKey = 0;
  memset(&v6, 0, 0x206u);
  cbData = 520;
  if ( RegOpenKeyExW(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer", 0, 0x20019u, &hKey) )
  {
    v1 = Dst;
    goto LABEL_5;
  }
  v0 = RegQueryValueExW(hKey, L"InstallerLocation", 0, 0, Dst, &cbData);
  RegCloseKey(hKey);
  v1 = Dst;
  if ( v0 )
  {
LABEL_5:
    wcscpy<260>((wchar_t *)v1);
    return LoadLibraryW((LPCWSTR)Dst);
  }
  wcscat_s((wchar_t *)Dst, 0x104u, L"\\msi.dll");
  return LoadLibraryW((LPCWSTR)Dst);
}

}

 

Tracing this it gets into LoadLibrary, but already I see the issue  (well at least the next one)

 

C.:.\.U.s.e.r.s.
\.c.h.a.r.l.i.e.
\.D.o.w.n.l.o.a.
d.s.\.m.s.i…d.
l.l………….

Sigh… (I’d run SysSoop on this first, but a simple FileMon would have likely done it )

So lets check

SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer

Hmm  (I’m actually writing this blog as I do these steps and make the discovery’s.

C:\Windows\system32\ 

That’s odd, HKEY_LOCAL_MACHINE and that path show a different path…

trace into kernel..

kernel32.dll:75741EEE kernel32_RegQueryValueExW:              ; DATA XREF: advapi32.dll:off_75041484o
kernel32.dll:75741EEE push    2Ch
kernel32.dll:75741EF0 push    offset unk_75742000
kernel32.dll:75741EF5 call    sub_757415C0
kernel32.dll:75741EFA xor     esi, esi
kernel32.dll:75741EFC mov     [ebp-24h], esi
kernel32.dll:75741EFF mov     [ebp-30h], esi
kernel32.dll:75741F02 mov     [ebp-2Ch], esi
kernel32.dll:75741F05 call    kernel32_RegKrnGetGlobalState

 

ahh yeah,so WOW64

back to regedit

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer

And there we have it….

InstallerLocation = C:\Users\charlie\Downloads

which on my system should be

C:\Windows\SysWOW64\

ok changing that lets retry….. and yep that worked..

So simple thing would have been to run procmon and see it looking for the wrong string in the registry key for the msi.dll

 

Ok back to installing Illustrator….

 

Hopefully it helps someone to just check these settings

SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer
SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\MsiExecCA32
SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\MsiExecCA64

 

 

sigh ERROR: DF024: Unable to restore file at "C:\Windows\Fonts\ChaparralPro-Bold.otf" from backup at "C:\adobeTemp\backup\adobetmp081529265" Error 5 Access is denied.. Try setting correct permissions etc etc

 

quick flip to

C:\Users\charlie\AppData\Local\Temp\{91CAA566-6E85-4661-887A-89AA3E7AC1F9}

 

run setup-up.exe from illustrator folder instead.. complains about a pending restart. ignoring that…oh you… installs, but does it run under adobe cloud mgmt?

 

quit cloud, reload and yep it works (and my blog writer froze up as I hit this point, but it came back phew..)

now can I export a DXF from eagle without polylines and shapes instead… hmmm , nsl halloween party tonight, or actual hacking…..

 

charliex

Advertisements