Is there any way to detect (or to hide) the compiler that was used to build an executable file?
Add a comment
|
7 Answers
PEiD is pretty good
PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files.
PEiD is special in some aspects when compared to other identifiers already out there!
- It has a superb GUI and the interface is really intuitive and simple.
- Detection rates are amongst the best given by any other identifier.
- Special scanning modes for advanced detections of modified and unknown files.
- Shell integration, Command line support, Always on top and Drag'n'Drop capabilities.
- Multiple file and directory scanning with recursion.
- Task viewer and controller.
- Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
- Extra scanning techniques used for even better detections.
- Heuristic Scanning options.
- New PE details, Imports, Exports and TLS viewers
- New built in quick disassembler.
- New built in hex viewer.
- External signature interface which can be updated by the user.
answered Dec 9, 2009 at 18:12
-
4"PEiD detects most common [...] compilers for PE files." that's what the readme says - actually it does not tell how to achive that– mbxCommented Aug 18, 2011 at 0:42
-
-
-
If it cannot detect the compiler something like Nothing found [Overlay] * will be shown - which is confusing if you use that tool for the first time.– mbxCommented Nov 17, 2014 at 13:30
-
1"The site ahead contains harmful programs" - Google Chrome. Here's a better link.– Ben NCommented Apr 3, 2016 at 15:57
Try the *nix utility strings. Using strings -a foo.exe should produce a pile of results. Redirect to a file and examine in your favorite editor. You may see either a line that directly implicates a specific compiler, such as Borland C++ - Copyright 2002 Borland Corporation. You might only be able to find lines that imply a specific compiler was used, such as in an include path or whatever.
Strings is also available for windows as part of cygwin, or as part of the microsoft sysinternals package.
answered Dec 9, 2009 at 0:55
-
It doesn't show me the compiler name only some dll names project Commented Mar 25, 2014 at 12:57
When this question was asked, PEiD was only a couple of years out of date.
These days, you're probably better off using Detect It Easy: https://github.com/horsicq/DIE-engine/releases or https://horsicq.github.io/#detect-it-easydie
(Old but okay..)
Language 2000 : http://farrokhi.net/language
Not free, but IDA Pro has a very nice compiler detection. Not it's main function of course, but a nice extra.
If you can find a way to examine the first dozen or so bytes of the EXE file, in a hex dump with corresponding ASCII characters displayed, they will usually indicate the compiler used.
-
1i was wondering if someone or some software can find if the exe was build with a specific compiler edition (Visual Studio 2010 Professional or Enterprise or Express) Commented Dec 8, 2009 at 22:35
-
This usually isn't true. The first part of a PE file is the DOS stub which is usually a program that prints something like "This program cannot be run in DOS mode."– lesderidCommented Oct 12, 2011 at 13:11
You can use "dependency walker" to check what runtime library it links to. MSVCP100 is Microsoft Visual C++ 2010 x86
-
linking to MSVC runtime doesn't mean that it's been compiled by MSVC– phuclvCommented Jul 31, 2022 at 3:30