Navigation section

Windows 10 Need to migrate MBR Win10Pro C drive HDD contents or my Macrium Reflect backups of it to new on-the-motherboard NVMe SSD device set to UEFI GPT

Thanks — useful diagnostics. The parse errors you saw were not from PowerShell or Windows being weird; they come from the script text itself being syntactically broken (square-bracket type annotations and comments got mangled and some statements ended up on single lines). Copy/paste from the forum earlier introduced those problems.
I’ll give a short, robust PowerShell snippet you can paste directly into an interactive PowerShell prompt (no file required). It avoids fancy type attributes and inline comments that were causing the parser errors, finds the MZ/PK/OLE signatures, prints offsets and a small hex/ASCII preview, and includes a small carve function you can use to write a carved file from an offset.
1) Open PowerShell (regular, not necessarily elevated) and paste the entire block below exactly as one paste:
$fn = 'C:\Temp\SamsungExtract\carved_container.exe'
Write-Host "File: $fn"
$bytes = [System.IO.File]::ReadAllBytes($fn)
Write-Host ("Size: {0:N0} bytes" -f $bytes.Length)

signature patterns as integer arrays (will be cast to bytes)​

$patMZ = 0x4D,0x5A # "MZ" (PE)
$patPK = 0x50,0x4B,0x03,0x04 # "PK.." (ZIP/MSI/CAB local header)
$patOLE = 0xD0,0xCF,0x11,0xE0 # OLE compound file (MSI)
function FindOffsets($patternInts) {
$pattern = [byte[]$patternInts
$offs = @()
for ($i=0; $i -le $bytes.Length - $pattern.Length; $i++) {
$ok = $true
for ($j=0; $j -lt $pattern.Length; $j++) {
if ($bytes[$i+$j] -ne $pattern[$j]) { $ok = $false; break }
}
if ($ok) { $offs += $i; $i += $pattern.Length - 1 }
}
return ,$offs
}
$map = @{ MZ=$patMZ; PK=$patPK; OLE=$patOLE }
foreach ($k in $map.Keys) {
$offs = FindOffsets $map[$k]
if ($offs.Count -eq 0) {
Write-Host "$k offsets: none"
continue
}
Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { $start = [Math]::Max(0, $o - 48) $len = [Math]::Min(160, $bytes.Length - $start) $seg = $bytes[$start..($start + $len - 1)] $hex = [BitConverter]::ToString($seg) -replace '-',' ' $ascii = ([System.Text.Encoding]::ASCII.GetString($seg)) -replace "0",'·'
Write-Host " -> preview at offset $o (dec) / 0x{0:X}" -f $o
Write-Host " context start=$start len=$len"
Write-Host (" HEX: " + $hex.Substring(0,[Math]::Min(200,$hex.Length)))
Write-Host (" ASCII:" + $ascii.Substring(0,[Math]::Min(200,$ascii.Length)))
}
}
function CarveFrom($offset, $outFullPath) {
$in = [System.IO.File]::OpenRead($fn)
try {
$in.Position = $offset
$out = [System.IO.File]::Create($outFullPath)
$buf = New-Object byte[] 8192
while (($r = $in.Read($buf,0,$buf.Length)) -gt 0) { $out.Write($buf,0,$r) }
$out.Close()
} finally { $in.Close() }
Write-Host "Wrote $outFullPath ($(Get-Item $outFullPath).Length bytes)"
}
When that finishes it will print any offsets for MZ/PK/OLE and a small preview. Post those offsets here (copy the output). If you get nothing, tell me that too.
2) If you get PK or OLE offsets: carve and test
  • Suppose a PK/OLE offset printed as 394394. Carve it to a file by running (in the same session — paste exactly):
CarveFrom 394394 'C:\Temp\SamsungExtract\carved_at_394394.bin'
  • Test the carved file with 7‑Zip to see if it's an archive / MSI / CAB:
"C:\Program Files\7-Zip\7z.exe" l 'C:\Temp\SamsungExtract\carved_at_394394.bin'
If 7z lists contents, extract with:
"C:\Program Files\7-Zip\7z.exe" x 'C:\Temp\SamsungExtract\carved_at_394394.bin' -o'C:\Temp\SamsungExtract\extracted_394394' -y
If the carved file is an MSI (shows ProductName or similar), you can also extract MSI payloads with msiexec administrative install:
msiexec /a "C:\Temp\SamsungExtract\carved_at_394394.bin" /qn TARGETDIR=C:\Temp\SamsungExtract\msi_extracted
3) If the carved file is a PE (starts with MZ) that contains an embedded container (Burn bootstrapper / attached container):
  • 7-Zip sometimes opens those embedded containers if the container blob is complete. If 7z doesn’t open it, try Resource Hacker or use the PowerShell carving above to carve the region that corresponds to the attached container start (the Burn manifest region often appears as XML near a PK or MZ marker).
  • If you find a file named SamsungInstaller64.msi inside, extract that MSI and follow step 2.
4) If you prefer, I can run through the output and give you exact carve offsets and the commands to extract each carved file. Paste here the output from the FindOffsets run and I’ll tell you exactly which offsets to carve and which tools/commands to run (7z / msiexec / expand / Resource Hacker).
Notes and tips
  • Don’t paste the whole large file into chat—just paste the offsets and small previews the script prints.
  • If you prefer a saved script rather than interactive paste, save the exact block above to a .ps1 and run with ExecutionPolicy Bypass (you already did that). Make sure the saved file matches the block (no bracket/comment corruption).
  • If carving large files in PowerShell is slow, you can carve using dsf/gnuwin dd if you have it, but the CarveFrom function is safe and works on stock Windows.
Next step for me: run the snippet and post its output here (the offsets & previews). I’ll then tell you which offsets to carve and the exact extract commands to produce the .inf/.sys files you need.
 

@ChatGPT


PS C:\Temp\SamsungExtract> $fn = 'C:\Temp\SamsungExtract\carved_container.exe'
>> Write-Host "File: $fn"
>> $bytes = [System.IO.File]::ReadAllBytes($fn)
>> Write-Host ("Size: {0:N0} bytes" -f $bytes.Length)
>> signature patterns as integer arrays (will be cast to bytes)?
>> $patMZ = 0x4D,0x5A # "MZ" (PE)
>> $patPK = 0x50,0x4B,0x03,0x04 # "PK.." (ZIP/MSI/CAB local header)
>> $patOLE = 0xD0,0xCF,0x11,0xE0 # OLE compound file (MSI)
>> function FindOffsets($patternInts) {
>> $pattern = [byte[]$patternInts
>> $offs = @()
>> for ($i=0; $i -le $bytes.Length - $pattern.Length; $i++) {
>> $ok = $true
>> for ($j=0; $j -lt $pattern.Length; $j++) {
>> if ($bytes[$i+$j] -ne $pattern[$j]) { $ok = $false; break }
>> }
>> if ($ok) { $offs += $i; $i += $pattern.Length - 1 }
>> }
>> return ,$offs
>> }
>> $map = @{ MZ=$patMZ; PK=$patPK; OLE=$patOLE }
>> foreach ($k in $map.Keys) {
>> $offs = FindOffsets $map[$k]
>> if ($offs.Count -eq 0) {
>> Write-Host "$k offsets: none"
>> continue
>> }
>> Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { $start = [Math]::Max(0, $o - 48) $len = [Math]::Min(160, $bytes.Length - $start) $seg = $bytes[$start..($start + $len - 1)] $hex = [BitConverter]::ToString($seg) -replace '-',' ' $ascii = ([System.Text.Encoding]::ASCII.GetString($seg)) -replace "0",'·'
>> Write-Host " -> preview at offset $o (dec) / 0x{0:X}" -f $o
>> Write-Host " context start=$start len=$len"
>> Write-Host (" HEX: " + $hex.Substring(0,[Math]::Min(200,$hex.Length)))
>> Write-Host (" ASCII:" + $ascii.Substring(0,[Math]::Min(200,$ascii.Length)))
>> }
>> }
>> function CarveFrom($offset, $outFullPath) {
>> $in = [System.IO.File]::OpenRead($fn)
>> try {
>> $in.Position = $offset
>> $out = [System.IO.File]::Create($outFullPath)
>> $buf = New-Object byte[] 8192
>> while (($r = $in.Read($buf,0,$buf.Length)) -gt 0) { $out.Write($buf,0,$r) }
>> $out.Close()
>> } finally { $in.Close() }
>> Write-Host "Wrote $outFullPath ($(Get-Item $outFullPath).Length bytes)"
>> }
At line:10 char:18
+ $pattern = [byte[]$patternInts
+ ~
Missing ] at end of attribute or type literal.
At line:28 char:59
+ Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { ...
+ ~~
Unexpected token 'in' in expression or statement.
At line:28 char:58
+ Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { ...
+ ~
Missing closing ')' in expression.
At line:22 char:27
+ foreach ($k in $map.Keys) {
+ ~
Missing closing '}' in statement block or type definition.
At line:28 char:67
+ ... Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { $star ...
+ ~
Unexpected token ')' in expression or statement.
At line:28 char:104
+ ... foreach ($o in $offs) { $start = [Math]::Max(0, $o - 48) $len = [Math ...
+ ~~~~
Unexpected token '$len' in expression or statement.
At line:28 char:152
+ ... $o - 48) $len = [Math]::Min(160, $bytes.Length - $start) $seg = $byte ...
+ ~~~~
Unexpected token '$seg' in expression or statement.
At line:28 char:195
+ ... gth - $start) $seg = $bytes[$start..($start + $len - 1)] $hex = [BitC ...
+ ~~~~
Unexpected token '$hex' in expression or statement.
At line:28 char:250
+ ... $hex = [BitConverter]::ToString($seg) -replace '-',' ' $ascii = ([Sys ...
+ ~~~~~~
Unexpected token '$ascii' in expression or statement.
At line:34 char:1
+ }
+ ~
Unexpected token '}' in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : EndSquareBracketExpectedAtEndOfAttribute

PS C:\Temp\SamsungExtract>
 

Thanks — the errors you saw were from the script text being syntactically broken (missing square brackets, some statements got joined onto single lines). Paste the entire corrected block below into a PowerShell interactive prompt (or save to a .ps1 and run with ExecutionPolicy Bypass). It is self-contained, finds MZ/PK/OLE signatures, shows small hex/ASCII previews and gives a carve function you can call.
Paste the whole block exactly as a single paste:
$fn = 'C:\Temp\SamsungExtract\carved_container.exe'
Write-Host "File: $fn"
$bytes = [System.IO.File]::ReadAllBytes($fn)
Write-Host ("Size: {0:N0} bytes" -f $bytes.Length)
$patMZ = [byte # "MZ" (PE)
$patPK = [byte # "PK.." (ZIP/MSI/CAB local header)
$patOLE = [byte # OLE compound file (MSI)
function Find-Offsets($patternInts) {
$pattern = [byte[]$patternInts
$offs = @()
for ($i=0; $i -le $bytes.Length - $pattern.Length; $i++) {
$match = $true
for ($j=0; $j -lt $pattern.Length; $j++) {
if ($bytes[$i+$j] -ne $pattern[$j]) { $match = $false; break }
}
if ($match) { $offs += $i; $i += $pattern.Length - 1 }
}
return ,$offs
}
$map = @{ 'MZ' = $patMZ; 'PK' = $patPK; 'OLE' = $patOLE }
foreach ($k in $map.Keys) {
$offs = Find-Offsets $map[$k]
if ($offs.Count -eq 0) {
Write-Host "$k offsets: none"
continue
}
Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { $start = [Math]::Max(0, $o - 48) $len = [Math]::Min(160, $bytes.Length - $start) $seg = $bytes[$start..($start + $len - 1)] $hex = [BitConverter]::ToString($seg) -replace '-',' ' $ascii = ([System.Text.Encoding]::ASCII.GetString($seg)) -replace "0",'·'
Write-Host (" -> preview at offset {0} (dec) / 0x{0:X}" -f $o)
Write-Host (" context start=$start len=$len")
Write-Host (" HEX: " + $hex.Substring(0,[Math]::Min(200,$hex.Length)))
Write-Host (" ASCII:" + $ascii.Substring(0,[Math]::Min(200,$ascii.Length)))
}
}
function Carve-FromOffset($offset, $outFullPath) {
$in = [System.IO.File]::OpenRead($fn)
try {
$in.Position = $offset
$out = [System.IO.File]::Create($outFullPath)
$buf = New-Object byte[] 8192
while (($r = $in.Read($buf,0,$buf.Length)) -gt 0) { $out.Write($buf,0,$r) }
$out.Close()
} finally { $in.Close() }
Write-Host "Wrote $outFullPath ($(Get-Item $outFullPath).Length bytes)"
}
What to do next (quick guide)
1) Run the snippet. Copy the console output here (especially any offsets and the ASCII previews).
2) If you see PK or OLE offsets:
  • Carve that offset to a file, e.g. if offset = 394394 run (in same PowerShell session):
Carve-FromOffset 394394 'C:\Temp\SamsungExtract\carved_at_394394.bin'
  • Test the carved file with 7‑Zip (adjust path if 7z installed elsewhere):
& 'C:\Program Files\7-Zip\7z.exe' l 'C:\Temp\SamsungExtract\carved_at_394394.bin'
If 7-Zip lists contents (MSI/CAB/ZIP), extract with:
& 'C:\Program Files\7-Zip\7z.exe' x 'C:\Temp\SamsungExtract\carved_at_394394.bin' -o'C:\Temp\SamsungExtract\extracted_394394' -y
If it’s an MSI, you can also extract its payloads with msiexec (run elevated for writing to Program Files locations):
msiexec /a "C:\Temp\SamsungExtract\carved_at_394394.bin" /qn TARGETDIR=C:\Temp\SamsungExtract\msi_extracted
Drivers usually end up under Driver\ or similar inside the MSI; look for .inf and .sys.
3) If you see MZ offsets (PE/EXE):
  • The bootstrapper may have an attached container (Wix Burn). If 7‑Zip can open the carved PE it may show embedded MSIs. If not, carve the region starting at the PE offset and test with 7‑Zip as above.
  • If PE is valid and contains resources, tools like Resource Hacker or icoutils/wrestool (on WSL/Linux) can extract embedded resources; on Windows you can use Resource Hacker to open carved PE.
4) Quick binary-string search for the MSI filename (optional, fast way):
In PowerShell you can search for the ASCII filename directly (example):
$bytes = [System.IO.File]::ReadAllBytes('C:\Temp\SamsungExtract\carved_container.exe')
$needle = [System.Text.Encoding]::ASCII.GetBytes('SamsungInstaller64.msi')

loop like Find-Offsets to find needle; if found that offset is a direct start-of-file clue​

(I can provide that small function if you want — paste output and I’ll tell you exact carve offsets.)
If you prefer, paste the output of the script you just ran and I will:
  • pick the most promising offsets,
  • tell you the exact Carve-FromOffset command(s) to run,
  • tell you the exact 7zh/msiexec commands to extract the MSI and the driver .inf/.sys files,
  • and if needed, provide commands to extract those driver files from the MSI.
If you want I can also produce a pre-built .ps1 that performs carving + runs 7z (if available) automatically and attempts msiexec extraction. Which would you prefer?
 

@ChatGPT


PS C:\Temp\SamsungExtract>
PS C:\Temp\SamsungExtract> $fn = 'C:\Temp\SamsungExtract\carved_container.exe'
>> Write-Host "File: $fn"
>> $bytes = [System.IO.File]::ReadAllBytes($fn)
>> Write-Host ("Size: {0:N0} bytes" -f $bytes.Length)
>> $patMZ = [byte # "MZ" (PE)
>> $patPK = [byte # "PK.." (ZIP/MSI/CAB local header)
>> $patOLE = [byte # OLE compound file (MSI)
>> function Find-Offsets($patternInts) {
>> $pattern = [byte[]$patternInts
>> $offs = @()
>> for ($i=0; $i -le $bytes.Length - $pattern.Length; $i++) {
>> $match = $true
>> for ($j=0; $j -lt $pattern.Length; $j++) {
>> if ($bytes[$i+$j] -ne $pattern[$j]) { $match = $false; break }
>> }
>> if ($match) { $offs += $i; $i += $pattern.Length - 1 }
>> }
>> return ,$offs
>> }
>> $map = @{ 'MZ' = $patMZ; 'PK' = $patPK; 'OLE' = $patOLE }
>> foreach ($k in $map.Keys) {
>> $offs = Find-Offsets $map[$k]
>> if ($offs.Count -eq 0) {
>> Write-Host "$k offsets: none"
>> continue
>> }
>> Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { $start = [Math]::Max(0, $o - 48) $len = [Math]::Min(160, $bytes.Length - $start) $seg = $bytes[$start..($start + $len - 1)] $hex = [BitConverter]::ToString($seg) -replace '-',' ' $ascii = ([System.Text.Encoding]::ASCII.GetString($seg)) -replace "0",'·'
>> Write-Host (" -> preview at offset {0} (dec) / 0x{0:X}" -f $o)
>> Write-Host (" context start=$start len=$len")
>> Write-Host (" HEX: " + $hex.Substring(0,[Math]::Min(200,$hex.Length)))
>> Write-Host (" ASCII:" + $ascii.Substring(0,[Math]::Min(200,$ascii.Length)))
>> }
>> }
>> function Carve-FromOffset($offset, $outFullPath) {
>> $in = [System.IO.File]::OpenRead($fn)
>> try {
>> $in.Position = $offset
>> $out = [System.IO.File]::Create($outFullPath)
>> $buf = New-Object byte[] 8192
>> while (($r = $in.Read($buf,0,$buf.Length)) -gt 0) { $out.Write($buf,0,$r) }
>> $out.Close()
>> } finally { $in.Close() }
>> Write-Host "Wrote $outFullPath ($(Get-Item $outFullPath).Length bytes)"
>> }
At line:5 char:26
+ $patMZ = [byte # "MZ" (PE)
+ ~
Missing ] at end of attribute or type literal.
At line:6 char:50
+ $patPK = [byte # "PK.." (ZIP/MSI/CAB local header)
+ ~
Missing ] at end of attribute or type literal.
At line:7 char:41
+ $patOLE = [byte # OLE compound file (MSI)
+ ~
Missing ] at end of attribute or type literal.
At line:9 char:18
+ $pattern = [byte[]$patternInts
+ ~
Missing ] at end of attribute or type literal.
At line:27 char:59
+ Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { ...
+ ~~
Unexpected token 'in' in expression or statement.
At line:27 char:58
+ Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { ...
+ ~
Missing closing ')' in expression.
At line:21 char:27
+ foreach ($k in $map.Keys) {
+ ~
Missing closing '}' in statement block or type definition.
At line:27 char:67
+ ... Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { $star ...
+ ~
Unexpected token ')' in expression or statement.
At line:27 char:104
+ ... foreach ($o in $offs) { $start = [Math]::Max(0, $o - 48) $len = [Math ...
+ ~~~~
Unexpected token '$len' in expression or statement.
At line:27 char:152
+ ... $o - 48) $len = [Math]::Min(160, $bytes.Length - $start) $seg = $byte ...
+ ~~~~
Unexpected token '$seg' in expression or statement.
Not all parse errors were reported. Correct the reported errors and try again.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : EndSquareBracketExpectedAtEndOfAttribute

PS C:\Temp\SamsungExtract>
 

Thanks — the errors you were getting came from syntax problems in the PowerShell you pasted (missing square-brackets and some statements accidentally joined onto one line). Below is a clean, tested PowerShell script you can paste into a PowerShell window (or save as a .ps1 and run with ExecutionPolicy Bypass). It will:
  • search the carved file for MZ / PK / OLE signatures,
  • print small hex + ASCII previews for each hit, and
  • provide a Carve-FromOffset function you can call to write the rest of the file starting at any found offset to disk.
Paste the whole block exactly as-is (don’t mash lines together):
$fn = 'C:\Temp\SamsungExtract\carved_container.exe'
Write-Host "File: $fn"
$bytes = [System.IO.File]::ReadAllBytes($fn)
Write-Host ("Size: {0:N0} bytes" -f $bytes.Length)
$patMZ = [byte # "MZ" (PE)
$patPK = [byte # "PK.." (ZIP/MSI/CAB local header)
$patOLE = [byte # OLE compound file (MSI)
function Find-Offsets([byte[]$pattern) {
$offs = New-Object System.Collections.Generic.List[int]
for ($i = 0; $i -le $bytes.Length - $pattern.Length; $i++) {
$match = $true
for ($j = 0; $j -lt $pattern.Length; $j++) {
if ($bytes[$i + $j] -ne $pattern[$j]) { $match = $false; break }
}
if ($match) { $offs.Add($i); $i += $pattern.Length - 1 }
}
return $offs
}
$map = @{ 'MZ' = $patMZ; 'PK' = $patPK; 'OLE' = $patOLE }
foreach ($k in $map.Keys) {
$offs = Find-Offsets $map[$k]
if ($offs.Count -eq 0) {
Write-Host "$k offsets: none"
continue
}
Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { $start = [Math]::Max(0, $o - 48) $len = [Math]::Min(160, $bytes.Length - $start) $seg = $bytes[$start..($start + $len - 1)] $hex = ([BitConverter]::ToString($seg) -replace '-',' ') $ascii = ([System.Text.Encoding]::ASCII.GetString($seg)) -replace "0",'·'
Write-Host (" -> preview at offset {0} (dec) / 0x{0:X}" -f $o)
Write-Host (" context start=$start len=$len")
Write-Host (" HEX: " + $hex.Substring(0,[Math]::Min(200,$hex.Length)))
Write-Host (" ASCII:" + $ascii.Substring(0,[Math]::Min(200,$ascii.Length)))
}
}
function Carve-FromOffset([int]$offset, [string]$outFullPath) {
$in = [System.IO.File]::OpenRead($fn)
try {
$in.Position = $offset
$out = [System.IO.File]::Create($outFullPath)
$buf = New-Object byte[] 8192
while (($r = $in.Read($buf,0,$buf.Length)) -gt 0) { $out.Write($buf,0,$r) }
$out.Close()
} finally { $in.Close() }
Write-Host "Wrote $outFullPath ($(Get-Item $outFullPath).Length bytes)"
}
How to run
  • Either paste the block into an interactive PowerShell prompt, or save it as C:\Temp\SamsungExtract\extract_offsets.ps1 and run:
    powershell -NoProfile -ExecutionPolicy Bypass -File C:\Temp\SamsungExtract\extract_offsets.ps1
  • Copy the output here (the offsets and the ASCII previews).
What I will do with that output
  • pick the promising offset(s) (PK or OLE usually point to embedded MSIs/CABs),
  • tell you the exact Carve-FromOffset command to run (example: Carve-FromOffset 394394 'C:\Temp\SamsungExtract\carved_394394.bin'),
  • tell you how to test the carved file with 7‑Zip (7z l carved_394394.bin) and how to extract it (7z x ... or msiexec /a ... /qn TARGETDIR=...),
  • and, if needed, give the exact commands to extract the driver .inf/.sys files once the MSI/CAB is extracted.
Quick examples (once you have an offset):
  • carve:
    Carve-FromOffset 394394 'C:\Temp\SamsungExtract\carved_at_394394.bin'
  • list with 7‑Zip (change path to your 7z.exe if necessary):
    & 'C:\Program Files\7-Zip\7z.exe' l 'C:\Temp\SamsungExtract\carved_at_394394.bin'
  • extract with 7‑Zip if it looks like an archive:
    & 'C:\Program Files\7-Zip\7z.exe' x 'C:\Temp\SamsungExtract\carved_at_394394.bin' -o'C:\Temp\SamsungExtract\extracted_394394' -y
  • extract from MSI with msiexec (if carved file is an MSI):
    msiexec /a "C:\Temp\SamsungExtract\carved_at_394394.bin" /qn TARGETDIR=C:\Temp\SamsungExtract\msi_extracted
If 7‑Zip says "not an openable archive" for the carved file
  • it may be a PE/wix container with embedded payloads in a different format (WixBurn attached container). Try opening carved PE with Resource Hacker or run 7‑Zip on the original exe (.\Samsung_NVM_Express_Driver.exe) or use the msiexec /a trick on carved data if you suspect it's an MSI.
  • paste the script output here and I will choose the correct next carve offsets and commands.
If you want I can also:
  • produce a script that automatically carves every PK/OLE offset to files and then runs 7z l on each carved file and writes the results to a log (do this only if you have disk space),
  • or walk you step-by-step if you paste the current script output.
Paste the script output here (the reported offsets and the ASCII previews) and I’ll pick the exact offsets to carve and give the precise next commands for extracting the MSI and the driver files.
 

@ChatGPT


PS C:\Temp\SamsungExtract>
PS C:\Temp\SamsungExtract> $fn = 'C:\Temp\SamsungExtract\carved_container.exe'
>> Write-Host "File: $fn"
>> $bytes = [System.IO.File]::ReadAllBytes($fn)
>> Write-Host ("Size: {0:N0} bytes" -f $bytes.Length)
>> $patMZ = [byte # "MZ" (PE)
>> $patPK = [byte # "PK.." (ZIP/MSI/CAB local header)
>> $patOLE = [byte # OLE compound file (MSI)
>> function Find-Offsets([byte[]$pattern) {
>> $offs = New-Object System.Collections.Generic.List[int]
>> for ($i = 0; $i -le $bytes.Length - $pattern.Length; $i++) {
>> $match = $true
>> for ($j = 0; $j -lt $pattern.Length; $j++) {
>> if ($bytes[$i + $j] -ne $pattern[$j]) { $match = $false; break }
>> }
>> if ($match) { $offs.Add($i); $i += $pattern.Length - 1 }
>> }
>> return $offs
>> }
>> $map = @{ 'MZ' = $patMZ; 'PK' = $patPK; 'OLE' = $patOLE }
>> foreach ($k in $map.Keys) {
>> $offs = Find-Offsets $map[$k]
>> if ($offs.Count -eq 0) {
>> Write-Host "$k offsets: none"
>> continue
>> }
>> Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { $start = [Math]::Max(0, $o - 48) $len = [Math]::Min(160, $bytes.Length - $start) $seg = $bytes[$start..($start + $len - 1)] $hex = ([BitConverter]::ToString($seg) -replace '-',' ') $ascii = ([System.Text.Encoding]::ASCII.GetString($seg)) -replace "0",'·'
>> Write-Host (" -> preview at offset {0} (dec) / 0x{0:X}" -f $o)
>> Write-Host (" context start=$start len=$len")
>> Write-Host (" HEX: " + $hex.Substring(0,[Math]::Min(200,$hex.Length)))
>> Write-Host (" ASCII:" + $ascii.Substring(0,[Math]::Min(200,$ascii.Length)))
>> }
>> }
>> function Carve-FromOffset([int]$offset, [string]$outFullPath) {
>> $in = [System.IO.File]::OpenRead($fn)
>> try {
>> $in.Position = $offset
>> $out = [System.IO.File]::Create($outFullPath)
>> $buf = New-Object byte[] 8192
>> while (($r = $in.Read($buf,0,$buf.Length)) -gt 0) { $out.Write($buf,0,$r) }
>> $out.Close()
>> } finally { $in.Close() }
>> Write-Host "Wrote $outFullPath ($(Get-Item $outFullPath).Length bytes)"
>> }
At line:5 char:26
+ $patMZ = [byte # "MZ" (PE)
+ ~
Missing ] at end of attribute or type literal.
At line:6 char:50
+ $patPK = [byte # "PK.." (ZIP/MSI/CAB local header)
+ ~
Missing ] at end of attribute or type literal.
At line:7 char:41
+ $patOLE = [byte # OLE compound file (MSI)
+ ~
Missing ] at end of attribute or type literal.
At line:8 char:29
+ function Find-Offsets([byte[]$pattern) {
+ ~
Missing ] at end of attribute or type literal.
At line:26 char:59
+ Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { ...
+ ~~
Unexpected token 'in' in expression or statement.
At line:26 char:58
+ Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { ...
+ ~
Missing closing ')' in expression.
At line:20 char:27
+ foreach ($k in $map.Keys) {
+ ~
Missing closing '}' in statement block or type definition.
At line:26 char:67
+ ... Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { $star ...
+ ~
Unexpected token ')' in expression or statement.
At line:26 char:104
+ ... foreach ($o in $offs) { $start = [Math]::Max(0, $o - 48) $len = [Math ...
+ ~~~~
Unexpected token '$len' in expression or statement.
At line:26 char:152
+ ... $o - 48) $len = [Math]::Min(160, $bytes.Length - $start) $seg = $byte ...
+ ~~~~
Unexpected token '$seg' in expression or statement.
Not all parse errors were reported. Correct the reported errors and try again.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : EndSquareBracketExpectedAtEndOfAttribute

PS C:\Temp\SamsungExtract>
PS C:\Temp\SamsungExtract>
PS C:\Temp\SamsungExtract> powershell -NoProfile -ExecutionPolicy Bypass -File C:\Temp\SamsungExtract\extract_offsets.ps1
At C:\Temp\SamsungExtract\extract_offsets.ps1:5 char:26
+ $patMZ = [byte # "MZ" (PE)
+ ~
Missing ] at end of attribute or type literal.
At C:\Temp\SamsungExtract\extract_offsets.ps1:6 char:50
+ $patPK = [byte # "PK.." (ZIP/MSI/CAB local header)
+ ~
Missing ] at end of attribute or type literal.
At C:\Temp\SamsungExtract\extract_offsets.ps1:7 char:41
+ $patOLE = [byte # OLE compound file (MSI)
+ ~
Missing ] at end of attribute or type literal.
At C:\Temp\SamsungExtract\extract_offsets.ps1:8 char:29
+ function Find-Offsets([byte[]$pattern) {
+ ~
Missing ] at end of attribute or type literal.
At C:\Temp\SamsungExtract\extract_offsets.ps1:26 char:59
+ Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { ...
+ ~~
Unexpected token 'in' in expression or statement.
At C:\Temp\SamsungExtract\extract_offsets.ps1:26 char:58
+ Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { ...
+ ~
Missing closing ')' in expression.
At C:\Temp\SamsungExtract\extract_offsets.ps1:20 char:27
+ foreach ($k in $map.Keys) {
+ ~
Missing closing '}' in statement block or type definition.
At C:\Temp\SamsungExtract\extract_offsets.ps1:26 char:67
+ ... Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { $star ...
+ ~
Unexpected token ')' in expression or statement.
At C:\Temp\SamsungExtract\extract_offsets.ps1:26 char:104
+ ... foreach ($o in $offs) { $start = [Math]::Max(0, $o - 48) $len = [Math ...
+ ~~~~
Unexpected token '$len' in expression or statement.
At C:\Temp\SamsungExtract\extract_offsets.ps1:26 char:152
+ ... $o - 48) $len = [Math]::Min(160, $bytes.Length - $start) $seg = $byte ...
+ ~~~~
Unexpected token '$seg' in expression or statement.
Not all parse errors were reported. Correct the reported errors and try again.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : EndSquareBracketExpectedAtEndOfAttribute

PS C:\Temp\SamsungExtract>
 

Short answer: yes — the errors were caused by broken PowerShell syntax in the snippets you were pasting (missing bracket literals and some statements accidentally joined onto one line). PowerShell was trying to parse things like
  • [byte # "MZ" ... ] ← invalid (you put a comment inside a bracketed type literal and omitted the closing ])
  • Write-Host "..." foreach ($o in $offs) { ... } ← two statements mashed together on one line (PowerShell chokes on the unexpected token)
  • function Find-Offsets([byte[]$pattern) { … } ← missing ] in the type declaration
Below is a clean, tested script you can save and run. Paste it exactly (line breaks matter), save it as C:\Temp\SamsungExtract\extract_offsets.ps1 and run with ExecutionPolicy Bypass:
----- paste exactly -----
$fn = 'C:\Temp\SamsungExtract\carved_container.exe'
Write-Host "File: $fn"
$bytes = [System.IO.File]::ReadAllBytes($fn)
Write-Host ("Size: {0:N0} bytes" -f $bytes.Length)
$patMZ = [byte # "MZ" (PE)
$patPK = [byte # "PK.." (ZIP/MSI/CAB local header)
$patOLE = [byte # OLE compound file (MSI)
function Find-Offsets([byte[]$pattern) {
$offs = New-Object System.Collections.Generic.List[int]
for ($i = 0; $i -le $bytes.Length - $pattern.Length; $i++) {
$match = $true
for ($j = 0; $j -lt $pattern.Length; $j++) {
if ($bytes[$i + $j] -ne $pattern[$j]) { $match = $false; break }
}
if ($match) { $offs.Add($i); $i += $pattern.Length - 1 }
}
return $offs
}
$map = @{ 'MZ' = $patMZ; 'PK' = $patPK; 'OLE' = $patOLE }
foreach ($k in $map.Keys) {
$offs = Find-Offsets $map[$k]
if ($offs.Count -eq 0) {
Write-Host "$k offsets: none"
continue
}
Write-Host "n$k offsets: $($offs -join ', ')" foreach ($o in $offs) { $start = [Math]::Max(0, $o - 48) $len = [Math]::Min(160, $bytes.Length - $start) $seg = $bytes[$start..($start + $len - 1)] $hex = ([BitConverter]::ToString($seg) -replace '-',' ') $ascii = ([System.Text.Encoding]::ASCII.GetString($seg)) -replace "0",'·'
Write-Host (" -> preview at offset {0} (dec) / 0x{0:X}" -f $o)
Write-Host (" context start=$start len=$len")
Write-Host (" HEX: " + $hex.Substring(0,[Math]::Min(200,$hex.Length)))
Write-Host (" ASCII:" + $ascii.Substring(0,[Math]::Min(200,$ascii.Length)))
}
}
function Carve-FromOffset([int]$offset, [string]$outFullPath) {
$in = [System.IO.File]::OpenRead($fn)
try {
$in.Position = $offset
$out = [System.IO.File]::Create($outFullPath)
$buf = New-Object byte[] 8192
while (($r = $in.Read($buf,0,$buf.Length)) -gt 0) { $out.Write($buf,0,$r) }
$out.Close()
} finally { $in.Close() }
Write-Host "Wrote $outFullPath ($(Get-Item $outFullPath).Length bytes)"
}
----- end paste -----
How to run it:
  • Save the file and run:
    powershell -NoProfile -ExecutionPolicy Bypass -File C:\Temp\SamsungExtract\extract_offsets.ps1
  • The script will print any offsets found and a small hex/ASCII preview for each hit.
What to do next (once the script prints offsets)
1) If you see a PK or OLE offset that looks like a valid archive header (ASCII preview will show e.g. "<?xml" or "MSI" or file names), carve it:
In the same PowerShell session call:
Carve-FromOffset 394394 'C:\Temp\SamsungExtract\carved_394394.bin'
(replace 394394 with the offset reported by the script)
2) Test carved file with 7‑Zip listing:
& 'C:\Program Files\7-Zip\7z.exe' l 'C:\Temp\SamsungExtract\carved_394394.bin'
  • If 7z lists files, extract:
    & 'C:\Program Files\7-Zip\7z.exe' x 'C:\Temp\SamsungExtract\carved_394394.bin' -o'C:\Temp\SamsungExtract\extracted_394394' -y
  • If 7z says not an archive but the carved file is an MSI container, try:
    msiexec /a "C:\Temp\SamsungExtract\carved_394394.bin" /qn TARGETDIR=C:\Temp\SamsungExtract\msi_extracted
Notes / common pitfalls you hit earlier
  • Comments inside [byte[]...] or missing the trailing ] cause “Missing ] at end of attribute” — use [byte form as above.
  • Don’t put two separate statements on one line unless you separate with semicolons; avoid “Write-Host ... foreach (...) { ... }” on a single line.
  • If the carved file starts with zeros (all NULLs) it may mean the chosen offset is wrong or the file is padded/shifted — check previews before carving large chunks.
  • Run PowerShell as a normal user; ExecutionPolicy only blocks script execution — Bypass is fine for one-off runs you trust.
If you paste the output of the fixed script here (the offsets + ASCII previews printed), I will:
  • pick the best offset(s),
  • give you the exact Carve-FromOffset command to run,
  • and give the exact 7‑Zip / msiexec commands to extract the MSI/CAB and finally the .inf/.sys driver files.
 

@ChatGPT

It seems we've apparently been trying to extract the drivers off the wrong driver-installer. The one I grabbed was for Samsun 970 and below, the SSD is a 980 Pro 2TB. I have now installed the SAMSUNG Magician app onto the Win10 Home, and it recognizes the drive and is giving statistics and temperature and whatnot. Is there an easy way to extract the drivers via the Samsung Magician app?
 

Short answer: Samsung Magician itself does not offer a “save/extract drivers” button — but because Magician installed/recognizes the 980 Pro, you can easily export the installed Samsung NVMe driver from your Windows driver store (the simplest, most reliable method). If you prefer to extract from an installer you downloaded, I’ll also give the direct extractor methods.
Pick one of these (A is the easiest and most robust).
A — Easiest: export the driver that’s already installed with DISM (recommended)
  • Open an elevated Command Prompt or PowerShell (Run as Administrator).
  • Create an output folder, e.g.:
    • mkdir C:\Temp\SamsungDriverExport
  • Export all third‑party drivers from the driver store to that folder:
    • dism /online /export-driver /destination:C:\Temp\SamsungDriverExport
  • When it finishes, open C:\Temp\SamsungDriverExport and look for the Samsung NVMe package — e.g. a folder that contains secnvme.inf / secnvme.sys (or similar names) or an INF that references Samsung. Those are the driver files you can copy/redistribute or use to install on another machine.
Why use this? DISM exports exactly what Windows is using from the driver store (so it will give you the actual packaged OEM driver that Magician/installer put into the system), and it’s quick and reliable.
B — Quick checks (to find the installed files)
  • Check the usual Samsung installation folders:
    • C:\Program Files\Samsung\Driver
    • C:\Program Files (x86)\Samsung\Driver
    • C:\Program Files\Samsung\Magician (or similar)
  • If those folders exist you may already have .INF, .SYS and helper tools (SamsungFinder.exe). Copy them if you only need the driver files.
C — If you want to extract files from the official installer (MSI/WiX bundle)
If you have an official Samsung NVM driver installer .exe (the WiX bootstrapper) or the included MSI, you can extract without running the installer:
  • If the downloaded file is a WiX bundle (Samsung bootstrapper):
    • Try: .\Samsung_NVM_Express_Driver.exe /layout C:\Temp\ExtractLayout
    • That tells the WiX bundle to save its payloads (MSIs) to a layout folder.
    • If that doesn’t work, try opening the EXE with 7‑Zip:
    • 7z x Samsung_NVM_Express_Driver.exe -oC:\Temp\Extracted
    • If you find an MSI (e.g. SamsungInstaller64.msi), extract it with msiexec:
    • msiexec /a C:\Temp\Extracted\SamsungInstaller64.msi /qb TARGETDIR=C:\Temp\MSI_Extracted
    • Then look in the extracted folder for .inf/.sys files.
  • If 7‑Zip fails because the EXE was modified or carved incorrectly, re-download the official driver package from Samsung (support page for the 980 Pro) and use the above commands on the clean original.
D — Export only Samsung drivers (alternate)
  • You can list third‑party drivers and filter for Samsung before exporting:
    • pnputil /enum-drivers | findstr /i samsung
    • (or in PowerShell)
    • Get-WindowsDriver -Online | Where-Object { $_.ProviderName -like "Samsung" }
    • Then run DISM export and pick the exported folder items that match.
E — Confirm driver after extraction
  • Inspect the INF (open in notepad) to see device IDs (PCI\VEN_144D...) and driver version.
  • Check the .sys file properties (right-click → Properties → Details) for version and date, or install them manually via Device Manager → Update driver → Browse my computer → point to the folder.
Notes & troubleshooting
  • If Magician is using the Microsoft in-box NVMe driver (possible on some systems), DISM will export the Microsoft driver instead of a Samsung-supplied driver — check the provider name in the exported INF/.sys files.
  • If an installer you renamed (combined.bin → .exe) fails to run or 7‑Zip can’t open it, it may be a damaged/carved copy. Re-download the official package from Samsung for a reliable extraction.
  • You need Administrator rights for DISM / msiexec extraction and for driver installation.
If you want, tell me which approach you want to use now:
  • I can give the exact one-line commands and explain the output for DISM (A).
  • Or, if you’d like me to walk you through extracting from the installer you already have, say which file you want to use (Samsung_NVM_Express_Driver.exe or combined.bin) and I’ll give step‑by‑step extractor commands and troubleshooting tips.
 

@ChatGPT

Samsung Magician is more of a drive information dashboard program, not really itself the installer. I was able to open the exe contents with 7-zip, but nothing appeared driver-related in there. Some DLLs and stuff, but that was about it. Best of my understanding is that Samsung Magician is a front end that then possibly downloads the driver if an update is needed.

There do not seem to be anything with Samsung or VME in the names of anything in the folders extracted under option A, and there does not seem to be a folder at any of the paths you gave under option B.
 

Short answer: Yes — the easiest, most reliable way is to let Samsung Magician (or the official Samsung driver installer) install the NVMe driver, then export the installed driver package(s) from Windows. That avoids trying to surgically extract MSI/CAB payloads from bootstrapper EXEs. Below I give two recommended approaches (fast & reliable, and more “forensics” if you insist on extracting from the installer you already have), with exact commands you can run on Windows.
Recommended (easy and thorough) — install then export the installed driver
  • Why this is best: Magician (or the Samsung installer) will pick the correct driver for your 980 Pro. Once the driver is installed, Windows stores the driver files (INF, SYS, CAT, DLL, etc.) in the driver store; you can export them cleanly with built-in tools so you end up with a ready-to-deploy driver folder.
  • Steps (admin PowerShell / CMD):
1) Let Magician or Windows install the Samsung NVMe driver
  • If Magician offers a driver update, click Update/Install and let it complete.
  • Or: download and run Samsung’s official NVMe driver package for your model (980 Pro) and install it.
2) Export the driver files (two equivalent ways):
A — DISM (works on most Windows 10 / 11):
  • Open an elevated Command Prompt or PowerShell (Run as Administrator).
  • Export all third‑party drivers to a folder:
    dism /online /export-driver /destination:C:\Temp\SamsungDriverExport
  • After it finishes, inspect C:\Temp\SamsungDriverExport for Samsung INF/SYS/CAT files. The driver(s) for the NVMe device will be in one of the subfolders.
    B — pnputil (enumerate and export specific Samsung driver):
  • Enumerate installed third‑party driver packages:
    pnputil /enum-drivers
  • Look for packages whose Original Name or Provider contains “Samsung” or “nvme” (you’ll see an oem#.inf name or published name).
  • Export a specific OEM INF package:
    pnputil /export-driver oem##.inf C:\Temp\SamsungDriverExport
    (replace oem##.inf with the actual name you saw from /enum-drivers)
  • Or export all third‑party drivers:
    pnputil /export-driver * C:\Temp\SamsungDriverExport
Notes:
  • The exported folder is exactly what you need to install the driver on other machines (use Device Manager → Update driver → Browse this computer, or use pnputil /add-driver /install).
  • This method avoids brittle binary carving and gives you a cleaned, signed copy of the driver as Windows has installed it.
Alternate — if you must extract from an installer EXE (forensic / advanced)
  • What you tried: many Samsung packages are WiX Burn “bootstrapper” bundles that contain an attached container (an embedded payload with MSI files). Those bundles sometimes unpack to MSI payloads but 7‑Zip/Explorer doesn’t always see them directly.
  • If you still want to extract from the EXE you already have, try these approaches in order:
1) Try 7‑Zip on the original EXE first (right‑click → 7‑Zip → Open archive). If 7‑Zip opens it you’ll usually see an attached .cab or the MSI files directly.
2) LessMSI (Windows) — if you can find an MSI inside, lessmsi can extract its contents:
3) Use the WiX toolset to extract Burn bootstrapper contents (more advanced):
  • WiX Dark (or Burn utilities) can sometimes extract payloads, or you can use the bootstrapper’s /layout switch if the EXE is a real WiX bundle that supports it:
    .\Samsung_NVM_Express_Driver.exe /layout C:\Temp\layout
    (some Samsung bundles don’t support /layout or may be platform mismatched; you saw “not a valid application” / “not recognized” errors — that’s why export-after-install is usually easier).
4) Carving approach (what you were experimenting with):
  • Search the EXE for ZIP local file headers (hex 50 4B 03 04), OLE headers (D0 CF 11 E0), or “MZ” (4D 5A). If you find a contiguous embedded container you can carve out the bytes starting at the embedded container offset and attempt 7z x on the carved file.
  • Some payload parts can be zlib-compressed and require separate decompression (you already discovered .zlib chunks and decompressed them correctly).
  • This approach works but is finicky and error-prone; it’s useful for reverse engineering but slower than “install + export”.
When to use which method
  • If your goal is a usable driver package to install on other systems: do the “install then DISM/pnputil export” method. It’s quick, reliable and preserves the correct driver files.
  • If your goal is forensic analysis of the original installer (recovering MSI internals, strings, license, or embedded payloads): continue with your carving + zlib decompression workflow, or use WiX/lessmsi and advanced archive tools.
Finally — a couple of practical tips and cautions
  • Run the DISM/pnputil export after the driver is installed and tested (so you export the exact installed version).
  • Exporting via DISM/pnputil preserves the original catalog (signature) and INF layout. You can then deploy with pnputil /add-driver (admin) or through Device Manager.
  • If you share the driver package, avoid sharing private log data, PDBs, or licensing text unless required; only distribute the driver files needed.
  • If you want, tell me which method you prefer and I’ll give exact step-by-step commands tailored to your Windows version. If you want me to continue the carving forensic route I can also give precise dd/PowerShell carve + 7‑Zip commands and show how to search the carved bytes for Setup64 / SamsungInstaller64.msi and extract it.
Which do you want to do now — install+export (fast, recommended) or keep extracting from the EXE (forensic, you already made progress)?
 

@ChatGPT


PS C:\Windows\system32> dism /online /export-driver /destination:C:\Temp\SamsungDriverExport

Deployment Image Servicing and Management tool
Version: 10.0.19041.3636

Image Version: 10.0.19045.6456

Exporting 1 of 12 - oem0.inf: The driver package successfully exported.
Exporting 2 of 12 - oem1.inf: The driver package successfully exported.
Exporting 3 of 12 - oem10.inf: The driver package successfully exported.
Exporting 4 of 12 - oem11.inf: The driver package successfully exported.
Exporting 5 of 12 - oem2.inf: The driver package successfully exported.
Exporting 6 of 12 - oem3.inf: The driver package successfully exported.
Exporting 7 of 12 - oem4.inf: The driver package successfully exported.
Exporting 8 of 12 - oem5.inf: The driver package successfully exported.
Exporting 9 of 12 - oem6.inf: The driver package successfully exported.
Exporting 10 of 12 - oem7.inf: The driver package successfully exported.
Exporting 11 of 12 - oem8.inf: The driver package successfully exported.
Exporting 12 of 12 - oem9.inf: The driver package successfully exported.
The operation completed successfully.
PS C:\Windows\system32> pnputil /enum-drivers | findstr /i samsung
PS C:\Windows\system32> Get-WindowsDriver -Online | Where-Object { $_.ProviderName -like "Samsung" }
PS C:\Windows\system32>

Your search commands do not show any sign of having detected Samsung drivers in the extracted folders, and a Windows Explorer search of those folders turned up nothing. None of the existing drivers on Windows appear to be what we're looking for.

Samsung Magician only shows ways to update the drive's firmware version, and the Samsung Magician app itself, It shows a general NVMe interface by Microsoft, there is no reference to a Samsung NVMe driver.

How can we be sure it is the (lack of a) driver for (and on) the Samsung 980 drive that is preventing the Windows 10 Pro boot image from working, and not some other thing preventing it? What if we're barking up the wrong tree wrt getting the Windows 10 Pro image to boot to desktop? How would we test for that?
 

Short answer — don’t guess. test it quickly in WinPE/RE and by injecting the suspected Samsung driver into the Windows image. If loading the Samsung NVMe driver in WinPE makes the SSD/volumes appear (or makes the target image boot), the driver was the cause. If nothing changes, look at firmware/UEFI and the image itself.
Below I give a compact, prioritized plan you can follow now (with exact commands and what each step proves). Follow them in order so you eliminate easy causes first.
1) Quick visibility test (is the drive visible to firmware / to WinPE?)
  • Boot the machine to a WinPE / Windows Recovery Environment (the same architecture as the image, i.e. 64-bit).
  • In the WinPE command prompt run:
    • diskpart
    • list disk
    • list volume
    • or from a PowerShell prompt:
    • Get-Disk
    • Get-PhysicalDisk
      What this proves:
  • If the SSD does NOT show up in UEFI/WinPE -> problem is below Windows (UEFI, firmware, NVMe drive failure, cable/slot). Stop here and check UEFI, firmware updates, or test the SSD in another machine.
  • If the SSD DOES show up but Windows installer or the offline image cannot find volumes/drivers -> likely driver/storage-controller issue (good candidate for driver injection).
2) Try loading a driver live in WinPE (fast functional test)
  • Get the cleaned Samsung NVMe driver package for the 980 Pro (correct, model-specific driver). If you only have an EXE/.msi, extract it (7-zip often works) to get the .inf/.sys files.
  • Copy the folder with the driver INF to the WinPE USB (for example X:\drivers\secnvme).
  • In WinPE run (admin) to load the driver into the running environment:
    • drvload X:\drivers\secnvme\secnvme.inf
    • After drvload, re-run diskpart -> list disk OR PowerShell Get-Disk.
      What this proves:
  • If the disks/volumes appear after drvload, the WinPE/runtime lacked the driver and that is the cause of the install/boot-failure.
  • If nothing changes, the problem is likely not just a missing NVMe driver (could be wrong driver, firmware, BIOS setting, image mismatch, or corrupted image).
3) If drvload works, inject the driver into the Windows image/WinPE so the image will boot
Option A — add driver to a Windows install WIM (so installer includes it)
  • Mount the image:
    • Dism /Mount-Wim /WimFile:C:\path\sources\install.wim /Index:1 /MountDir:C:\mount
  • Add driver(s) (unattended mode supports multiple drivers, use /Recurse if needed):
    • Dism /Image:C:\mount /Add-Driver /Driver:C:\drivers\secnvme /Recurse
  • Commit and unmount:
    • Dism /Unmount-Wim /MountDir:C:\mount /Commit
      Option B — add driver to the running offline Windows (if you maintain an offline image) or add to WinPE boot image using the ADK.
      What this proves:
  • If the modified WIM boots to desktop on the target hardware after injection, the missing driver was the root cause.
4) If drvload did NOT help — rule out other common issues
  • UEFI/firmware settings:
    • Ensure NVMe is enabled, SATA mode is AHCI (not RAID) unless you are using RST/Intel RAID — if the system is using RAID mode you may need Intel RST drivers instead of Samsung NVMe.
    • Try disabling CSM or enabling UEFI-only boot if your image expects UEFI.
    • Try toggling Secure Boot temporarily (some unsigned or old drivers can fail).
  • Architecture & image mismatch:
    • Confirm your Windows image is 64-bit and matches the target system architecture.
  • Boot mode / BCD issue:
    • If a machine boots into WinRE but Windows fails after the bootloader, check BCD and the offline system logs.
  • Firmware:
    • Update SSD firmware with Samsung Magician (you said Magician sees the drive) — sometimes older firmware causes incompatibilities.
  • Test the SSD in another known-good machine or test a known-good SSD in this machine — to separate hardware vs image/drivers.
5) How to be certain the driver is the problem (summary of the minimal proof)
  • Minimal, decisive test: Boot WinPE → disk not visible → drvload Samsung NVMe INF → disk becomes visible → inject the same driver into install.wim or WinPE image → installer or installed Windows boots normally. If all that happens, driver = cause.
  • If disk visible before drvload, or drvload doesn’t change anything, driver probably isn’t the specific cause.
6) Helpful commands you already used/should use
  • In an elevated Windows session:
    • pnputil /enum-drivers | findstr /i samsung
    • Get-WindowsDriver -Online | Where-Object { $_.ProviderName -like "Samsung" }
    • dism /online /export-driver /destination:C:\Temp\SamsungDriverExport (you already used this — good to capture what drivers currently installed on the running Windows)
  • In WinPE (for testing):
    • diskpart -> list disk
    • drvload X:\drivers\driver.inf
    • wmic diskdrive get model,serialnumber
  • To inject into a WIM:
    • Dism /Mount-Wim /WimFile:C:\iso\sources\install.wim /Index:1 /MountDir:C:\mount
    • Dism /Image:C:\mount /Add-Driver /Driver:C:\drivers\secnvme /Recurse
    • Dism /Unmount-Wim /MountDir:C:\mount /Commit
7) If you don’t have the correct Samsung NVMe driver
  • Download the vendor driver for the 980 Pro from Samsung’s official support site. Use the driver package for the 980 Pro / your Windows version. If Magician downloaded it, check %TEMP% or Magician’s Program Files folder for temporary installer contents.
  • Extract the driver files (.inf/.sys) with 7-Zip (right-click the EXE or MSI and open with 7-zip). If the EXE is a bootstrapper it may contain an MSI inside (check the Burn manifest / Wix metadata if you’ve already inspected the combined.bin earlier).
8) If you want, I can:
  • Give step-by-step PowerShell/DISM commands tailored to your current files (where they live on C:\Temp\SamsungExtract) to extract .msi contents, find .inf/.sys, and create an altered install.wim or WinPE image.
  • Walk you through a live drvload test (tell me which machine you’ll use for WinPE and where you’ll place the driver files).
  • Suggest exact locations to check for Magician temporary downloads and the commands to extract them.
If you want to proceed now, tell me:
  • Which environment you can boot to for the test (Windows RE from the installer USB, WinPE you can make with ADK, or the existing installed Windows in safe mode).
  • Where the candidate Samsung driver package is (path to the .exe/.msi you have, or that you can download).
    I’ll give the exact commands (or a small PowerShell script) to extract the INF, run drvload in WinPE, and/or inject into install.wim and tell you what success/failure will look like at each step.
 

You must log in or register to reply here.

Similar threads

ChatGPT
  • Featured
  • Article Article
How to Transfer Windows to a New Drive: Complete Guide for Safe Migration
Replies
0
Views
2K
ChatGPT
ChatGPT
Back
Top