Detect compiler used for EXE file

18

5

Is there any way to detect (or to hide) the compiler that was used to build an executable file?

Remus Rigo

Posted 2009-12-08T21:54:09.297

Reputation: 2 623

Answers

12

PEiD is pretty good

PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files.

PEiD is special in some aspects when compared to other identifiers already out there!

  1. It has a superb GUI and the interface is really intuitive and simple.
  2. Detection rates are amongst the best given by any other identifier.
  3. Special scanning modes for advanced detections of modified and unknown files.
  4. Shell integration, Command line support, Always on top and Drag'n'Drop capabilities.
  5. Multiple file and directory scanning with recursion.
  6. Task viewer and controller.
  7. Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
  8. Extra scanning techniques used for even better detections.
  9. Heuristic Scanning options.
  10. New PE details, Imports, Exports and TLS viewers
  11. New built in quick disassembler.
  12. New built in hex viewer.
  13. External signature interface which can be updated by the user.

Sathyajith Bhat

Posted 2009-12-08T21:54:09.297

Reputation: 58 436

If it cannot detect the compiler something like Nothing found [Overlay] * will be shown - which is confusing if you use that tool for the first time. – mbx – 2014-11-17T13:30:06.870

"The site ahead contains harmful programs" - Google Chrome. Here's a better link.

– Ben N – 2016-04-03T15:57:32.470

4"PEiD detects most common [...] compilers for PE files." that's what the readme says - actually it does not tell how to achive that – mbx – 2011-08-18T00:42:49.677

@Sathya Note, the included link is now dead. – DuckMaestro – 2012-12-05T01:06:56.850

@DuckMaestro updated witi an alternative link – Sathyajith Bhat – 2012-12-05T02:58:45.813

8

Try the *nix utility strings. Using strings -a foo.exe should produce a pile of results. Redirect to a file and examine in your favorite editor. You may see either a line that directly implicates a specific compiler, such as Borland C++ - Copyright 2002 Borland Corporation. You might only be able to find lines that imply a specific compiler was used, such as in an include path or whatever.

Strings is also available for windows as part of cygwin, or as part of the microsoft sysinternals package.

DaveParillo

Posted 2009-12-08T21:54:09.297

Reputation: 13 402

It doesn't show me the compiler name only some dll names project – Eduardo Xavier – 2014-03-25T12:57:28.683

3

(Old but okay..)

Language 2000 : http://farrokhi.net/language

hB0

Posted 2009-12-08T21:54:09.297

Reputation: 151

1

Not free, but IDA Pro has a very nice compiler detection. Not it's main function of course, but a nice extra.

Henno

Posted 2009-12-08T21:54:09.297

Reputation: 639

0

If you can find a way to examine the first dozen or so bytes of the EXE file, in a hex dump with corresponding ASCII characters displayed, they will usually indicate the compiler used.

pavium

Posted 2009-12-08T21:54:09.297

Reputation: 5 956

This usually isn't true. The first part of a PE file is the DOS stub which is usually a program that prints something like "This program cannot be run in DOS mode." – lesderid – 2011-10-12T13:11:40.693

1i was wondering if someone or some software can find if the exe was build with a specific compiler edition (Visual Studio 2010 Professional or Enterprise or Express) – Remus Rigo – 2009-12-08T22:35:37.640

-1

You can use "dependency walker" to check what runtime library it links to. MSVCP100 is Microsoft Visual C++ 2010 x86

user509763

Posted 2009-12-08T21:54:09.297

Reputation: 1

Asked: 2009-12-08T21:54:09.297

Viewed: 31 570 times

Active: 2015-11-14T11:51:20.527