确定哪些编译器构建一个Win32 PE [英] Determining Which Compiler Built a Win32 PE

问题描述

如何才能确定哪些C或C ++编译器被用来建立一个特定的Windows可执行文件或DLL？有些编译器留在最终的可执行版本字符串后面，但是这似乎是在Windows比Linux上罕见的。

How can one determine which C or C++ compiler was used to build a particular Windows executable or DLL? Some compilers leave behind version strings in the final executable, but this seems to be rarer on Windows than on Linux.

具体来说，我有兴趣在Visual C ++和各种MinGW的编译器（通常是相当距离的函数签名容易）区分，然后Visual C ++版本（6，2002/2003，2005年至2008年间，更难做）。是否有一个工具，有可以进行区分在一个半可靠的方法？

Specifically, I'm interested in distinguishing between Visual C++ and the various MinGW compilers (usually fairly easy from the function signatures), and then between Visual C++ versions (6, 2002/2003, 2005, 2008; more difficult to do). Is there a tool out there that can make the distinction in a semi-reliable way?

推荐答案

暗示VC版本之间区别的一个来源是联系在一起的特定的C运行时库。由于默认情况下（至少在现代版本）链接到该DLL，这是相当容易的事。该实用程序的Dependency Walker 是几乎不可或缺的验证，你知道真正被加载哪些DLL，它会告诉你运行时DLL是Ç正在使用。虽然的Dependency Walker包含在Microsoft平台SDK，它已经自主扩展和我联系该网站是当前发展的家园。

One source of a hint to distinguish among VC versions is the specific C runtime library linked. Since the default case is (at least in the modern versions) to link to the DLL, this is fairly easy to do. The utility Dependency Walker is almost indispensible for verifying that you know what DLLs are really being loaded, and it will tell you which C runtime DLL is in use. Although Dependency Walker is included in the Microsoft Platform SDK, it has been extended independently and the site I linked is the home of its current development.

VC6和MinGW都链接MSVCRT.DLL默认情况下，所以这不会区分它们。随着一些努力，MinGW的，可向链接到后来的C运行时版本一样，所以你需要单独排除MinGW的。

VC6 and MinGW both link to MSVCRT.DLL by default, so this won't distinguish between them. With some effort, MinGW can be made to link to the later C runtime versions as well, so you will need to independently rule out MinGW.

Runtime       VC Version
----------    -------------
MSVCRT.DLL    VC6
MSCVR80.DLL   VC8 (VS 2005)
MSCVR90.DLL   VC9 (VS 2008)

其他运行时的DLL将是一件好事太多的线索，例如德尔福的运行时引用可能表明EXE实际上是德尔福建，而不是一个C工具链都没有。

Other runtime DLLs would be good clues too, e.g. references to Delphi's runtime probably indicate the EXE was actually built from Delp and not a C toolchain at all.

如果符号没有从.exe文件剥离，那么你可能会发现一些线索从内部符号present。例如，为了一些参考像 _sjlj_init 可能表示配置的setjmp / longjmp异常处理一个MinGW的GCC 3.x的参与在某些时候。

If symbols haven't been stripped from the .EXE file, then you might find some clues from which internal symbols are present. For instance, a reference to something like _sjlj_init probably indicates that a MinGW GCC 3.x configured for setjmp/longjmp exception handling was involved at some point.

这篇关于确定哪些编译器构建一个Win32 PE的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！