Does anybody know of a way to prevent the timestamp of an executable from changing? I'm trying to generate a consistent hash code for the .exe but I think the timestamp may be preventing that from happening. Each time I recompile the code (VS C++) the FastSum generates a different checksum.

Thanks!

Depending on what you have to checksum, you can either strip off the COFF header (where the timestamp resides) or the Optional Header. In the latter case, you just only save the section table and section data (the binary content of the executable). If you make sure your source code is not changed and compile and link flags are not changed, the section data should remain the same. If you want to include version numbers or size of code in the checksum, you must include the Optional Header.

To find the start of Optional Header, follow the procedure:

1. Read 4-byte signature base address from 0x3c.
2. Goto the signature offset.
3. Offset 20 bytes. This is the start of the Optional Header.
4. You should expect 0x10b here if it is 32-bit exe file or 0x20b if 64-bit.

To find the start of section table, follow the procedure:

1. Read 4-byte signature base address from 0x3c.
2. Goto the signature offset.
3. offset 16 bytes.
4. Read 2-byte Optional Header size here.
5. Goto the Optional Header.
6. Offset Optional Header size bytes. This is the start of the section table.
7. You should expect a section name here (like ".text", ".data", etc).

For complete specification of PE & COFF format, download this: Microsoft PE and COFF Specification.

The PE file format (as in your EXE) has a timestamp field. Check out "Table 2. IMAGE_FILE_HEADER Fields" at this link: http://msdn.microsoft.com/en-us/library/ms809762.aspx

It seems like if you really wanted to, you could edit TimeDateStamp in a hex editor, or write a small program to do it for you. If I read the above document correctly, it looks like it's 4 bytes at offset 10.

I'm not sure what the consequences are of changing this. My guess is it may make you unable to find symbols when you debug the program. Maybe instead of changing this field in your binary you should hash regions outside the PE header. (The link I provide may help you determine where that would make sense.)

Which timestamp? Last accessed? You can't prevent that changing if you are accessing it - however you could take note of it and then change it back?

For a hash - what do you mean? A method of ensuring that the .exe hasn't changed? I'd use a CRC.

File timestamps are something controlled and maintained by the OS - they're not internal to the file (including executables) itself.