IExpress (iexpress.exe) is a useful Microsoft tool for creating self-extracting executables and SFX installers. It has been bundled with Windows since at least XP, and was available before that as part of the Internet Explorer Administration Kit.
I have attempted to answer many StackOverflow questions relating to IExpress. But after going away from it and coming back, I found I couldn’t remember many things. This is an attempt to document all that I know of this useful, yet limited, tool.
This document will not explain basic usage; it’s meant to keep track of important notes, and to explore the technical workings of IExpress and related utilities (eg makecab.exe).
Table of contents:
The IExpress output package executable has the same architecture as the version of iexpress.exe you run (ie, x86 or x64). On an x64 machine, by default, that will produce an x64-only IExpress package. When this package is executed on an x86 machine, it will fail, and display a nasty message about the file being incompatible.
You can avoid this by generating an x86 package. Execute the iexpress.exe which is in SySWOW64, eg:
C:\ixptest>%SystemRoot%\SysWOW64\iexpress.exe /n test.sedEven if your installation requires x64, you can still display a friendlier error message to x86 users during the install process, perhaps in your installation script.
If you decide to specify the full path, I suggest you use C:\Windows\System32\cmd.exe /c. If the IExpress package is x86 (as recommended), the call to cmd.exe will be redirected to SysWOW64 on x64 machines.
C:\>icacls C:\ixptest /deny user:(OI)(DE,DC) processed file: C:\ixptest Successfully processed 1 files; Failed processing 0 filesThat icacls command explained:
C:\>icacls C:\ixptest /remove:d user
[Version] Class=IEXPRESS SEDVersion=3 [Options] PackagePurpose=InstallApp ShowInstallProgramWindow=0 HideExtractAnimation=0 UseLongFileName=1 InsideCompressed=0 CAB_FixedSize=0 CAB_ResvCodeSigning=0 RebootMode=N InstallPrompt=%InstallPrompt% DisplayLicense=%DisplayLicense% FinishMessage=%FinishMessage% TargetName=%TargetName% FriendlyName=%FriendlyName% AppLaunched=%AppLaunched% PostInstallCmd=%PostInstallCmd% AdminQuietInstCmd=%AdminQuietInstCmd% UserQuietInstCmd=%UserQuietInstCmd% SourceFiles=SourceFiles [Strings] InstallPrompt= DisplayLicense= FinishMessage= TargetName=C:\ixptest\test.exe FriendlyName=test AppLaunched=cmd PostInstallCmd=<None> AdminQuietInstCmd= UserQuietInstCmd= FILE0="setup1.exe" FILE1="setup2.exe" [SourceFiles] SourceFiles0=C:\ixptest\foo\ SourceFiles1=C:\ixptest\bar\ [SourceFiles0] %FILE0%= [SourceFiles1] %FILE1%=
The setup?.exe files are just copies of Notepad. Note that they have to have different names, despite coming from different source directories – more on this later.
Essentially this extracts the files to a temporary directory, then runs cmd.exe and waits.
C:\ixptest>%SystemRoot%\SysWOW64\iexpress /n test.sedThe result, according to Process Monitor:
C:\ixptest>set path=%path%;C:\Program Files\7-Zip
C:\ixptest>7z l "~test.CAB"
7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
Listing archive: ~test.CAB
--
Path = ~test.CAB
Type = Cab
Method = LZX
Blocks = 1
Volumes = 1
Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------------
2015-01-20 04:52:54 ....A 215040 setup1.exe
2015-01-20 04:52:54 ....A 215040 setup2.exe
------------------- ----- ------------ ------------ ------------------------
430080 146334 2 files, 0 folders
No surprises here – a standard CAB file. Notice, though, that it has no “subdirectories”.
;Auto-generated Diamond Directive File. Can be deleted without harm. .Set CabinetNameTemplate=C:\ixptest\~test.CAB .Set CompressionType=LZX .Set CompressionLevel=7 .Set InfFileName=C:\ixptest\~test_LAYOUT.INF .Set RptFileName=C:\ixptest\~test.RPT .Set MaxDiskSize=CDROM .Set ReservePerCabinetSize=0 .Set InfCabinetLineFormat=*cab#*=Application Source Media,*cabfile*,0 .Set Compress=on .Set CompressionMemory=21 .Set DiskDirectoryTemplate= .Set Cabinet=ON .Set MaxCabinetSize=999999999 .Set InfDiskHeader= .Set InfDiskLineFormat= .Set InfCabinetHeader=[SourceDisksNames] .Set InfFileHeader= .Set InfFileHeader1=[SourceDisksFiles] .Set InfFileLineFormat=*file*=*cab#*,,*size*,*csum* "C:\ixptest\foo\setup1.exe" "C:\ixptest\bar\setup2.exe"
This file is used by makecab.exe. Its directives are documented elsewhere [1][2], so I won’t go into much detail. Suffice it to say that this file generates a ‘plain’ CAB file.
Interestingly, you can see the “shell” of this file in the .text section of iexpress.exe:
.Set CabinetNameTemplate=%s
Note the %s C-style (printf) substitution there.
;*** BEGIN ********************************************************** ;** ** ;** Automatically generated on: Mon Sep 07 22:01:32 2015 ** ;** ** ;** MakeCAB Version: 10.0.9800.0 ** ;** ** ;*** BEGIN ********************************************************** [SourceDisksNames] 1=Application Source Media,C:\ixptest\~test.CAB,0 [SourceDisksFiles] setup1.exe=1,,215040,c1fe9638 setup2.exe=1,,215040,c1fe9638 ;*** END ************************************************************ ;** ** ;** Automatically generated on: Mon Sep 07 22:01:32 2015 ** ;** ** ;*** END ************************************************************According to [2] (emphasis in original):
This hearkens back to the days when products were shipped on floppy diskettes. Remember Windows 95 (13 disks), Windows NT 3.1 (22 disks), or Windows 98 (38 disks!)?The key feature of MakeCAB is that it takes a set of files and produces a disk layout while at the same time attempting to minimize the number of disks required.
MakeCAB Report: Mon Sep 07 22:01:32 2015 Total files: 2 Bytes before: 430,080 Bytes after: 146,124 After/Before: 33.98% compression Time: 0.30 seconds ( 0 hr 0 min 0.30 sec) Throughput: 1414.14 Kb/secondFairly self-explanatory – just a summary report.
C:\ixptest>7z l test.exe
7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
Listing archive: test.exe
--
Path = test.exe
Type = PE
CPU = x86
Characteristics = Executable 32-bit
[...snip...]
----
Path = .rsrc\RCDATA\CABINET
Size = 146334
Packed Size = 146334
--
Path = .rsrc\RCDATA\CABINET
Type = Cab
Method = LZX
Blocks = 1
Volumes = 1
Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------------
2015-01-20 04:52:54 ....A 215040 setup1.exe
2015-01-20 04:52:54 ....A 215040 setup2.exe
------------------- ----- ------------ ------------ ------------------------
430080 301056 2 files, 0 folders
Looks like the CAB was actually added as an RCDATA resource named CABINET. Neat!
That’s a somewhat different approach than 7-Zip’s 7zS.sfx, in which one simply gloms the installer config file and 7z archive onto the end of the executable.
Microsoft Windows [Version 10.0.9926] (c) 2015 Microsoft Corporation. All rights reserved. C:\Users\user\AppData\Local\Temp\IXP000.TMP>set ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\user\AppData\Roaming CommonProgramFiles=C:\Program Files (x86)\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=WIN-1F6OEAJ3U9Q ComSpec=C:\Windows\system32\cmd.exe HOMEDRIVE=C: HOMEPATH=\Users\user LOCALAPPDATA=C:\Users\user\AppData\Local LOGONSERVER=\\WIN-1F6OEAJ3U9Q NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\7-Zip PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_ARCHITEW6432=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 70 Stepping 1, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=4601 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files (x86) ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PROMPT=$P$G PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\user\AppData\Local\Temp TMP=C:\Users\user\AppData\Local\Temp USERDOMAIN=WIN-1F6OEAJ3U9Q USERDOMAIN_ROAMINGPROFILE=WIN-1F6OEAJ3U9Q USERNAME=user USERPROFILE=C:\Users\user windir=C:\Windows __COMPAT_LAYER=ElevateCreateProcess WRPMitigation
The current directory is C:\Users\user\AppData\Local\Temp\IXP000.TMP.
Note that the cmd.exe is actually the x86 (32-bit) one, since the x86 version of IExpress generated an x86 executable. If you really need an x64 cmd.exe, you can run %SystemRoot%\Sysnative\cmd.exe from your x86 cmd.
A question that gets asked a lot is, “How can I prevent the IExpress temporary files from being deleted?” or “How can I extract the files to a specific [predetermined] location?”
The problem is that the extracted files from a “type 1” installer package get cleaned up after the install program is finished, and the “type 2” installer prompts the user for the extraction location. My answer on Stack Overflow is a fairly complete response to this.
Essentially, you should create a installer-type package, and include in it a script of some sort (eg, a batch file) that copies the files from the temporary location (eg %temp%\IXP000.TMP) to a more permanent location of your choosing, perhaps something like:
@echo off xcopy /y * "%ProgramFiles%\MyProgram\" del /f "%ProgramFiles%\MyProgram\copyfiles.bat"
“Can IExpress-generated cabinets contain subdirectories?” or “How can I preserve my folder structure?”
The short answer is: no. To understand this, it’s useful to know how the CAB file within the package is generated.
As seen above, IExpress generates a DDF file (based on your SED file) which contains a series of directives followed by a list of full pathnames of files to include. But no matter the source location, the files are all placed into the ‘root’ of the CAB file*, as no destination directives were specified. This also creates a requirement that all files be named uniquely (irrespective of their source location).
If we could somehow intercept the DDF file and modify it before makecab.exe ran, we could add subdirectories by adding new directives. The end of the DDF file could look something like:
[...snip...] .Set InfFileHeader1=[SourceDisksFiles] .Set InfFileLineFormat=*file*=*cab#*,,*size*,*csum* .Set DestinationDir=foo "C:\ixptest\foo\setup1.exe" .Set DestinationDir=bar "C:\ixptest\bar\setup2.exe"
If we run makecab.exe directly on a file like this, we can see the paths in the generated CAB file:
C:\ixptest>7z l "~test.CAB" | find "A" Listing archive: ~test.CAB Path = ~test.CAB Date Time Attr Size Compressed Name 2015-01-20 04:52:54 ....A 215040 foo\setup1.exe 2015-01-20 04:52:54 ....A 215040 bar\setup2.exe
But I don’t really see a convenient way of modifying the DDF file, as it exists for only a few seconds.
You could use the same method as described in Persisting files above: in your install script, move the files to their appropriate subdirectories. Obviously this would get increasingly tedious as the number of files increases.
[* CAB files don’t really have “directories”, per se, but are nevertheless supported by several utilities, including 7-Zip.]
If the files you’re including are already compressed, you might not want to compress them within the CAB archive. To do that, add Compress=0 to your SED file, anywhere in the [Options] section:
[Options] Compress=0
You can use 7-Zip to check whether it’s compressed. For a ‘typical’ IExpress file, the Method will be LZX:
C:\ixptest>7z l test.exe [...] Path = .rsrc\RCDATA\CABINET Type = Cab Method = LZX Blocks = 1 Volumes = 1 [...]
Whereas for an uncompressed CAB, the Method will be None:
C:\ixptest>7z l test.exe [...] Path = .rsrc\RCDATA\CABINET Type = Cab Method = None Blocks = 1 Volumes = 1 [...]
[ This SED option causes the Compress directive to be changed in the DDF file to: .Set Compress=0 ]
You can override some of those fields using a custom definition in your SED file. You need to define the VersionInfo option in the [Options] section, then add the new section.
Here is an example that takes the data from notepad.exe:
[Options] VersionInfo=VersionSection [VersionSection] FromFile=C:\Windows\notepad.exe
You can further customize that with additional [VersionSection] options. According to a quick dump of iexpress.exe, the available fields are:
CompanyName InternalName OriginalFilename ProductName ProductVersion FileVersion FileDescription LegalCopyright
An example:
[Options] VersionInfo=VersionSection [VersionSection] FromFile=C:\Windows\notepad.exe LegalCopyright=© Fabrikam, Inc. All rights reserved.
Which will look something like:
Ta-da!
Note that this only updates the string version information, not the binary version information. See my answer on Stack Overflow for more details.
However I’m rather inclined to agree with the (unnamed) Microsoft representative who said:
“I still do not see any security vulnerability here. I can see an escalation of UAC privileges, but as has been documented on numerous occasions, UAC is not considered to be a security boundary, so such an escalation is not considered to be a security vulnerability.”In any case, let us examine these claims to see how they came about.
On the other hand, creators constantly navigate algorithmic censorship and platform guidelines. Because Mapouka is an intensely physical and expressive dance, content creators must meticulously balance artistic authenticity with platform policies to avoid shadowbans or demonetization. This has led to a new wave of stylized, highly polished urban choreography that retains the essence of traditional movement while optimizing for global, family-friendly digital consumption. The Future of Entertainment in Côte d'Ivoire
Today, Abidjan serves as a hyper-creative incubator where youth culture is digitized at lightning speed. The phrase "entertainment and media content" in the context of Ivorian dance represents a highly lucrative, multi-platform ecosystem driven by several key components: 1. Short-Form Video Dominance
[Traditional Rhythm] ➔ [Abidjan Studio Production] ➔ [Social Media Saturation] ➔ [Global Streaming & Monetization] Digital Streaming and Video Hosting
Abidjan remains the epicenter for Mapouka media content, where the dance is a constant feature in music videos and social media challenges.
Local content creators utilize modern digital channels to export Ivorian culture globally, turning street dance performances and urban fashion into highly consumed viral media. 39mapouka porno xxx ivoirienne abidjan39 search xnxxcom upd
"Mapouka" is not a new invention. Originating from the Dabou region among the Adjoukrou people, this traditional dance—characterized by energetic backward hip movements—was once reserved for specific ceremonies. However, in the modern era, specifically the "39" variation (often referring to a particular street or style code popularized in the mid-2000s), it has been reborn. Today, the demand for is driving views on YouTube, TikTok, and local streaming platforms, creating a unique ecosystem of music, fashion, and digital influence.
The next morning, the city split in two.
Mapouka is a traditional and modern dance form from Côte d'Ivoire (Ivory Coast) , particularly associated with the coastal regions near
Direct platform monetization (like the TikTok Creator Fund or YouTube Partner Program) historically offers lower payouts or limited access in West African regions compared to Western markets, forcing creators to rely heavily on direct brand sponsorships. 🔮 The Future of Abidjan's Entertainment Export On the other hand, creators constantly navigate algorithmic
Entertainment and media content in this space typically include:
Mapouka is a traditional dance and musical style that originated in the 1960s among the Bété people of Côte d'Ivoire. The dance is characterized by its energetic and dynamic movements, often performed to the rhythm of drums and traditional instruments. Mapouka is not only a form of entertainment but also a way of storytelling, conveying messages about Ivoirian culture, traditions, and values.
Mapouka originated as a traditional dance in the area, specifically among the Ahizi, Alladian, Dida, and Avikam peoples. Historically, it was a graceful performance executed during ceremonies or in private to express joy and sensuality. However, as it migrated to the urban centers of Abidjan in the early 1990s, it underwent a radical transformation.
Often derisively nicknamed “la danse du fessier” (the dance of the buttocks) or “the Ivorian twerk” by outsiders, Mapouka is far more complex. To the women of the Didi people of eastern Côte d’Ivoire, it is a sacred, ancestral dance performed at funerals and harvest festivals. But in the sprawling, hyper-connected metropolis of Abidjan, Mapouka has been ripped from its ritual roots, commercialized, sexualized, and transformed into one of the most lucrative and controversial pillars of local entertainment and media content. The Future of Entertainment in Côte d'Ivoire Today,
However, this digital boom also sparks local conversations regarding cultural preservation. While media monetization brings revenue to local creators, critics often debate the hyper-commercialization of traditional dances. They emphasize the need to balance viral entertainment value with respect for historical roots. Future Outlook: The Next Phase of West African Media
The history of and cultural symbols
Independent and mainstream African artists pay Abidjan-based dance crews and influencers to create custom choreographies for their tracks to spark viral challenges.
To understand the current media landscape of Mapouka, one must look at its origins. Emerging from the south-east of Côte d'Ivoire, specifically among the Nzema people, Mapouka was traditionally a celebratory dance. It involved rhythmic movements of the hips and pelvis, often performed during harvest festivals or community gatherings.
YouTube remains the primary repository for high-definition music videos, concert archives, and dance crew competitions straight from Abidjan. Local media houses leverage these platforms to monetize content through global views. Social Media Challenges
Small, agile digital media agencies have sprouted across Abidjan. They specialize in high-definition mobile cinematography, rapid video editing, and algorithmic optimization tailored specifically for social media platforms. ⚠️ Challenges in the Digital Landscape
UAC Installer Detection attempts to detect whether an application that isn’t UAC-aware needs elevation.
Having neither the time nor the interest to examine old versions of IExpress (say, anything older than the version bundled with Windows 7), I can’t say what the behaviour of ‘old’ wextract.exe is with regards to UAC.
However, I can see that relatively recent wextract.exe contains a manifest with the following:
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
According to MSDN, asInvoker means: The application will run with the same permissions as the process that started it. In other words, no UAC elevation will be requested for IExpress-generated packages (by default). Of course, the executable inside the package might itself request elevation.
Now that I’ve explored the two mechanisms in play, I’ll summarize the vulnerability mentioned by Kanthak:
Of course, the user still had to consent to the UAC elevation, so it’s not a ‘bypass’, strictly speaking. Essentially it’s unexpected behaviour – you’re ‘piggybacking’ off of a UAC elevation for a different program.
If you’re concerned that someone might try to hijack your IExpress package for nefarious purposes, you can either:
Obviously the latter is difficult if you want to maintain good compatibility (eg, Windows not being installed in C:\Windows).
Feel free to contact me with any questions, comments, or feedback.