 | |
 Screenshot of IExpress in Windows 10 | |
| Developer(s) | Microsoft |
|---|---|
| Operating system | Windows NT |
| Type | Self-contained installation packages maker |
IExpress, a component of Windows 2000 and later versions of the operating system, is used to create self-extracting packages from a set of files. Such packages can be used to install software.
IExpress (IEXPRESS.EXE) can be used for distributing self-contained installation packages (INF-based setup executables) to multiple local or remote Windows computers. It creates a self-extracting executable (.EXE) or a compressed Cabinet (.CAB) file using either the provided front end interface (IExpress Wizard), or a custom Self Extraction Directive (SED) file. [1] SED files can be modified with any plain text/ASCII editor, like Notepad. All self-extracting files created by IExpress use CAB compression algorithms, are compressed using the Cabinet Maker ( MAKECAB.EXE ) tool, [2] and are extracted using the WExtract ( WEXTRACT.EXE ) tool.
IEXPRESS.EXE is located in the SYSTEM32 folder of both 32 and 64-bit installations of Windows. The front end interface (IExpress Wizard) can be started by manually navigating to the respective directory and opening the executable (IExpress.exe), or by typing IExpress into the Run window of the Start Menu. It can also be used from the command line (Windows Command Prompt or batch file) to create custom installation packages, eventually unattended. (automated operation):
IEXPRESS /N drive_letter:\directory_name\file_name.SED
IExpress Wizard interface guides the user through the process of creating a self-extracting package. It asks what the package should do: extract files and then run a program, or just extract files. It then allows the user to specify a title for the package, add a confirmation prompt, add a license agreement that the end-user must accept in order to allow extraction, select files to be archived, set display options for the progress window, and finally, specify a message to display upon completion.
If the option to create an archive and run a program is selected, then there will be an additional step, prompting the user to select the program that will be run upon extraction.
The self-extracting packages created with IExpress have (inherent) vulnerabilities which allow arbitrary code execution because of the way they handle their installation command and their command line processing. [3] [4] Additionally, because of the way Windows User Account Control handles installers, these vulnerabilities allow a privilege escalation. [5] [6]
More specifically, the vulnerability comes in two versions: the most obvious one is that a /c: switch tells the package to run an arbitrary command in the extracted directory; [6] the other is that the directory is predictable and writable by any ordinary user, so that the usual msiexec.exe command can be replaced by an attack payload. [5] The latter has been fixed by Microsoft in MS14-049, but the former is only addressed by a policy to deprecate IExpress. [6] There is also a DLL hijacking exploit possible with IExpress. [7]
Liberty BASIC (LB) is a commercial computer programming language and integrated development environment (IDE). It has an interpreter, developed in Smalltalk, which recognizes its own dialect of the BASIC programming language. It runs on 16- and 32-bit Windows and OS/2.
In computing, DLL Hell is a term for the complications that arise when one works with dynamic-link libraries (DLLs) used with Microsoft Windows operating systems, particularly legacy 16-bit editions, which all run in a single memory space.
The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces (APIs) available in the Microsoft Windows operating systems. The name Windows API collectively refers to several different platform implementations that are often referred to by their own names. Almost all Windows programs interact with the Windows API. On the Windows NT line of operating systems, a small number use the Native API.
Nullsoft Scriptable Install System (NSIS) is a script-driven installer authoring tool for Microsoft Windows backed by Nullsoft, the creators of Winamp. NSIS is released under a combination of free software licenses, primarily the zlib license. It has become a widely used alternative to commercial proprietary products like InstallShield, with users including Amazon, Dropbox, Google, Ubisoft, FL Studio, BitTorrent, and McAfee.
Cabinet is an archive-file format for Microsoft Windows that supports lossless data compression and embedded digital certificates used for maintaining archive integrity. Cabinet files have .cab filename extensions and are recognized by their first four bytes MSCF. Cabinet files were known originally as Diamond files.
7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as "archives". It is developed by Igor Pavlov and was first released in 1999. 7-Zip has its own archive format called 7z, but can read and write several others.
Windows Installer is a software component and application programming interface (API) of Microsoft Windows used for the installation, maintenance, and removal of software. The installation information, and optionally the files themselves, are packaged in installation packages, loosely relational databases structured as COM Structured Storages and commonly known as "MSI files", from their default filename extensions. The packages with the file extensions mst contain Windows Installer "Transformation Scripts", those with the msm extensions contain "Merge Modules" and the file extension pcp is used for "Patch Creation Properties". Windows Installer contains significant changes from its predecessor, Setup API. New features include a GUI framework and automatic generation of the uninstallation sequence. Windows Installer is positioned as an alternative to stand-alone executable installer frameworks such as older versions of InstallShield and NSIS.
The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces can all use the registry. The registry also allows access to counters for profiling system performance.
The Global Assembly Cache (GAC) is a machine-wide CLI assembly cache for the Common Language Infrastructure (CLI) in Microsoft's .NET Framework. The approach of having a specially controlled central repository addresses the flaws in the shared library concept and helps to avoid pitfalls of other solutions that led to drawbacks like DLL hell.
Dynamic-link library (DLL) is Microsoft's implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems. These libraries usually have the file extension DLL, OCX, or DRV . The file formats for DLLs are the same as for Windows EXE files – that is, Portable Executable (PE) for 32-bit and 64-bit Windows, and New Executable (NE) for 16-bit Windows. As with EXEs, DLLs can contain code, data, and resources, in any combination.
System File Checker (SFC) is a utility in Microsoft Windows that allows users to scan for and restore corrupted Windows system files.
In computing, SUBST is a command on the DOS, IBM OS/2, Microsoft Windows and ReactOS operating systems used for substituting paths on physical and logical drives as virtual drives.
The booting process of Windows NT is the process run to start Windows NT. The process has been changed between releases, with the biggest changes being made with Windows Vista. In versions before Vista, the booting process begins when the BIOS loads the Windows NT bootloader, NTLDR. Starting with Vista, the booting process begins with either the BIOS or UEFI load the Windows Boot Manager, which replaces NTLDR as the bootloader. Next, the bootloader starts the kernel, which starts the session manager, which begins the login process. Once the user is logged in, File Explorer, the graphical user interface used by Windows NT, is started.
In Windows NT operating systems, a Windows service is a computer program that operates in the background. It is similar in concept to a Unix daemon. A Windows service must conform to the interface rules and protocols of the Service Control Manager, the component responsible for managing Windows services. It is the Services and Controller app, services.exe, that launches all the services and manages their actions, such as start, end, etc.
The Microsoft Windows operating system supports a form of shared libraries known as "dynamic-link libraries", which are code libraries that can be used by multiple processes while only one copy is loaded into memory. This article provides an overview of the core libraries that are included with every modern Windows installation, on top of which most Windows applications are built.
INF file is INI plain-text file used by Microsoft Windows-based operating systems for the installation of software and drivers. INF files are most commonly used for installing device drivers for hardware components. Windows includes the IExpress tool for the creation of INF-based installations. INF files form part of the Windows Setup API and of its successor, Windows Installer.
Windows Vista contains a range of new technologies and features that are intended to help network administrators and power users better manage their systems. Notable changes include a complete replacement of both the Windows Setup and the Windows startup processes, completely rewritten deployment mechanisms, new diagnostic and health monitoring tools such as random access memory diagnostic program, support for per-application Remote Desktop sessions, a completely new Task Scheduler, and a range of new Group Policy settings covering many of the features new to Windows Vista. Subsystem for UNIX Applications, which provides a POSIX-compatible environment is also introduced.
Task Scheduler is a job scheduler in Microsoft Windows that launches computer programs or scripts at pre-defined times or after specified time intervals. Microsoft introduced this component in the Microsoft Plus! for Windows 95 as System Agent. Its core component is an eponymous Windows service. The Windows Task Scheduler infrastructure is the basis for the Windows PowerShell scheduled jobs feature introduced with PowerShell v3.
The Windows 9x series of operating systems refers to the kernel which lies at the heart of Windows 9x. Its architecture is monolithic.
The booting process of Windows NT Setup before Vista works very similarly to the one of a regular Windows NT boot except that it runs from a CD-ROM. For this boot method to work, the BIOS must be compatible with the El Torito specification. The ISO 9660 file system on the install CD is not fully compatible with the standard. Although it is "Level 1", the file names don't have the file version appended to them. The boot image is of the "no emulation" type, 1 sector long and is loaded at segment 0x7c0. It can be extracted from an ISO image by using a file-extraction program such as 7-Zip or WinZip. The ISO image is also not hybridized like ISO images from most Linux distributions and therefore it does not contain any master boot record (MBR) which makes it unable to boot by just copying the image over a block device such as a pen drive.
