Is There a Way to Tell What Language Was Used for a Program?

views:

679

answers:

+13 Q:

Is There a Way to Tell What Language Was Used for a Program?

I have a desktop program I downloaded and installed. It runs from an .exe file.

Is there some way from the .exe file to tell what programming language was used to write the program?

Are there any tools are available to help with this?

What languages can be determined and which ones cannot?

Okay here are two of the sort of things I'm looking for:

Tips to Determine Whether an App is Written in Delphi or Not
This "IsDelphi" program by Bruce McGee will find all applications built with Delphi, Delphi for .Net or C++ Builder that are on your hard drive.

+4 A:

A good disassembler, plus of course an excellent understanding of the underlying CPU architecture, can often help you identify the runtime libraries that are in play. Unless the exe has been carefully "stripped" of symbols and/or otherwise masked, the names of symbols seen in runtime libraries will often provide you with programming-language hints, because different languages' standards specify different names, and vendors of compilers and accompanying runtime libraries usually respect those standards pretty closely.

Of course, you won't get there without knowledge of the various possible languages and their library standards -- and if the code's author was intent to mask the information, that's not too hard for them to do, either.

Alex Martelli 2009-12-30 03:15:46

+1 A:

Start with various options to dumpbin. The symbol names, if not carefully erased, will give you all kinds of hints as to whether it is C, C++, CLR, or something else.

bmargulies 2009-12-30 03:15:57

+4 A:

First, look to see what run time libraries it loads. A C program won't normally load Visual Basic's library.

Also, examine the executable for telltale strings. In most executables, this is near the end. If the program uses string constants, there might be a clue in how they are stored.

wallyk 2009-12-30 03:18:29

Also symbols and calling convention can give it away, as well as things like how `ebp/rbp` is used with the call stack.

Earlz 2010-01-05 05:47:36

+3 A:

Norman Ramsey 2009-12-31 00:40:52

+2 A:

Assuming this is an application for Windows...

Does Reflector recognize it as a .NET assembly? Then it's MSIL, 99% either VB or C#, but you'll likely never know which, nor does it matter.

Does it need an intrepreter (like Java?)? Then it's Java (or whatever the interpreter is.)

Check what runtime DLLs it requires.

Does it require the VB runtime dlls? Congratulations, VB from VisualStudio 6.0 or earlier.

Does it require the Delphi dlls? Congratulations, Delphi.

Did you make it this far? C/C++. Assume C++ unless it requires msys or cygwin dlls, in which case C has maybe a 25% chance.

Congratulations, this should come out correct for the vast majority of Windows software. This probably doesn't actually help you though, as a lot of the same things can be done in all of these languages.

Drakonite 2009-12-31 00:57:15

This is sort of the ruleset I was looking for. Is there anything out there that gives this in much more detail?

lkessler 2010-01-04 02:51:42

Well, no, and thats sort of the point. I just rambled this off from a couple basic ideas. If it has an external language specific requirement, such as the .NET framework, an interpreter, or language specific runtime libraries, that can clue you off. Otherwise it can take years of experience with various compilers to be able to figure out what compiler created the code with any real accuracy. If there are no external libraries you are best off playing the odds and calling it either C or C++ depending on the age of the binary.

Drakonite 2010-01-04 03:27:24

How about I give you a sample written in assembly? Detecting assembly: mainly not referencing any C runtime dll and doesn't have the stdlib strings in it ("requested the runtime to terminate it in an unusual way").

Joshua 2010-01-05 04:02:23

If it is .Net (or Java) byte code, I would not say '... but you'll likely never know which, nor does it matter' - there are many languages which run on these platforms. Delphi Prism, VB, C# / Scala, Groovy, Clojure or AspectJ have different feature sets.

mjustin 2010-01-05 10:03:48

@mjustin: I realize now I wasn't clear enough, but I did not intend this as a 100% inclusive 100% accurate walkthrough. (For instance with .NET I said 99% of the time it would be VB or C#, which is about accurate, and once it's in MSIL it doesn't matter where it came from, it'll all reverse back to C#.) My point was that a few basic rules would usually be correct for the vast majority of examples, but beyond that it could take years of experience to have an accurate idea of which language the binary was compiled from.

Drakonite 2010-01-05 17:07:49

Delphi application do not mandate any runtime dll.

Sake 2010-01-06 03:07:29

+1 A:

IDA Pro Free (http://www.hex-rays.com/idapro/idadownfreeware.htm) may be helpful. Even if you don't understand assembly language, if you load the EXE into IDA Pro then its initial progress output might (if there are any telltale signs) include its best guess as to which compiler was used.

brone 2010-01-03 00:29:53

+1 A:

Other tools use signatures to identify the compiler used to create the executable, like PEiD, CFF Explorer and others.

They normally scan the entry point of the executable vs the signature.

Signature Explorer from CFF Explorer can give you an understanding of how one signature is constructed.

pani 2010-01-05 08:02:31

+1 PEiD and CFF Explorer are helpfull tools

Remko 2010-01-05 11:39:02

+6 A:

I use WinDowse (a small freeware utility written in Delphi) to spy the windows of the program.. for example if you look at the "Class" TabSheet you can discover the "Class" Name of the control..

For example:

TFormXX, TEditYY, TPanelZZZ for delphi apps
WindowsForms10.XXXX.yyy, for .NET apps
wxWindowsXXX for wxWindows apps
AfxWndXX for MFC/VC++ apps (I think)

I think this is the fastest way (although not the most accurate) to find information about apps..

paolorossi 2010-01-05 09:45:03

Thanks Paolo, That WinDowse looks like a very useful program for this purpose. If I could give out a second accepted answer, you'd have got it.

lkessler 2010-01-06 06:07:24

+1 for the OP's attempted second accept.

Karl 2010-01-08 03:07:22

+2 A:

I understand your curiosity.

You can identify Delphi and C++ Builder apps and their SKU by looking for a couple of specific resources that the linker adds. Specifically RC Data\DVCLAL and RC DATA\PACKAGEINFO. The XN Resource Editor makes this a lot easier, but it might choke on compresses EXEs.

EXE compressors complicate things a little. They can hide or scramble the contents of the resources. Programs compressed with UPX are easy to identify with a HEX editor because the first 2 sections in the PE header are named UPX0 and UPX1. You can use the app to decompress these.

Applications compiled with .Net aren't difficult to detect. Recent versions of Delphi even include an IsAssembly function, or you could do a little spelunking in the PE header. Check out the IsManaged function in IsDelphi.

Telling which .Net language was used is trickier. By default, VB.Net includes a reference to Microsoft.VisualBasic, and VCL.Net apps included Borland specific references. However, VCL.Net is defunct in favour of Delphi Prism, and you can add a reference to the VB assembly to any managed language.

I haven't looked at some of the apps that use signatures to identify the the compiler, so I don't know how well they work.

I hope this helps.

Bruce McGee 2010-01-06 02:49:02

Thanks Bruce. I'm glad I added the Delphi tag to the question.

lkessler 2010-01-06 05:48:20

It looks like the VC++ linker from V6 up adds a signature to the PE header which youcan parse.

Bruce McGee 2010-01-06 11:32:31

i suggest PEiD (freeware, closed source). Has all of Delphi for Win32 signatures, also can tell you which was packer used (if any).

2010-01-08 02:34:26

ansaurus

tags:

views:

answers:

Is There a Way to Tell What Language Was Used for a Program?

related questions