Best utility for extracting exe files? Reshack or Zip Genius?

Discussion in 'Computer Support' started by hmmm@hmmm.org, Aug 13, 2007.

  1. Guest

    , Aug 13, 2007
    #1
    1. Advertising

  2. thanatoid Guest

    wrote in
    news:D:

    > Is Resource Hacker the best?
    >
    > http://www.angusj.com/resourcehacker/


    RH (I know a program called Resource Tuner and I assume they do
    the same thing) does not "extract" exe's, it allows you to
    change embedded icons, some window text, etc.

    > I'm looking to see what files comprise the compacted exe
    > file before I install it. I'm surprised that 7-zip, Izarc
    > and Extractnow don't do this.


    Some exe files are practically zip files to begin with and a
    good file manager (like Total Commander) or I would imagine any
    good compression program (I use WinRAR) can extract the, Others
    you have to install. Use InControl or similar if you want to see
    what happens to your system during the process.

    > Zip Genius appears to accomplish the task. How is the
    > program?
    >
    > http://www.zipgenius.it/eng/?page_id=3


    Why don't you test it and tell us?



    --
    "This is not nuclear. This is just a test."
    - illyria
    thanatoid, Aug 13, 2007
    #2
    1. Advertising

  3. Guest

    wrote:

    >I'm looking to see what files comprise the compacted exe file before I
    >install it. I'm surprised that 7-zip, Izarc and Extractnow don't do this.


    Click on the program to install it, stop at the first info screen.

    Goto your TEMP directory (that you just cleared out) you will find the
    program all extracted and ready to install, just search thru the
    files. - stop the installation no harm done.

    FWIW I have my temp directory at C:\Temp lot less digging.
    --
    Hubble Pans Across Heavens to Harvest 50,000 Evolving Galaxies
    http://hubblesite.org/newscenter/archive/releases/2007/06/image/e/warn/
    , Aug 13, 2007
    #3
  4. Bear Bottoms Guest

    On Mon, 13 Aug 2007 12:17:37 -0500, <> wrote:

    > Is Resource Hacker the best?
    >
    > http://www.angusj.com/resourcehacker/
    >
    > I'm looking to see what files comprise the compacted exe file before I
    > install it. I'm surprised that 7-zip, Izarc and Extractnow don't do
    > this.
    >
    >
    > Zip Genius appears to accomplish the task. How is the program?
    >
    > http://www.zipgenius.it/eng/?page_id=3


    IMO it is an excellent program and the one I decided to list on my
    site...above all of the others.

    --
    Bear Bottoms
    Freeware website http://bearbottoms1.com
    ACF freeware: http://freeware.wikia.com/wiki/Main_Page
    Bear Bottoms, Aug 13, 2007
    #4
  5. Vanguard Guest

    "hmmm" wrote in message
    news:D...
    > Is Resource Hacker the best?
    >
    > http://www. angusj. com/ resourcehacker/
    >
    > I'm looking to see what files comprise the compacted exe file before
    > I
    > install it. I'm surprised that 7-zip, Izarc and Extractnow don't do
    > this.
    >
    >
    > Zip Genius appears to accomplish the task. How is the program?
    >
    > http://www. zipgenius. it / eng / ? page_id=3



    You won't tell what files created after running an .exe. Seeing what
    files are in a .zip file, even one wrapped with the self-extract .exe
    code, only shows you the files needed to do the INSTALL. It shows you
    nothing about what files actually get CREATED by the install.

    Use VMWare Server, VPC, ShadowSurfer, or Windows SteadyState to see
    what gets installed (provided you have a tool to log the current state
    and then show you the difference after the install).
    Vanguard, Aug 13, 2007
    #5
  6. none Guest

    "Vanguard" <> wrote in
    news::

    > "hmmm" wrote in message
    > news:D...
    >> Is Resource Hacker the best?
    >>
    >> http://www. angusj. com/ resourcehacker/
    >>
    >> I'm looking to see what files comprise the compacted exe file before
    >> I
    >> install it. I'm surprised that 7-zip, Izarc and Extractnow don't do
    >> this.
    >>
    >>
    >> Zip Genius appears to accomplish the task. How is the program?
    >>
    >> http://www. zipgenius. it / eng / ? page_id=3

    >
    >
    > You won't tell what files created after running an .exe. Seeing what
    > files are in a .zip file, even one wrapped with the self-extract .exe
    > code, only shows you the files needed to do the INSTALL. It shows you
    > nothing about what files actually get CREATED by the install.
    >
    > Use VMWare Server, VPC, ShadowSurfer, or Windows SteadyState to see
    > what gets installed (provided you have a tool to log the current state
    > and then show you the difference after the install).
    >



    Thanks for the info. You refreshed my memory and I recall that even the
    filenames that are extracted are shortened versions of what is actually
    installed.

    What is the best tool that will create a snapshot (filename, version #,
    date and time created) of all the OS files, and then do a compare for
    changes afterward. I know Nirsoft.net has something similar, but that's
    just for dll files.
    none, Aug 14, 2007
    #6
  7. Guest

    , Aug 14, 2007
    #7
  8. Vanguard Guest

    "none" wrote in message
    news:...
    >
    > "Vanguard" wrote:
    >>
    >> "hmmm" wrote ...
    >>>
    >>> I'm looking to see what files comprise the compacted exe file
    >>> before
    >>> I install it.

    >>
    >> You won't tell what files created after running an .exe. Seeing
    >> what
    >> files are in a .zip file, even one wrapped with the self-extract
    >> .exe
    >> code, only shows you the files needed to do the INSTALL. It shows
    >> you
    >> nothing about what files actually get CREATED by the install.
    >>
    >> Use VMWare Server, VPC, ShadowSurfer, or Windows SteadyState to see
    >> what gets installed (provided you have a tool to log the current
    >> state
    >> and then show you the difference after the install).

    >
    > Thanks for the info. You refreshed my memory and I recall that even
    > the
    > filenames that are extracted are shortened versions of what is
    > actually
    > installed.
    >
    > What is the best tool that will create a snapshot (filename, version
    > #,
    > date and time created) of all the OS files, and then do a compare
    > for
    > changes afterward. I know Nirsoft.net has something similar, but
    > that's
    > just for dll files.


    The install program can create files, it can use the included files
    along with other data to construct the *new* files created during the
    install, or it can modify a file after extraction, even an .exe. Some
    but not all files in the .zip file may end up in the installation.
    Some files are not in the .zip file and are created or modified.

    I use an old program called InstallWatch from epsilonSquared.com to
    track changes to my system from an install. You take a snapshot
    before, do the install, and then analyze the current state (after
    install) against the snapshot. I don't bother loading it to use its
    auto-detect mechanism to track installs. I just manually do a
    snapshot, install, and do the analyze afterward. There might be
    better programs around but this usually fits my need. This one hasn't
    been updated in several years. ZSoft's Uninstaller is newer (more
    recently updated) but its recorded log of system changes for analyzing
    an install is much harder to read than the tree hierarchy shown in
    InstallWatch. I just tried ZSoft Uninstaller in a VM using VMWare
    Server and didn't care for it, plus I don't want an alternative
    uninstaller.
    Vanguard, Aug 14, 2007
    #8
  9. Dustin Cook Guest

    "Vanguard" <> wrote in
    news::

    > "none" wrote in message
    > news:...
    >>
    >> "Vanguard" wrote:
    >>>
    >>> "hmmm" wrote ...
    >>>>
    >>>> I'm looking to see what files comprise the compacted exe file
    >>>> before
    >>>> I install it.
    >>>
    >>> You won't tell what files created after running an .exe. Seeing
    >>> what
    >>> files are in a .zip file, even one wrapped with the self-extract
    >>> .exe
    >>> code, only shows you the files needed to do the INSTALL. It shows
    >>> you
    >>> nothing about what files actually get CREATED by the install.
    >>>
    >>> Use VMWare Server, VPC, ShadowSurfer, or Windows SteadyState to see
    >>> what gets installed (provided you have a tool to log the current
    >>> state
    >>> and then show you the difference after the install).

    >>
    >> Thanks for the info. You refreshed my memory and I recall that even
    >> the
    >> filenames that are extracted are shortened versions of what is
    >> actually
    >> installed.
    >>
    >> What is the best tool that will create a snapshot (filename, version
    >> #,
    >> date and time created) of all the OS files, and then do a compare
    >> for
    >> changes afterward. I know Nirsoft.net has something similar, but
    >> that's
    >> just for dll files.

    >
    > The install program can create files, it can use the included files
    > along with other data to construct the *new* files created during the
    > install, or it can modify a file after extraction, even an .exe. Some
    > but not all files in the .zip file may end up in the installation.
    > Some files are not in the .zip file and are created or modified.
    >
    > I use an old program called InstallWatch from epsilonSquared.com to
    > track changes to my system from an install. You take a snapshot
    > before, do the install, and then analyze the current state (after
    > install) against the snapshot. I don't bother loading it to use its
    > auto-detect mechanism to track installs. I just manually do a
    > snapshot, install, and do the analyze afterward. There might be
    > better programs around but this usually fits my need. This one hasn't
    > been updated in several years. ZSoft's Uninstaller is newer (more
    > recently updated) but its recorded log of system changes for analyzing
    > an install is much harder to read than the tree hierarchy shown in
    > InstallWatch. I just tried ZSoft Uninstaller in a VM using VMWare
    > Server and didn't care for it, plus I don't want an alternative
    > uninstaller.
    >
    >


    Have you tried Sandboxie?

    I find it's an invaluable tool for analyzing software.


    --
    Dustin Cook
    Author of BugHunter - MalWare Removal Tool - v2.2c
    email: vethis
    web..: http://bughunter.it-mate.co.uk
    Pad..: http://bughunter.it-mate.co.uk/pad.xml
    Dustin Cook, Aug 15, 2007
    #9
  10. Vanguard Guest

    "Dustin Cook" <> wrote in
    message news:Xns998CE424F858CHHI2948AJD832@69.28.186.121...
    > "Vanguard" <> wrote in
    > news::
    >
    >> "none" wrote in message
    >> news:...
    >>>
    >>> "Vanguard" wrote:
    >>>>
    >>>> "hmmm" wrote ...
    >>>>>
    >>>>> I'm looking to see what files comprise the compacted exe file
    >>>>> before
    >>>>> I install it.
    >>>>
    >>>> You won't tell what files created after running an .exe. Seeing
    >>>> what
    >>>> files are in a .zip file, even one wrapped with the self-extract
    >>>> .exe
    >>>> code, only shows you the files needed to do the INSTALL. It
    >>>> shows
    >>>> you
    >>>> nothing about what files actually get CREATED by the install.
    >>>>
    >>>> Use VMWare Server, VPC, ShadowSurfer, or Windows SteadyState to
    >>>> see
    >>>> what gets installed (provided you have a tool to log the current
    >>>> state
    >>>> and then show you the difference after the install).
    >>>
    >>> Thanks for the info. You refreshed my memory and I recall that
    >>> even
    >>> the
    >>> filenames that are extracted are shortened versions of what is
    >>> actually
    >>> installed.
    >>>
    >>> What is the best tool that will create a snapshot (filename,
    >>> version
    >>> #,
    >>> date and time created) of all the OS files, and then do a compare
    >>> for
    >>> changes afterward. I know Nirsoft.net has something similar, but
    >>> that's
    >>> just for dll files.

    >>
    >> The install program can create files, it can use the included files
    >> along with other data to construct the *new* files created during
    >> the
    >> install, or it can modify a file after extraction, even an .exe.
    >> Some
    >> but not all files in the .zip file may end up in the installation.
    >> Some files are not in the .zip file and are created or modified.
    >>
    >> I use an old program called InstallWatch from epsilonSquared.com to
    >> track changes to my system from an install. You take a snapshot
    >> before, do the install, and then analyze the current state (after
    >> install) against the snapshot. I don't bother loading it to use
    >> its
    >> auto-detect mechanism to track installs. I just manually do a
    >> snapshot, install, and do the analyze afterward. There might be
    >> better programs around but this usually fits my need. This one
    >> hasn't
    >> been updated in several years. ZSoft's Uninstaller is newer (more
    >> recently updated) but its recorded log of system changes for
    >> analyzing
    >> an install is much harder to read than the tree hierarchy shown in
    >> InstallWatch. I just tried ZSoft Uninstaller in a VM using VMWare
    >> Server and didn't care for it, plus I don't want an alternative
    >> uninstaller.
    >>
    >>

    >
    > Have you tried Sandboxie?
    >
    > I find it's an invaluable tool for analyzing software.



    Yep, got Sandboxie. However, I find virtual machines more reliable
    and secure for testing installations of unknown software. Neither
    Sandboxies or VMWare will tell you what got changed by an installtion.
    You only get the option to undo whatever changes were made (by getting
    rid of the VM).
    Vanguard, Aug 15, 2007
    #10
  11. Dustin Cook Guest

    "Vanguard" <> wrote in news:UaCdnRjy-
    :

    > "Dustin Cook" <> wrote in
    > message news:Xns998CE424F858CHHI2948AJD832@69.28.186.121...
    >> "Vanguard" <> wrote in
    >> news::
    >>
    >>> "none" wrote in message
    >>> news:...
    >>>>
    >>>> "Vanguard" wrote:
    >>>>>
    >>>>> "hmmm" wrote ...
    >>>>>>
    >>>>>> I'm looking to see what files comprise the compacted exe file
    >>>>>> before
    >>>>>> I install it.
    >>>>>
    >>>>> You won't tell what files created after running an .exe. Seeing
    >>>>> what
    >>>>> files are in a .zip file, even one wrapped with the self-extract
    >>>>> .exe
    >>>>> code, only shows you the files needed to do the INSTALL. It
    >>>>> shows
    >>>>> you
    >>>>> nothing about what files actually get CREATED by the install.
    >>>>>
    >>>>> Use VMWare Server, VPC, ShadowSurfer, or Windows SteadyState to
    >>>>> see
    >>>>> what gets installed (provided you have a tool to log the current
    >>>>> state
    >>>>> and then show you the difference after the install).
    >>>>
    >>>> Thanks for the info. You refreshed my memory and I recall that
    >>>> even
    >>>> the
    >>>> filenames that are extracted are shortened versions of what is
    >>>> actually
    >>>> installed.
    >>>>
    >>>> What is the best tool that will create a snapshot (filename,
    >>>> version
    >>>> #,
    >>>> date and time created) of all the OS files, and then do a compare
    >>>> for
    >>>> changes afterward. I know Nirsoft.net has something similar, but
    >>>> that's
    >>>> just for dll files.
    >>>
    >>> The install program can create files, it can use the included files
    >>> along with other data to construct the *new* files created during
    >>> the
    >>> install, or it can modify a file after extraction, even an .exe.
    >>> Some
    >>> but not all files in the .zip file may end up in the installation.
    >>> Some files are not in the .zip file and are created or modified.
    >>>
    >>> I use an old program called InstallWatch from epsilonSquared.com to
    >>> track changes to my system from an install. You take a snapshot
    >>> before, do the install, and then analyze the current state (after
    >>> install) against the snapshot. I don't bother loading it to use
    >>> its
    >>> auto-detect mechanism to track installs. I just manually do a
    >>> snapshot, install, and do the analyze afterward. There might be
    >>> better programs around but this usually fits my need. This one
    >>> hasn't
    >>> been updated in several years. ZSoft's Uninstaller is newer (more
    >>> recently updated) but its recorded log of system changes for
    >>> analyzing
    >>> an install is much harder to read than the tree hierarchy shown in
    >>> InstallWatch. I just tried ZSoft Uninstaller in a VM using VMWare
    >>> Server and didn't care for it, plus I don't want an alternative
    >>> uninstaller.
    >>>
    >>>

    >>
    >> Have you tried Sandboxie?
    >>
    >> I find it's an invaluable tool for analyzing software.

    >
    >
    > Yep, got Sandboxie. However, I find virtual machines more reliable
    > and secure for testing installations of unknown software. Neither
    > Sandboxies or VMWare will tell you what got changed by an installtion.


    Actually, Sandboxie will leave every single file created/modified by the
    installation as well as a copy of the modified registry hive. All of this
    information is available in the sandbox when you terminate the processes.

    I'm confused as to why you don't think this would give you the
    information on what was changed then?

    > You only get the option to undo whatever changes were made (by getting
    > rid of the VM).


    Are we talking about the same thing here? Sandboxie doesn't allow changes
    to remain, so there is no undoing them.


    --
    Dustin Cook
    Author of BugHunter - MalWare Removal Tool - v2.2c
    email: vethis
    web..: http://bughunter.it-mate.co.uk
    Pad..: http://bughunter.it-mate.co.uk/pad.xml
    Dustin Cook, Aug 15, 2007
    #11
  12. Vanguard Guest

    "Dustin Cook" <> wrote in
    message news:Xns998D801488A3CHHI2948AJD832@69.28.186.121...
    > "Vanguard" <> wrote in news:UaCdnRjy-
    > :
    >
    >> "Dustin Cook" <> wrote in
    >> message news:Xns998CE424F858CHHI2948AJD832@69.28.186.121...
    >>> "Vanguard" <> wrote in
    >>> news::
    >>>
    >>>> "none" wrote in message
    >>>> news:...
    >>>>>
    >>>>> "Vanguard" wrote:
    >>>>>>
    >>>>>> "hmmm" wrote ...
    >>>>>>>
    >>>>>>> I'm looking to see what files comprise the compacted exe file
    >>>>>>> before
    >>>>>>> I install it.
    >>>>>>
    >>>>>> You won't tell what files created after running an .exe.
    >>>>>> Seeing
    >>>>>> what
    >>>>>> files are in a .zip file, even one wrapped with the
    >>>>>> self-extract
    >>>>>> .exe
    >>>>>> code, only shows you the files needed to do the INSTALL. It
    >>>>>> shows
    >>>>>> you
    >>>>>> nothing about what files actually get CREATED by the install.
    >>>>>>
    >>>>>> Use VMWare Server, VPC, ShadowSurfer, or Windows SteadyState to
    >>>>>> see
    >>>>>> what gets installed (provided you have a tool to log the
    >>>>>> current
    >>>>>> state
    >>>>>> and then show you the difference after the install).
    >>>>>
    >>>>> Thanks for the info. You refreshed my memory and I recall that
    >>>>> even
    >>>>> the
    >>>>> filenames that are extracted are shortened versions of what is
    >>>>> actually
    >>>>> installed.
    >>>>>
    >>>>> What is the best tool that will create a snapshot (filename,
    >>>>> version
    >>>>> #,
    >>>>> date and time created) of all the OS files, and then do a
    >>>>> compare
    >>>>> for
    >>>>> changes afterward. I know Nirsoft.net has something similar,
    >>>>> but
    >>>>> that's
    >>>>> just for dll files.
    >>>>
    >>>> The install program can create files, it can use the included
    >>>> files
    >>>> along with other data to construct the *new* files created during
    >>>> the
    >>>> install, or it can modify a file after extraction, even an .exe.
    >>>> Some
    >>>> but not all files in the .zip file may end up in the
    >>>> installation.
    >>>> Some files are not in the .zip file and are created or modified.
    >>>>
    >>>> I use an old program called InstallWatch from epsilonSquared.com
    >>>> to
    >>>> track changes to my system from an install. You take a snapshot
    >>>> before, do the install, and then analyze the current state (after
    >>>> install) against the snapshot. I don't bother loading it to use
    >>>> its
    >>>> auto-detect mechanism to track installs. I just manually do a
    >>>> snapshot, install, and do the analyze afterward. There might be
    >>>> better programs around but this usually fits my need. This one
    >>>> hasn't
    >>>> been updated in several years. ZSoft's Uninstaller is newer
    >>>> (more
    >>>> recently updated) but its recorded log of system changes for
    >>>> analyzing
    >>>> an install is much harder to read than the tree hierarchy shown
    >>>> in
    >>>> InstallWatch. I just tried ZSoft Uninstaller in a VM using
    >>>> VMWare
    >>>> Server and didn't care for it, plus I don't want an alternative
    >>>> uninstaller.
    >>>>
    >>>>
    >>>
    >>> Have you tried Sandboxie?
    >>>
    >>> I find it's an invaluable tool for analyzing software.

    >>
    >>
    >> Yep, got Sandboxie. However, I find virtual machines more reliable
    >> and secure for testing installations of unknown software. Neither
    >> Sandboxies or VMWare will tell you what got changed by an
    >> installtion.

    >
    > Actually, Sandboxie will leave every single file created/modified by
    > the
    > installation as well as a copy of the modified registry hive. All of
    > this
    > information is available in the sandbox when you terminate the
    > processes.
    >
    > I'm confused as to why you don't think this would give you the
    > information on what was changed then?


    I don't see any tracking information. I can explore the sandbox but
    that shows me its current state, not what changes were made to get
    there. As a test, I reconfigured Sandboxie to *not* automatically
    perform cleanup on exit of the VM. I then opened IE in a sandbox,
    deleted the TIF files, and changed the home page URL for the browser.
    When I try to look at the contents of the sandbox, I'm told it is
    empty but I explore anyway to find subfolders for the apps (for IE and
    OE, I run them in their own sandbox by using the "/box:<name>"
    command-line parameter). I go under those subfolders but there is no
    logs showing changes (and the registry files are unreadable). What I
    get to see is the state of the sandbox, not what changes were made to
    get there.

    So just where to I find a log of changes from the initial state of the
    sandbox to record all changes made thus far to get to its current
    state?

    >> You only get the option to undo whatever changes were made (by
    >> getting
    >> rid of the VM).

    >
    > Are we talking about the same thing here? Sandboxie doesn't allow
    > changes
    > to remain, so there is no undoing them.


    Exactly. As I said, you exit the VM and whatever changes were made
    (in the VM) are lost.
    Vanguard, Aug 15, 2007
    #12
  13. Dustin Cook Guest

    "Vanguard" <> wrote in
    news::

    > "Dustin Cook" <> wrote in
    > message news:Xns998D801488A3CHHI2948AJD832@69.28.186.121...
    >> "Vanguard" <> wrote in news:UaCdnRjy-
    >> :
    >>
    >>> "Dustin Cook" <> wrote in
    >>> message news:Xns998CE424F858CHHI2948AJD832@69.28.186.121...
    >>>> "Vanguard" <> wrote in
    >>>> news::
    >>>>
    >>>>> "none" wrote in message
    >>>>> news:...
    >>>>>>
    >>>>>> "Vanguard" wrote:
    >>>>>>>
    >>>>>>> "hmmm" wrote ...
    >>>>>>>>
    >>>>>>>> I'm looking to see what files comprise the compacted exe file
    >>>>>>>> before
    >>>>>>>> I install it.
    >>>>>>>
    >>>>>>> You won't tell what files created after running an .exe.
    >>>>>>> Seeing
    >>>>>>> what
    >>>>>>> files are in a .zip file, even one wrapped with the
    >>>>>>> self-extract
    >>>>>>> .exe
    >>>>>>> code, only shows you the files needed to do the INSTALL. It
    >>>>>>> shows
    >>>>>>> you
    >>>>>>> nothing about what files actually get CREATED by the install.
    >>>>>>>
    >>>>>>> Use VMWare Server, VPC, ShadowSurfer, or Windows SteadyState to
    >>>>>>> see
    >>>>>>> what gets installed (provided you have a tool to log the
    >>>>>>> current
    >>>>>>> state
    >>>>>>> and then show you the difference after the install).
    >>>>>>
    >>>>>> Thanks for the info. You refreshed my memory and I recall that
    >>>>>> even
    >>>>>> the
    >>>>>> filenames that are extracted are shortened versions of what is
    >>>>>> actually
    >>>>>> installed.
    >>>>>>
    >>>>>> What is the best tool that will create a snapshot (filename,
    >>>>>> version
    >>>>>> #,
    >>>>>> date and time created) of all the OS files, and then do a
    >>>>>> compare
    >>>>>> for
    >>>>>> changes afterward. I know Nirsoft.net has something similar,
    >>>>>> but
    >>>>>> that's
    >>>>>> just for dll files.
    >>>>>
    >>>>> The install program can create files, it can use the included
    >>>>> files
    >>>>> along with other data to construct the *new* files created during
    >>>>> the
    >>>>> install, or it can modify a file after extraction, even an .exe.
    >>>>> Some
    >>>>> but not all files in the .zip file may end up in the
    >>>>> installation.
    >>>>> Some files are not in the .zip file and are created or modified.
    >>>>>
    >>>>> I use an old program called InstallWatch from epsilonSquared.com
    >>>>> to
    >>>>> track changes to my system from an install. You take a snapshot
    >>>>> before, do the install, and then analyze the current state (after
    >>>>> install) against the snapshot. I don't bother loading it to use
    >>>>> its
    >>>>> auto-detect mechanism to track installs. I just manually do a
    >>>>> snapshot, install, and do the analyze afterward. There might be
    >>>>> better programs around but this usually fits my need. This one
    >>>>> hasn't
    >>>>> been updated in several years. ZSoft's Uninstaller is newer
    >>>>> (more
    >>>>> recently updated) but its recorded log of system changes for
    >>>>> analyzing
    >>>>> an install is much harder to read than the tree hierarchy shown
    >>>>> in
    >>>>> InstallWatch. I just tried ZSoft Uninstaller in a VM using
    >>>>> VMWare
    >>>>> Server and didn't care for it, plus I don't want an alternative
    >>>>> uninstaller.
    >>>>>
    >>>>>
    >>>>
    >>>> Have you tried Sandboxie?
    >>>>
    >>>> I find it's an invaluable tool for analyzing software.
    >>>
    >>>
    >>> Yep, got Sandboxie. However, I find virtual machines more reliable
    >>> and secure for testing installations of unknown software. Neither
    >>> Sandboxies or VMWare will tell you what got changed by an
    >>> installtion.

    >>
    >> Actually, Sandboxie will leave every single file created/modified by
    >> the
    >> installation as well as a copy of the modified registry hive. All of
    >> this
    >> information is available in the sandbox when you terminate the
    >> processes.
    >>
    >> I'm confused as to why you don't think this would give you the
    >> information on what was changed then?

    >
    > I don't see any tracking information. I can explore the sandbox but
    > that shows me its current state, not what changes were made to get


    If you compare the files inside the sandbox with the real counterparts,
    outside the sandbox, you have your changes list. :)

    > there. As a test, I reconfigured Sandboxie to *not* automatically
    > perform cleanup on exit of the VM. I then opened IE in a sandbox,
    > deleted the TIF files, and changed the home page URL for the browser.
    > When I try to look at the contents of the sandbox, I'm told it is
    > empty but I explore anyway to find subfolders for the apps (for IE and



    Of course it has, temporary internet files n such.


    > OE, I run them in their own sandbox by using the "/box:<name>"
    > command-line parameter). I go under those subfolders but there is no
    > logs showing changes (and the registry files are unreadable). What I
    > get to see is the state of the sandbox, not what changes were made to
    > get there.


    Those registry files are hardly unreadable. You can mount/open them using
    regedit. It's a real copy of the registry with any/all
    modifications/additions made since the execution of the sandboxed
    program.

    > So just where to I find a log of changes from the initial state of the
    > sandbox to record all changes made thus far to get to its current
    > state?


    The registry provides the keys/information on what's been changed since
    execution of the program. You can view it, using regedit as it's a
    registry hive file. You will find all files it's either created or
    modified since installation, and you can compare them with the originals
    located in the real folders.

    Everything you ask and more is available to you via sandboxie. Your
    failure to understand what your doing with the provided information
    doesn't change that. :)

    > Exactly. As I said, you exit the VM and whatever changes were made
    > (in the VM) are lost.


    Not lost, no. preserved if you like, in the sandbox. Ready for your
    analysis. Provided your competent enough to perform one.


    --
    Dustin Cook
    Author of BugHunter - MalWare Removal Tool - v2.2c
    email: vethis
    web..: http://bughunter.it-mate.co.uk
    Pad..: http://bughunter.it-mate.co.uk/pad.xml
    Dustin Cook, Aug 16, 2007
    #13
  14. Vanguard Guest

    "Dustin Cook" wrote in message
    news:Xns998EA87D63A2CHHI2948AJD832@69.28.186.121...
    > "Vanguard" wrote:
    >
    >> "Dustin Cook" <> wrote in
    >>>>> Have you tried Sandboxie?
    >>>>>
    >>>>> I find it's an invaluable tool for analyzing software.
    >>>>
    >>>>
    >>>> Neither Sandboxie or VMWare will tell you what got changed by an
    >>>> installtion.
    >>>
    >>> Actually, Sandboxie will leave every single file created/modified
    >>> by
    >>> the
    >>> installation as well as a copy of the modified registry hive. All
    >>> of
    >>> this
    >>> information is available in the sandbox when you terminate the
    >>> processes.
    >>>
    >>> I'm confused as to why you don't think this would give you the
    >>> information on what was changed then?

    >>
    >> I don't see any tracking information. I can explore the sandbox
    >> but
    >> that shows me its current state, not what changes were made to get

    >
    > If you compare the files inside the sandbox with the real
    > counterparts,
    > outside the sandbox, you have your changes list. :)


    Yes, that can be done manually. I don't relish having to do a manual
    directory compare to find files that are missing (deleted), new
    (created), or modified even when using something like windiff.

    The sandbox does not provide a *log* of deletions, creations, and
    modifications. I would have to go hunting for them by doing all those
    manual compares you speak of. Then I would have to save my own log of
    all these changes so that I could later refer to that saved log if I
    needed to later investigate on what changes were made without having
    to go through the entire process again. I would have to repeat the
    manual exercise of doing all those file and registry comparisons for
    each "snapshot" at which I wanted to analyze what happened to get to
    that state. If I sandboxed or used a VM to monitor an install, I
    snapshot before the install (because the VM is not in the same state
    as the real host), after the install, after running the program, and
    after uninstalling the program. That's 4 snapshots minimum, and 4
    times I would have to do all that manual comparing along with manual
    logging of what I found. While I could manually log all those
    changes, having to then compare between, say, the pre-install state to
    the after first-run state (to see what the program changed) or
    pre-install state to the after-UNinstall state (to see what garbage
    gets left behind) is still more manual effort to generate logs of
    those differences.

    > Those registry files are hardly unreadable. You can mount/open them
    > using
    > regedit. It's a real copy of the registry with any/all
    > modifications/additions made since the execution of the sandboxed
    > program.


    When I attempt to open the RegHive file (outside the sandbox), a
    message pops up saying that contents of this file will get "added" to
    my current registry. The popup is unclear if this means a separate
    hive load will occur or if it is like importing a .reg file that would
    merge its contents into my registry. Instead I open regedit and then
    use the File -> Load Hive function. So now I get to see those
    registry entries. The user has to be careful how to look at RegHive.

    Thanks for that tip about using regedit. I didn't know what the
    RegHive file was for since the help for Sandboxie is not searchable
    (its a web site rather than a local help file with search capability).
    Of course, we're back to performing a manual comparison and with no
    logging.

    > Everything you ask and more is available to you via sandboxie. Your
    > failure to understand what your doing with the provided information
    > doesn't change that. :)


    Available is not the same as easy (or fast). I've seen plenty of
    programmers that think a workaround is a reasonable solution.
    Workarounds are not substitutes for ease-of-use features.
    InstallWatch or several of the uninstall tools that take snapshots and
    provide the comparisons between them along with logging is certainly
    easier than manually digging around to generate the same info and also
    log it.

    If I didn't have a dishwasher, yes, then I would have to do the dishes
    by hand. So washing was "available". But I do have a dishwasher so I
    use it to facilitate accomplishing the same task. I use InstallWatch
    or other tools to tell me the differences between one, or more,
    snapshots so that I don't have to manually perform the "available"
    methods (plus I get logging rather than doing it through "available"
    manual means).

    However, thanks for the info regarding how Sandboxie retains info on
    the *current* state of its sandbox. I've only begun using Sandboxie a
    little while ago and haven't had time to dig down into it, but then
    most of my trialing and snapshot logging has been done using VMWare
    even though Sandboxie was installed at the time. It's a pity the help
    is on a web site rather than in a searchable help file. A lot of time
    can be wasted trying to dig around through web or wiki pages trying to
    find a topic only to find it isn't discussed or you merely missed
    finding it.
    Vanguard, Aug 17, 2007
    #14
  15. Dustin Cook Guest

    "Vanguard" <> wrote in
    news::

    > "Dustin Cook" wrote in message
    > news:Xns998EA87D63A2CHHI2948AJD832@69.28.186.121...
    >> "Vanguard" wrote:
    >>
    >>> "Dustin Cook" <> wrote in
    >>>>>> Have you tried Sandboxie?
    >>>>>>
    >>>>>> I find it's an invaluable tool for analyzing software.
    >>>>>
    >>>>>
    >>>>> Neither Sandboxie or VMWare will tell you what got changed by an
    >>>>> installtion.
    >>>>
    >>>> Actually, Sandboxie will leave every single file created/modified
    >>>> by
    >>>> the
    >>>> installation as well as a copy of the modified registry hive. All
    >>>> of
    >>>> this
    >>>> information is available in the sandbox when you terminate the
    >>>> processes.
    >>>>
    >>>> I'm confused as to why you don't think this would give you the
    >>>> information on what was changed then?
    >>>
    >>> I don't see any tracking information. I can explore the sandbox
    >>> but
    >>> that shows me its current state, not what changes were made to get

    >>
    >> If you compare the files inside the sandbox with the real
    >> counterparts,
    >> outside the sandbox, you have your changes list. :)

    >
    > Yes, that can be done manually. I don't relish having to do a manual
    > directory compare to find files that are missing (deleted), new
    > (created), or modified even when using something like windiff.
    >
    > The sandbox does not provide a *log* of deletions, creations, and
    > modifications. I would have to go hunting for them by doing all those
    > manual compares you speak of. Then I would have to save my own log of
    > all these changes so that I could later refer to that saved log if I
    > needed to later investigate on what changes were made without having
    > to go through the entire process again. I would have to repeat the
    > manual exercise of doing all those file and registry comparisons for
    > each "snapshot" at which I wanted to analyze what happened to get to
    > that state. If I sandboxed or used a VM to monitor an install, I
    > snapshot before the install (because the VM is not in the same state
    > as the real host), after the install, after running the program, and
    > after uninstalling the program. That's 4 snapshots minimum, and 4
    > times I would have to do all that manual comparing along with manual
    > logging of what I found. While I could manually log all those
    > changes, having to then compare between, say, the pre-install state to
    > the after first-run state (to see what the program changed) or
    > pre-install state to the after-UNinstall state (to see what garbage
    > gets left behind) is still more manual effort to generate logs of
    > those differences.
    >
    >> Those registry files are hardly unreadable. You can mount/open them
    >> using
    >> regedit. It's a real copy of the registry with any/all
    >> modifications/additions made since the execution of the sandboxed
    >> program.

    >
    > When I attempt to open the RegHive file (outside the sandbox), a
    > message pops up saying that contents of this file will get "added" to
    > my current registry. The popup is unclear if this means a separate
    > hive load will occur or if it is like importing a .reg file that would
    > merge its contents into my registry. Instead I open regedit and then
    > use the File -> Load Hive function. So now I get to see those
    > registry entries. The user has to be careful how to look at RegHive.
    >
    > Thanks for that tip about using regedit. I didn't know what the
    > RegHive file was for since the help for Sandboxie is not searchable
    > (its a web site rather than a local help file with search capability).
    > Of course, we're back to performing a manual comparison and with no
    > logging.
    >
    >> Everything you ask and more is available to you via sandboxie. Your
    >> failure to understand what your doing with the provided information
    >> doesn't change that. :)



    > Available is not the same as easy (or fast). I've seen plenty of
    > programmers that think a workaround is a reasonable solution.
    > Workarounds are not substitutes for ease-of-use features.


    LOL! I guess I had that one coming. :)


    > InstallWatch or several of the uninstall tools that take snapshots and
    > provide the comparisons between them along with logging is certainly
    > easier than manually digging around to generate the same info and also
    > log it.
    >
    > If I didn't have a dishwasher, yes, then I would have to do the dishes
    > by hand. So washing was "available". But I do have a dishwasher so I
    > use it to facilitate accomplishing the same task. I use InstallWatch
    > or other tools to tell me the differences between one, or more,
    > snapshots so that I don't have to manually perform the "available"
    > methods (plus I get logging rather than doing it through "available"
    > manual means).
    >
    > However, thanks for the info regarding how Sandboxie retains info on
    > the *current* state of its sandbox. I've only begun using Sandboxie a


    Your welcome. My apologies if I seemed short in my previous post.
    I've been having fun with sandboxie for awhile now. It's handy, but
    agreed, you do have to do a bit of manual work for the information you
    want.



    --
    Dustin Cook
    Author of BugHunter - MalWare Removal Tool - v2.2c
    email: vethis
    web..: http://bughunter.it-mate.co.uk
    Pad..: http://bughunter.it-mate.co.uk/pad.xml
    Dustin Cook, Aug 18, 2007
    #15
  16. Vanguard Guest

    "Dustin Cook" wrote in message
    news:Xns99906E29C1677HHI2948AJD832@69.28.186.121...
    >
    > Your welcome. My apologies if I seemed short in my previous post.
    > I've been having fun with sandboxie for awhile now. It's handy, but
    > agreed, you do have to do a bit of manual work for the information
    > you
    > want.



    If I came off as being an expert on SandBoxie in my first post(s),
    sorry. I'm just trying to figure it out now. Don't have the time
    right to dig into it. Busy learning more Perl, SQL, and Exchange.
    Vanguard, Aug 18, 2007
    #16
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. moorsky
    Replies:
    1
    Views:
    1,250
    Harrison
    Dec 22, 2003
  2. Bing

    Self Extracting Zip File Question

    Bing, Jun 17, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    786
  3. Replies:
    4
    Views:
    797
    Plato
    Jun 26, 2006
  4. Giuen
    Replies:
    0
    Views:
    864
    Giuen
    Sep 12, 2008
  5. Nicknac

    Self Extracting ZIP Destination folder

    Nicknac, Aug 12, 2011, in forum: Computer Support
    Replies:
    0
    Views:
    923
    Nicknac
    Aug 12, 2011
Loading...

Share This Page