Hi,msi passionate and guru.
I didn't always reverse programme based on .inx or .msi.Nowaydays it seemed that windows installer had made some change.The setup.msi would create msi*.dll which contains the serial information,and immediately delete them after check it.And You can log the msi*.dll in filemon,but you can't get it and then disassemble with ida.
So how did you deal with this pb?

why not set a breakpoint on DeleteFile(...) and catch the file before it's deleted?

use Total Commander with msi plugin to extract the DLL.

Old trick used to be to break when the dll is created and HBOOT

Damn sneaky crackers!

Can you explain it detailedly?Thanks in advance.