Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to know in what language an exe file is written?

I have an exe file and I decompiled it with Ida. I was told the program coded in Delphi, so I tried to decompile with DeDe but it failed, no output and no error. And I'm wondering is it possible to find language used in creating exe by trying different decompilers written specifically for a programming language? Or can they fail for some other reason?

like image 610
Kuzgun Avatar asked Sep 03 '13 15:09

Kuzgun


1 Answers

In many cases it is possible to identify the compiler used to compile the code, and from that, the original language.

Most language implementations include some kind of runtime library to implement various high-level operations of the language. For example, C has the CRT which implements file I/O operations (fopen, fread etc.), Delphi has compiler helpers for its string type (concatenation, assignment and others), ADA has various low-level functions to ensure language safety and so on. By comparing the code of the program and the runtime libraries of the candidate compilers you may be able to find a match.

IDA implements this approach in the FLIRT technology. By using the signatures, IDA is able to determine most of the major compilers for DOS and Windows. It's somewhat more difficult on Linux because there's no single provider of compiler binaries for it, so signatures would have to be made for every distro.

However, even without resorting to the runtime library code, it may be possible to identify the compiler used. Many compilers use very distinct idioms to represent various operations. For example, I was able to guess that the compiler used for the Duqu virus was Visual C++, which was later confirmed.

like image 185
Igor Skochinsky Avatar answered Sep 22 '22 06:09

Igor Skochinsky