Search code examples
visual-c++portable-executable

How to get VC compiler version from PE file programmatically?

The CFF Explorer is able to detect the VC complier version from PE file. it shows "Microsoft Visual C++ 8" for my exe file which is statically linked to libCMT(no dll dependency).

How is that done? It must replies on some structure in PE file which is unknown to me.

UPDATE:

  1. CFF Explorer can get the correct VC complier version for a statically linked PE file (no DLL dependency to msvcmXX.dll, msvcpXX.dll or msvcrXX.dll)
  2. Even I cleared the LinkerVersion / ImageVersion / SubsytstemVersion / OperratingSystemVersion fields in PE optional header to ZERO, CFF explorer still can know the correct VC compiler version.

Seems CFF explorer is using a much reliable way to detect VC compiler version.

Solution

  • The PE Header have some info about linker(or compiler). Check out:

    http://wiki.osdev.org/PE

    and also:

    http://mirror.sweon.net/madchat/vxdevl/papers/winsys/pefile/pefile.htm

    The magic word in the PE header maybe the key to your answer.

    edit:

    Seems CFF explorer rely on the code signature. I've found some interesting post here:

    Determining Which Compiler Built a Win32 PE

    In RBerteig's reply, the internal symbols can be used to determine compiler.

    http://www.codeproject.com/Articles/24417/Portable-Executable-P-E-Code-Injection-Injecting-a

    From this post, the _main address is one of the signature to determine it.

    and this post: http://ntcore.com/files/richsign.htm

    give more clue about Microsoft compiler signature.