Fog Creek Software
Discussion Board




Name that executable

I have several applications installed on my computer (as is normal). Now, is there a way to know in what language was that executable made? What I have in mind is something like  Nmap but for executables. If you run Nmap against a server it'll tell you the operating systems down to the version. Is there something like that about executables?

Ogami Itto
Saturday, August 28, 2004

You mean determining programming language that an application which has been compiled to machine code was originally written in? No easy way that I know of. But you could search the executable for the copyright string of the compiler (remember that it might be in Unicode UTF-16 format!).

Chris Nahr
Saturday, August 28, 2004

On unix systems you can generally figure it out by scanning the symbols with 'nm'

Oren Miller
Saturday, August 28, 2004

Something like Resource Explorer might help you:

http://www.wilsonc.demon.co.uk/d7resourceexplorer.htm

www.MarkTAW.com
Saturday, August 28, 2004

Windows executables begin with the ASCII prefix "MZ".  Mark Zbikowski, who wrote FAT - or adapted it or whatever.  Isn't it amazing that ELF was never adopted?

hoser
Saturday, August 28, 2004

Ogami, I see you created another stupid thread.


Saturday, August 28, 2004

Yes, pitty so many people are replying to it. How do you feel by insulting so many people at the same time?

Ogami Itto
Saturday, August 28, 2004

Ogami, it would be better if first you think and then think again and then post if you think it's really really necessary and you have a valid topic for a thread.


Saturday, August 28, 2004

Luckily school starts soon, so maybe we'll start getting less of these blank-authored nasty posts.

Kalani
Saturday, August 28, 2004

Pol Pot is alive and kicking - on JoS!

Ogami Itto
Saturday, August 28, 2004

Kalani, are you a friend of Ogami. And yes, hopefully shool will stop your madness.


Sunday, August 29, 2004

How pathetic. Somebody asks a perfectly reasonable question, some nice people make a genuine attempt at answering it but others seemingly have nothing better to do than come and bitch at the poster for no obvious reason.

Utterly pathetic. Why bother?

James U-S
Monday, August 30, 2004

James, true, why bother. Pathetic attempt from your side.


Monday, August 30, 2004

On Unix, apart from 'nm' there's also 'file' which will give you more or less detailed information about the type of executable you're dealing with. There's also GNU objdump, though objdump might only work with ELF.

Search through the specs for the executable format that you're interested in, and check what kind of information is included in the headers of the executable.

Google for terms like "reverse engineering", "decompiler", "disassembler" and you'll find a good deal of general information and tools on the topic and maybe some forums or mailing lists where you'll find better answers than here.

In general, I don't think there's an easy way to go about 'fingerprinting' an executable, because compiling is really a one-way function. Apart from the symbol names, there are probably a lot of "idioms" that certain compilers use to translate certain language constructs. If you can identify those idioms, you can identify the compiler, but it's a lot of busy work, and usually there's easier ways to find out what you want to know. If I'm not mistaken, though, that's how nmap goes about identifying OS's.

I think finding out the source language of an executable would be a niche market and not justify the effort to create such a tool to say the least. What are you trying to accomplish, anyway? Why not just ask the original programmer of the binary about what high level language it was developed in?

  -tim

a2800276
Monday, August 30, 2004

Why it's important to know which language a sw was written originally when you doing a reverse engineering? From asm you can back-compile to VB, C++, whatever.


Monday, August 30, 2004

On Windows you can sometimes guess by seeing what DLLs it imports: the VB run-time library, the MSVC run-time library, the .NET run-time library, ...

Christopher Wells
Monday, August 30, 2004

IDA - the Interactive Disassembler - can mostly tell which compiler produced the executable.

There are lots of little things, like the binary signature of the C runtime, that are often enough to tell.

Just curious, why do you want to know?

Alex
Tuesday, August 31, 2004

Ok, the big picture: I've been trying to develop an app, and I was trying to know in what language an similar app had been developed. I guessed Delphi (and I think I am right) but I wanted to make sure.

Ogami Itto
Wednesday, September 01, 2004

*  Recent Topics

*  Fog Creek Home