"Paul" wrote in message ...

Can the files be opened with 7-ZIP ?
That's how I take various drivers apart, compare them, and so on.

Not all drivers can be disassembled easily. Some are Installshield,
with encrypted CABs inside. Others, they use a "packer", like UPX,
at the top level, and then 7-ZIP won't open them at all.

So actually being able to guarantee disassembly is pretty difficult.
Too many techniques to obscure them.

On occasion, I use WINE in a Linux virtual machine, to crack
open an installer. With less danger to my running Windows OS.
So that's another forensic technique that works sometimes.
I use that for webcam drivers from Chinese sites, the ones
where you wonder whether they're infected or not.

For dodgy sites, you can also upload the file to virustotal.com
and scan it there. I believe I had one Chinese webcam driver,
that "smelled bad".


Paul

I use Uniextract to unpack installers and other packed files:
http://legroom.net/software/uniextract/
And for Inno packed installers I use this Inno Setup Unpacker method:
http://sourceforge.net/projects/inno.../topic/1122068