PUBLIC BY DEFAULT — Every line of code, every roadmap item, every issue is on GitHub. View on GitHub →
OSS An open-source endpoint deployment toolkit · A personal project

Reinstall Loops?|
Fix Intune Deployments. In the Open.

pkgprobe traces Windows installers in an isolated VM, extracts working silent args, and generates verified .intunewin packages. Open source. Auditable. Yours to fork.

MIT-licensed CLI · pip install pkgprobe · MSI · EXE · MSIX

Star on GitHub See How It Works or read the docs →
~/pkgprobe — trace Slack-4.38.125.exe replay
$ spinning up isolated VM snapshot... ok launching ProcMon, capturing fs + registry + services... ok executing installer in unattended mode... diffing snapshot... +127 fs / +14 reg / +2 svc silent args: /S /v/qn ALLUSERS=1 verified detection: registry_key · 0.92 high confidence verified_manifest.json written · ready to package
MIT
License
MSI · EXE · MSIX
Installer formats
~10 min
Avg trace time
PyPI
Pip-installable CLI
Why Open Source

Why open source matters for endpoint deployment.

Your packaging tool sees every installer that runs on your fleet. You should be able to see everything about it.

01
Inspect everything
Endpoint teams can audit exactly what pkgprobe does on every installer. No black boxes. Read it, fork it, verify it.
100% of source on GitHub
02
No vendor lock-in
The CLI is self-hostable. Your traces, your manifests, your VMs — all stay on your infrastructure if you want them to.
Runs entirely on-prem
03
Community-driven
Issues become fixes. Edge cases from one engineer's environment harden the tool for everyone. Public roadmap, public PRs.
Roadmap in GitHub Issues
04
Extend and customize
Build integrations, automate workflows, customize pkgprobe to fit your existing approval and packaging pipeline.
Documented Python API
How It Works

From raw installer to deployment-ready in minutes.

pkgprobe runs your Windows installer in an isolated VM, captures every system change with ProcMon, and generates a verified silent install command — with evidence, not guesswork.

Step 01
Trace
Run the installer inside an isolated VM snapshot. pkgprobe captures every file, registry, service, and task operation in real time.
  • VMware-backed isolation
  • ProcMon-level capture
  • Clean snapshot every run
Step 02
Analyze
The diff engine parses the trace and extracts a structured change summary — with confidence-scored detection candidates.
  • Silent arg extraction
  • File + registry footprint
  • Service + task detection
Step 03
Verify
Get a confidence-scored InstallPlan and Verified Manifest. pkgprobe tells you if the package is ready — and exactly why if it isn't.
  • Explicit pass / fail reasons
  • Actionable failure diagnosis
  • Intune eligibility check
What's Inside

What's open in pkgprobe's source.

Not just the code — the way we build it. Roadmap, issues, PRs, and contributor discussions all live in public.

Source code
The full pkgprobe codebase: trace runner, diff engine, verifier, and CLI. MIT-licensed and open to PRs.
github.com/zeph3r/pkgprobe
MIT Python 3.11+
Public roadmap
Every feature request, bug report, and user story lives in GitHub Issues. See what's coming and influence what gets built.
github.com/issues
Tagged Milestone view
PyPI package
Install the CLI from PyPI with a single command. Run traces locally, scripted, or in CI — no UI required.
pypi.org/project/pkgprobe
pip Versioned releases
Self-Hosted by Design

Run pkgprobe on your own infrastructure.

No installer leaves your network. No data leaves your VMs. Self-hosted means self-hosted — across every operating system you deploy to.

On-prem CLI
Run pkgprobe against your own VMware host. Traces, snapshots, and manifests all stay inside your network perimeter.
On-prem deployment
VMware-backed isolation
pkgprobe uses your existing VMware infrastructure for clean, repeatable snapshots — no third-party VM service required.
VMware Workstation + ESXi
Compliance-friendly
For environments with strict data handling — finance, healthcare, government — nothing leaves the network. Ever.
Air-gap compatible
Why Deployments Fail

The failure modes that cost you the most.

Silent flags are just the start. The deployments that hurt your environment most are the ones that fail invisibly, corrupt versions, or loop forever.

Without pkgprobe
Detection says "not installed" → reinstall loop

Detection rule ignores the installed version. Intune keeps redeploying. Users see repeated installs. Helpdesk gets the calls.

Newer version already installed → gets downgraded

Your package runs against a newer version already on disk. The installer downgrades it silently. Dependencies break. No warning.

MSI upgrade fails silently mid-rollout

The upgrade code doesn't match. MSI skips installation without error. Intune marks it successful. Half your fleet is still on the old version.

Script exits 0 — but the install failed

The wrapper script returns success. The actual install hit a prompt, a missing dependency, or a locked file. You find out from users.

With pkgprobe
Version-aware detection

Detection rules include version data extracted from the trace. Intune only redeploys when it actually should — no loops, no noise.

Upgrade-safe install orchestration

pkgprobe detects what's already installed and generates logic to skip, upgrade, or uninstall-first appropriately. No manual version checks.

Uninstall-before-install logic

When an in-place upgrade isn't safe, pkgprobe generates uninstall-first sequences backed by trace evidence — not assumptions.

Exit code handling baked in

Generated scripts validate real installation outcomes — not just process exit codes. If the app isn't there, it's a failure. Full stop.

Everyone Can Contribute

Built by endpoint engineers, for endpoint engineers.

pkgprobe is built by a community of contributors. Whether you're fixing a typo in the docs, hardening an integration, or filing a bug — every contribution moves the tool forward.

Ways to contribute

  • Submit a pull request to fix a bug, harden an edge case, or ship a feature.
  • File an issue when an installer breaks pkgprobe — we want to see it.
  • Improve the docs. Every PR to the README is welcome.
  • Answer questions from other endpoint engineers on Issues and Discussions.
  • Share what you've built. Custom integrations, CI pipelines, packaging workflows.
  • Star the repo. Visibility helps other engineers find the project.
Open on GitHub Contributor Guide
PR #142 · feat: detect MSIX upgrade-code conflicts
+1 "upgrade_safe": true,
+2 "conflict_check": {
+3 "installed_version": "4.38.125",
+4 "strategy": "upgrade"
+5 },
−1 "version_aware": null
// 8 checks passed · ready to merge

Explore pkgprobe.

Three ways to get involved with the project — clone the repo, install the CLI, or join the conversation on GitHub.

Primary
Star on GitHub
Browse the source, fork it, read the docs, or open an issue. The full project lives in public.
View Repo
MIT-licensed · No signup
See it run locally
Install the CLI from PyPI and run a trace against one of your own installers in under 10 minutes.
pip install pkgprobe
Python 3.11+ · Windows host
Join the conversation
Questions, feature ideas, or installers that break the trace? Open an issue or start a discussion on GitHub.
Contact via GitHub
Issues · Discussions
About This Project

A personal open-source project.

pkgprobe is a personal open-source project — a technical portfolio piece and community contribution focused on Windows installer analysis, silent install extraction, and Microsoft endpoint deployment workflows.

It is not operated as a business. The project does not generate revenue, take payment, sell services, or serve commercial customers. There is no paid tier, no enterprise plan, no support contract.

The project exists to document my learning in endpoint engineering, contribute tooling to the Microsoft endpoint management community, and demonstrate practical work in software packaging and deployment automation.

Everything — code, roadmap, issues, discussions — lives in public on GitHub under the MIT license. Anyone is free to clone it, fork it, use it, or contribute to it.

Status
Personal open-source project
License
MIT
Revenue
None
Customers
None
Paid services
None offered
Maintained by
A single contributor, in personal time