确定哪个编译器构建了Win32 PE [英] Determining Which Compiler Built a Win32 PE

问题描述

如何确定哪个C或C ++编译器用于构建特定的Windows可执行文件或DLL？一些编译器在最终的可执行文件中留下版本字符串，但这在Windows上比在Linux上更为罕见。

How can one determine which C or C++ compiler was used to build a particular Windows executable or DLL? Some compilers leave behind version strings in the final executable, but this seems to be rarer on Windows than on Linux.

具体来说，我有兴趣区分Visual C ++和各种MinGW编译器（通常很容易从函数签名），然后在Visual C ++版本（6,2002/2003，2005，2008;更难做）之间。是否有可以用半可靠方式区分的工具？

Specifically, I'm interested in distinguishing between Visual C++ and the various MinGW compilers (usually fairly easy from the function signatures), and then between Visual C++ versions (6, 2002/2003, 2005, 2008; more difficult to do). Is there a tool out there that can make the distinction in a semi-reliable way?

推荐答案

一个提示的来源在VC版本之间是特定的C运行时库链接。由于默认情况是（至少在现代版本中）链接到DLL，这是相当容易做到的。实用程序 Dependency Walker 对于验证您是否知道正在加载什么DLL是几乎不可或缺的，它会告诉你正在使用哪个C运行时DLL。虽然Dependency Walker包含在Microsoft Platform SDK中，但它已经独立扩展，我链接的网站是其当前开发的主页。

One source of a hint to distinguish among VC versions is the specific C runtime library linked. Since the default case is (at least in the modern versions) to link to the DLL, this is fairly easy to do. The utility Dependency Walker is almost indispensible for verifying that you know what DLLs are really being loaded, and it will tell you which C runtime DLL is in use. Although Dependency Walker is included in the Microsoft Platform SDK, it has been extended independently and the site I linked is the home of its current development.

VC6和MinGW都链接到MSVCRT.DLL默认情况下，所以这不会区分它们。有了一些努力，MinGW也可以链接到以后的C运行时版本，所以你需要独立排除MinGW。

VC6 and MinGW both link to MSVCRT.DLL by default, so this won't distinguish between them. With some effort, MinGW can be made to link to the later C runtime versions as well, so you will need to independently rule out MinGW.

Runtime       VC Version
----------    -------------
MSVCRT.DLL    VC6
MSCVR80.DLL   VC8 (VS 2005)
MSCVR90.DLL   VC9 (VS 2008)

其他运行时DLL将很好线索，例如引用Delphi的运行时可能表示EXE实际上是从Delphi创建的，而不是C的工具链。

Other runtime DLLs would be good clues too, e.g. references to Delphi's runtime probably indicate the EXE was actually built from Delp and not a C toolchain at all.

如果符号没有从.EXE文件中删除，那么你可能会找到一些内部符号存在的线索。例如，对 _sjlj_init 的引用可能表示在某个时刻涉及为setjmp / longjmp异常处理配置的MinGW GCC 3.x。

If symbols haven't been stripped from the .EXE file, then you might find some clues from which internal symbols are present. For instance, a reference to something like _sjlj_init probably indicates that a MinGW GCC 3.x configured for setjmp/longjmp exception handling was involved at some point.

这篇关于确定哪个编译器构建了Win32 PE的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！