Determining Which Compiler Built a Win32 PE

Question

How can one determine which C or C++ compiler was used to build a particular Windows executable or DLL? Some compilers leave behind version strings in the final executable,

Answer 1

One source of a hint to distinguish among VC versions is the specific C runtime library linked. Since the default case is (at least in the modern versions) to link to the DLL, this is fairly easy to do. The utility Dependency Walker is almost indispensible for verifying that you know what DLLs are really being loaded, and it will tell you which C runtime DLL is in use. Although Dependency Walker is included in the Microsoft Platform SDK, it has been extended independently and the site I linked is the home of its current development.

VC6 and MinGW both link to MSVCRT.DLL by default, so this won't distinguish between them. With some effort, MinGW can be made to link to the later C runtime versions as well, so you will need to independently rule out MinGW.

Runtime       VC Version
----------    -------------
MSVCRT.DLL    VC6
MSCVR80.DLL   VC8 (VS 2005)
MSCVR90.DLL   VC9 (VS 2008)

Other runtime DLLs would be good clues too, e.g. references to Delphi's runtime probably indicate the EXE was actually built from Delphi, and not a C toolchain at all.

If symbols haven't been stripped from the .EXE file, then you might find some clues from which internal symbols are present. For instance, a reference to something like _sjlj_init probably indicates that a MinGW GCC 3.x configured for setjmp/longjmp exception handling was involved at some point.