From a compiled file, can I see which compiler has been used to generate the file?
Asked
Active
Viewed 2.5k times
37
-
10http://superuser.com/questions/80605/detect-compiler-used-for-exe-file – John Bartholomew Dec 29 '10 at 13:33
-
1What do you mean by a compiled file? An object file or an executable? – kgiannakakis Dec 29 '10 at 13:33
-
@John Bartholomew: care to put this up as an answer? – Christian Severin Dec 29 '10 at 14:37
-
@Christian: Done. I've seen duplicate notices typically posted as comments -- not sure what the convention is when it's a cross-site duplicate. – John Bartholomew Dec 29 '10 at 15:10
5 Answers
10
There's also the good old 'strings' utility. Dumps all ascii-ish looking strings it finds in the binary. Different compilers embed different amounts of information in the binaries they produce, but many will actually include obviously identifying strings.
JustJeff
- 12,640
- 5
- 49
- 63
-
sometimes you can directly get the compiler name and even version number this way, w/the caveat that you need to wade through a lot of other stuff. even if the compiler isn't kind enough to ID itself, you could possibly learn to recognize the strings in the run-time. grep the output from strings for things like gcc to speed things along. – JustJeff Jan 02 '11 at 22:43
5
Many compilers/linkers insert a .comment section in the output file which identifies them. There are also a number of more subtle behaviors you could create compiler fingerprints off of, but I know of no existing tools for this.
If you have the source, the easiest solution would be to try compiling with each compiler in question until you get a binary that matches byte-for-byte (or even closely).
R.. GitHub STOP HELPING ICE
- 208,859
- 35
- 376
- 711
4
In some cases you can run ldd on the binary and find out which standard library it's linked against. For example on Solaris gcc vs Sun CC vs whatever.
For C++ code, you can also dump some of the symbols, find a mangled function name, and then figure out which demangler generates the correct original name.
Mark B
- 95,107
- 10
- 109
- 188
-
Name mangling is not enough to differentiate it, icc will just mangle it like gcc for example. – ismail Dec 29 '10 at 14:24
0
I was answering a quiz in a Blue Team website, and this was a question. I found the solution using a tool called PE Detective, he looks for signatures on the EXE, works really fine
https://www.softpedia.com/get/System/File-Management/PE-Detective.shtml
Yuri Aps
- 929
- 8
- 13