Find out Build Configuration from exe
-
Hi, Is there anyway to find out in which build configuration it was built from an exe?!! Thanks for any help!! Regards, Maya
Hi Maya, The PE format is documented here: Microsoft Portable Executable and Common Object File Format Specification[^] You can check the IMAGE_FILE_HEADER section[^] of the COFF header for the IMAGE_FILE_DEBUG_STRIPPED flag. Here is an example:
BOOL IsDebugImage(LPTSTR szPath) { BOOL bRet = FALSE; HANDLE hFile = CreateFile(szPath,GENERIC_WRITE | GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); if(NULL != hFile) { LARGE_INTEGER bigInt; if(TRUE == GetFileSizeEx(hFile, &bigInt)) { HANDLE hFileMap = CreateFileMapping(hFile,NULL,PAGE_READWRITE,bigInt.HighPart,bigInt.LowPart + 0x2000 ,NULL); if(NULL != hFileMap) { LPVOID hMap = MapViewOfFile(hFileMap,FILE_MAP_READ,0,0,0); if(NULL != hMap) { HMODULE hModule = (HMODULE)hMap; IMAGE_DOS_HEADER * pDosHeader = (IMAGE_DOS_HEADER *)hModule; IMAGE_FILE_HEADER * pFileHeader = (IMAGE_FILE_HEADER *)(((LPBYTE)hModule) + pDosHeader->e_lfanew + sizeof(IMAGE_NT_SIGNATURE)); bRet = !(pFileHeader->Characteristics &IMAGE_FILE_DEBUG_STRIPPED); UnmapViewOfFile(hFileMap); } CloseHandle(hFileMap); } } CloseHandle(hFile); } return bRet; }
Best Wishes, -David Delaune -
Hi Maya, The PE format is documented here: Microsoft Portable Executable and Common Object File Format Specification[^] You can check the IMAGE_FILE_HEADER section[^] of the COFF header for the IMAGE_FILE_DEBUG_STRIPPED flag. Here is an example:
BOOL IsDebugImage(LPTSTR szPath) { BOOL bRet = FALSE; HANDLE hFile = CreateFile(szPath,GENERIC_WRITE | GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); if(NULL != hFile) { LARGE_INTEGER bigInt; if(TRUE == GetFileSizeEx(hFile, &bigInt)) { HANDLE hFileMap = CreateFileMapping(hFile,NULL,PAGE_READWRITE,bigInt.HighPart,bigInt.LowPart + 0x2000 ,NULL); if(NULL != hFileMap) { LPVOID hMap = MapViewOfFile(hFileMap,FILE_MAP_READ,0,0,0); if(NULL != hMap) { HMODULE hModule = (HMODULE)hMap; IMAGE_DOS_HEADER * pDosHeader = (IMAGE_DOS_HEADER *)hModule; IMAGE_FILE_HEADER * pFileHeader = (IMAGE_FILE_HEADER *)(((LPBYTE)hModule) + pDosHeader->e_lfanew + sizeof(IMAGE_NT_SIGNATURE)); bRet = !(pFileHeader->Characteristics &IMAGE_FILE_DEBUG_STRIPPED); UnmapViewOfFile(hFileMap); } CloseHandle(hFileMap); } } CloseHandle(hFile); } return bRet; }
Best Wishes, -David DelauneHow does file mapping compare to using
ReadFile()to read the header information?"Old age is like a bank account. You withdraw later in life what you have deposited along the way." - Unknown
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
-
Hi Maya, The PE format is documented here: Microsoft Portable Executable and Common Object File Format Specification[^] You can check the IMAGE_FILE_HEADER section[^] of the COFF header for the IMAGE_FILE_DEBUG_STRIPPED flag. Here is an example:
BOOL IsDebugImage(LPTSTR szPath) { BOOL bRet = FALSE; HANDLE hFile = CreateFile(szPath,GENERIC_WRITE | GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); if(NULL != hFile) { LARGE_INTEGER bigInt; if(TRUE == GetFileSizeEx(hFile, &bigInt)) { HANDLE hFileMap = CreateFileMapping(hFile,NULL,PAGE_READWRITE,bigInt.HighPart,bigInt.LowPart + 0x2000 ,NULL); if(NULL != hFileMap) { LPVOID hMap = MapViewOfFile(hFileMap,FILE_MAP_READ,0,0,0); if(NULL != hMap) { HMODULE hModule = (HMODULE)hMap; IMAGE_DOS_HEADER * pDosHeader = (IMAGE_DOS_HEADER *)hModule; IMAGE_FILE_HEADER * pFileHeader = (IMAGE_FILE_HEADER *)(((LPBYTE)hModule) + pDosHeader->e_lfanew + sizeof(IMAGE_NT_SIGNATURE)); bRet = !(pFileHeader->Characteristics &IMAGE_FILE_DEBUG_STRIPPED); UnmapViewOfFile(hFileMap); } CloseHandle(hFileMap); } } CloseHandle(hFile); } return bRet; }
Best Wishes, -David Delaune -
How does file mapping compare to using
ReadFile()to read the header information?"Old age is like a bank account. You withdraw later in life what you have deposited along the way." - Unknown
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
Hi DavidCrow, The difference is that CreateFileMapping will load the entire executable into virtual memory. Using CreateFile/ReadFile will probably map an executable into the pagefile up to the allocation granularity of the system which is 64K on a 32 bit NT OS depending on which CreateFile flags have been used. Typically when I iterate through PE sections and read data I use CreateFileMapping for performance reasons. Although for simply checking the IMAGE_FILE_DEBUG_STRIPPED flag a series of ReadFile calls would be sufficient. At any rate... a code sample is exactly that. It is a code sample. Best Wishes, -David Delaune
-
Hi Maya, The PE format is documented here: Microsoft Portable Executable and Common Object File Format Specification[^] You can check the IMAGE_FILE_HEADER section[^] of the COFF header for the IMAGE_FILE_DEBUG_STRIPPED flag. Here is an example:
BOOL IsDebugImage(LPTSTR szPath) { BOOL bRet = FALSE; HANDLE hFile = CreateFile(szPath,GENERIC_WRITE | GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); if(NULL != hFile) { LARGE_INTEGER bigInt; if(TRUE == GetFileSizeEx(hFile, &bigInt)) { HANDLE hFileMap = CreateFileMapping(hFile,NULL,PAGE_READWRITE,bigInt.HighPart,bigInt.LowPart + 0x2000 ,NULL); if(NULL != hFileMap) { LPVOID hMap = MapViewOfFile(hFileMap,FILE_MAP_READ,0,0,0); if(NULL != hMap) { HMODULE hModule = (HMODULE)hMap; IMAGE_DOS_HEADER * pDosHeader = (IMAGE_DOS_HEADER *)hModule; IMAGE_FILE_HEADER * pFileHeader = (IMAGE_FILE_HEADER *)(((LPBYTE)hModule) + pDosHeader->e_lfanew + sizeof(IMAGE_NT_SIGNATURE)); bRet = !(pFileHeader->Characteristics &IMAGE_FILE_DEBUG_STRIPPED); UnmapViewOfFile(hFileMap); } CloseHandle(hFileMap); } } CloseHandle(hFile); } return bRet; }
Best Wishes, -David DelauneHi David, I have another question on this. The method you have given tells us whether the image is a debug image or release image, if im not wrong. Is there any way to find out in which specific 'release build configuration' the image was built?? Like ReleaseMinSize or ReleaseMinDependency?? I went through the links that you provided but couldnt find a way. Please do let me know if theres any way to find this. Appreciate your help :) Regards, Maya
-
Hi David, I have another question on this. The method you have given tells us whether the image is a debug image or release image, if im not wrong. Is there any way to find out in which specific 'release build configuration' the image was built?? Like ReleaseMinSize or ReleaseMinDependency?? I went through the links that you provided but couldnt find a way. Please do let me know if theres any way to find this. Appreciate your help :) Regards, Maya
Hi Maya, The terms ReleaseMinSize and ReleaseMinDependency are only words to describe a dynamic set of compiler options. There is nothing preventing you from choosing ReleaseMinSize inside Visual Studio and making it identical to a Debug build. In fact... in Visual Studio you can create your own build setting. For example: 1.) Choose Build from the Visual Studio system menu. 2.) Choose 'Configuration Manager' from the drop down menu. 3.) In the 'Active Solution Configuration' combobox choose 'New' 4.) Observe that you can create a new build configuration and name it anything you wish. You can detect the following for example: 1.) You can detect if the PE image has debug information. 2.) You can test for a specific dependency such as CRT or MFC dynamic linkage. There are all sorts of other possibilities but you need to realize that the words ReleaseMinSize and ReleaseMinDependency are dynamic and have no specific meaning to the MSVC compiler. Can you tell me exactly what you are trying to accomplish? Best Wishes, -David Delaune
-
Hi Maya, The terms ReleaseMinSize and ReleaseMinDependency are only words to describe a dynamic set of compiler options. There is nothing preventing you from choosing ReleaseMinSize inside Visual Studio and making it identical to a Debug build. In fact... in Visual Studio you can create your own build setting. For example: 1.) Choose Build from the Visual Studio system menu. 2.) Choose 'Configuration Manager' from the drop down menu. 3.) In the 'Active Solution Configuration' combobox choose 'New' 4.) Observe that you can create a new build configuration and name it anything you wish. You can detect the following for example: 1.) You can detect if the PE image has debug information. 2.) You can test for a specific dependency such as CRT or MFC dynamic linkage. There are all sorts of other possibilities but you need to realize that the words ReleaseMinSize and ReleaseMinDependency are dynamic and have no specific meaning to the MSVC compiler. Can you tell me exactly what you are trying to accomplish? Best Wishes, -David Delaune