Monday, April 25, 2011

Can you find out which compiler was used to compile a program?

Given an executable that is compiled from C to run on Solaris, is it possible to determine which compiler was used to compile the associated incomplete executable?

I can't see anything when using either the strings or the file command, and magic doesn't seem to contain anything specific.

Do compilers generally put a fingerprint in their executable output files?

cheers,

From stackoverflow
  • Yes IDA is great for this. It uses a technology called FLIRT.

  • Visual Studio and GCC typically follow different startup routines (which call main). That maybe a hint. I don't know about others though. For dlls, can't think of something similar off the top of my head.

  • PEID will do the trick. It generally works just great. Obviously PEID is a windows tool but it shouldn't matter and should show you to compiler (sometimes even specific version information)

    MSalters : Works for PE files only. Solaris is ELF or possibly a.out
    Tim Matthews : IDA works for solaris elfs. See my post.
    dr. evil : ops miss that, good point.
  • Build small test apps with each compiler you're trying to identify. Then look at the results in a hex editor, and try to find patterns. It might turn out to be really obvious -- for example the "Rich" signatures from Microsoft's linker.

  • Compilers usually add their own personal "signature" as plaintext in the compiled files. You can use a tool such as strings to suss the plaintext out.

    Rob Wells : @Ignacio, I tried that but nothing really jumped out at me.

0 comments:

Post a Comment