OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: January 4, 2008 04:43 CST by sziecuas .

Can i know with witch compiler a program had been compiled?
i want to know if there is a tool that allow me to know if a program was created by Borland C++ compiler, Visual C++, or another compiler?

sorry for my english :-)

frankboldewin		January 4, 2008 07:18.06 CST
there are some tools like peid, rdg packer detector, die (detect it easy), exeinfope which try to tell you the compiler. if the binary you want to analyse is protected in some way, the results of the above mentioned tools maybe fooled. then first a clean unpacking is needed to get a better clue, what compiler was originally used. further an analysis of the imported functions may help, e.g. an imported rtcMsgBox is a good sign for a visual basic application or a ThunRTMain and so forth. just some ideas to get the original compiler...

cod		January 5, 2008 13:49.34 CST
you can get IDA 4.8 (it's freeware) and to try to disassemble with IDA the file ...

dELTA		January 5, 2008 19:08.55 CST
You can find such tools here: http://www.woodmann.com/collaborative/tools/index.php/Category:Compiler_Identifiers

RolfRolles		January 8, 2008 04:33.22 CST
When I worked at Sabre, Ero Carrera (I think it was; might've been Halvar) had an excellent idea for determining the compiler, its version and optimization settings via mathematics. We didn't test it during my time there, but it had the potential to work very well. I don't think they've released the idea, so I won't spill the beans, but I hope they talk about it someday.

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit