Reputation: 263
What are methods of compiler detection?
How PEiD and other tools detect compiler type? Can the detection process be dynamic? and how? Is there any other procedure instead of PE file processing?
Upvotes: 0
Views: 768
Answers (2)
Reputation: 1649
While I am not entirely sure how PEiD works, I think there are various ways to achieve this. Particularly, you want to look for various kinds of "fingerprints" from the produced code. For example the way the compiler handles known strings in the binary(zero-terminated as in C, or with a length value before the text as in Pascal) or how it sets up the stack frame for a function. Then of course looking for common code constructs, how certain structures are handled such as loops, conditionals or setting the runtime before calling the main function. Another approach would be to take a look at the imports and dependencies which could give insight on the used runtime.
Of course, the easiest way is to check any metadata left in the binary file without actually looking at the code at all. Often there are sections devoted for all kinds of metadata and even comments which can accurately reveal the exact compiler and version used for compiling. These can be spoofed with ease though, but a good detector takes this into account and looks at the actual code for clues.
Upvotes: 0
Reputation: 3234
Compiler type detection is based on compiler signature in EXE file.
Upvotes: 0
Related Questions
- Identifying compiler version from Windows executable
- How to check the Language in which Exe is made
- How to determine which compiler has been used to compile an executable?
- Can you find out which compiler was used to compile a program?
- How to identify if an executable file was compiled from C or C++?
- Compiler version, name, and OS detection in C++
- Tool to analyze the executable
- How does the compiler determin on which platform it is running?
- How to detect compiler
- How can ported code be detected?