问题
Given an executable that is compiled from C to run on Solaris, is it possible to determine which compiler was used to compile the associated incomplete executable?
I can't see anything when using either the strings or the file command, and magic doesn't seem to contain anything specific.
Do compilers generally put a fingerprint in their executable output files?
cheers,
回答1:
If the executable isn't stripped, try /usr/ccs/bin mcs-p This will usually show the compiler, linker and all the header files used
回答2:
Yes IDA is great for this. It uses a technology called FLIRT.
回答3:
PEID will do the trick. It generally works just great. Obviously PEID is a windows tool but it shouldn't matter and should show you to compiler (sometimes even specific version information)
回答4:
Build small test apps with each compiler you're trying to identify. Then look at the results in a hex editor, and try to find patterns. It might turn out to be really obvious -- for example the "Rich" signatures from Microsoft's linker.
回答5:
Not stripped:
$ cc -O hello.c
$ file a.out
a.out: ELF 32-bit MSB executable SPARC32PLUS Version 1, V8+ Required, dynamically linked, not stripped
$ strings -a a.out | grep cc
/opt/solarisstudio12.3/prod/bin/cc -O hello.c
$ dwarfdump -i a.out | grep compile_o
DW_AT_SUN_compile_options Xa;O;R=Sun C 5.12 SunOS_sparc Patch 148917-07 2013/10/18;backend;raw;cd;
Stripped:
$ strip a.out
$ file a.out
a.out: ELF 32-bit MSB executable SPARC32PLUS Version 1, V8+ Required, dynamically linked, stripped
$ strings -a a.out | grep cc
(none)
回答6:
Visual Studio and GCC typically follow different startup routines (which call main). That maybe a hint. I don't know about others though. For dlls, can't think of something similar off the top of my head.
回答7:
Compilers usually add their own personal "signature" as plaintext in the compiled files. You can use a tool such as strings to suss the plaintext out.
来源:https://stackoverflow.com/questions/618491/can-you-find-out-which-compiler-was-used-to-compile-a-program