Given an executable that is compiled from C to run on Solaris, is it possible to determine which compiler was used to compile the associated incomplete executable?
I can't see anything when using either the strings or the file command, and magic doesn't seem to contain anything specific.
Do compilers generally put a fingerprint in their executable output files?
cheers,
If the executable isn't stripped, try /usr/ccs/bin mcs-p This will usually show the compiler, linker and all the header files used
Compilers usually add their own personal "signature" as plaintext in the compiled files. You can use a tool such as strings to suss the plaintext out.
Build small test apps with each compiler you're trying to identify. Then look at the results in a hex editor, and try to find patterns. It might turn out to be really obvious -- for example the "Rich" signatures from Microsoft's linker.
Visual Studio and GCC typically follow different startup routines (which call main). That maybe a hint. I don't know about others though. For dlls, can't think of something similar off the top of my head.
PEID will do the trick. It generally works just great. Obviously PEID is a windows tool but it shouldn't matter and should show you to compiler (sometimes even specific version information)
Yes IDA is great for this. It uses a technology called FLIRT.