This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: Question about past research in detecting compiler used to create executable binary
- From: Tim Josling <tejgcc at westnet dot com dot au>
- To: Stephen Torri <torrisa at auburn dot edu>
- Cc: gcc at gcc dot gnu dot org
- Date: Thu, 24 Jan 2008 12:51:49 +1100
- Subject: Re: Question about past research in detecting compiler used to create executable binary
- References: <1201128515.8143.1.camel@dell.linuxdev.us.dell.com>
- Reply-to: tejgcc at westnet dot com dot au
On Wed, 2008-01-23 at 16:48 -0600, Stephen Torri wrote:
> GCC Community,
>
> I am a PhD candidate at Auburn University in Alabama investigating
> automated compiler detection for reverse engineering. The reason I am
> contacting this mailing list is to see if anyone knows of research done
> to discover the compiler used to create a binary executable.
>
> Sincerely,
>
> Stephen Torri
> PhD Candidate
> Auburn University
> Department of Computer Science and Software Engineering
> torrisa@auburn.edu
>
>
If GCC is any guide, this will often be trivial. GCC embeds lots of data
about the source system and compiler in the executable.
> file temp.x
temp.x: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), for
GNU/Linux 2.6.0, dynamically linked (uses shared libs), not stripped
Also in the same file
GCC: (GNU) 4.1.2 (Ubuntu 4.1.2-0ubuntu4)
If this is a reverse engineering project, your adversary will probably
have stripped as much of this kind of thing as possible though.
Tim Josling