Can you find out which compiler was used to compil

2019-03-14 17:13发布

问题:

Given an executable that is compiled from C to run on Solaris, is it possible to determine which compiler was used to compile the associated incomplete executable?

I can't see anything when using either the strings or the file command, and magic doesn't seem to contain anything specific.

Do compilers generally put a fingerprint in their executable output files?

cheers,

回答1:

If the executable isn't stripped, try /usr/ccs/bin mcs-p This will usually show the compiler, linker and all the header files used



回答2:

Yes IDA is great for this. It uses a technology called FLIRT.



回答3:

PEID will do the trick. It generally works just great. Obviously PEID is a windows tool but it shouldn't matter and should show you to compiler (sometimes even specific version information)



回答4:

Build small test apps with each compiler you're trying to identify. Then look at the results in a hex editor, and try to find patterns. It might turn out to be really obvious -- for example the "Rich" signatures from Microsoft's linker.



回答5:

Not stripped:

$ cc -O hello.c

$ file a.out

a.out: ELF 32-bit MSB executable SPARC32PLUS Version 1, V8+ Required, dynamically linked, not stripped

$ strings -a a.out | grep cc

/opt/solarisstudio12.3/prod/bin/cc -O hello.c

$ dwarfdump -i a.out | grep compile_o

DW_AT_SUN_compile_options Xa;O;R=Sun C 5.12 SunOS_sparc Patch 148917-07 2013/10/18;backend;raw;cd;

Stripped:

$ strip a.out

$ file a.out

a.out: ELF 32-bit MSB executable SPARC32PLUS Version 1, V8+ Required, dynamically linked, stripped

$ strings -a a.out | grep cc

(none)



回答6:

Visual Studio and GCC typically follow different startup routines (which call main). That maybe a hint. I don't know about others though. For dlls, can't think of something similar off the top of my head.



回答7:

Compilers usually add their own personal "signature" as plaintext in the compiled files. You can use a tool such as strings to suss the plaintext out.