Forums
Main Category
General (Technical,...
Visual Studio Profe...
 
Notifications
Clear all

Visual Studio Professional 2005

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by keydet89 19 years ago
9 Posts
4 Users
0 Reactions
678 Views
RSS
 dobbscenter
(@dobbscenter)
New Member
Joined: 19 years ago
Posts: 2
Topic starter 10/11/2006 7:10 am  

If a program is compiled into a .exe with Microsoft's Visual Studio Professional 2005, can it be traced back to the author? Is there metadeta in the .exe which gives the license #, etc?

What about dll's that are compiled using Visual Studio?

Thank you.


   
Quote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
10/11/2006 6:07 pm  

> If a program is compiled into a .exe with Microsoft's Visual Studio
>Professional 2005, can it be traced back to the author?

Not definitively, no.

> Is there metadeta in the .exe which gives the license #, etc?

There is metadata in the PE file (which applies to *all* executable files on Windows systems, including exe and dll files) but not a license, etc. I have heard that there was research being done about 2 yrs ago to use entry point analysis to tag PE files based on the compiler used, similar to the way PeID uses entry point analysis to determine the obfuscation method.

I think that if you look into PE header structures (you'll find several of these listed on my blog) you'll find the answers that you're looking for.

Thanks,

Harlan
http//windowsir.blogspot.com


   
ReplyQuote
_nik_
 _nik_
(@_nik_)
Trusted Member
Joined: 19 years ago
Posts: 93
11/11/2006 2:14 am  

>Professional 2005, can it be traced back to the author?
There might be a path to the .pdb file at the end of the exe.
if s/o is sloppy and has the project in his user folder you might see the username in it. Plaintext in ACP.

You do some analysis to find out what compiler was used ( not foolproof and s/o might leave a false trail (malware…)
But I'm not sure what you can do once you know that an exe was compiled with visual studio, since most will be.

Nik


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
11/11/2006 3:15 am  

_nik_

> You do some analysis to find out what compiler was used

How so? What would you be analyzing?


   
ReplyQuote
 Member
(@member)
Eminent Member
Joined: 19 years ago
Posts: 22
11/11/2006 2:28 pm  

> If a program is compiled into a .exe with Microsoft's Visual Studio
>Professional 2005, can it be traced back to the author?

Not definitively, no.

> Is there metadeta in the .exe which gives the license #, etc?

There is metadata in the PE file (which applies to *all* executable files on Windows systems, including exe and dll files) but not a license, etc. I have heard that there was research being done about 2 yrs ago to use entry point analysis to tag PE files based on the compiler used, similar to the way PeID uses entry point analysis to determine the obfuscation method

—snip—

No…
yes, maybe…..
http//homes.cerias.purdue.edu/~spaf/tech-reps/9210.pdf

though such techniqes are more inclined to psycological analysis + intelligent profiling (from software based say, neural network + human wisedom) + a strong hold on technology & reverse engineering skills BUT SADLY which a forensic examiner mostly lag because it isnt a everyday problem to face through….

Friends, a good forensic examiner also require a firm understanding on all feilds that revolves around it. (say jack of all too) I have some backgrounds in incident response, information security, vulneribility research and aspects of psycology. Being around the forum for sometimes now i've seen guys with intresting skills in forensics but are clueless about simple technology related problems.


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
11/11/2006 7:29 pm  

> No…
> yes, maybe…..

what? What's the context of this?

> BUT SADLY which a forensic examiner mostly lag because it isnt a
> everyday problem to face through….

Also, most forensic examiners lack this because they don't need it. The purpose of a forensic examiner is to find evidence and put context to the evidence, not to define intent. In a law enforcement scenario, the forensic examiner will be looking at a small part of the overall case, a part which may not even be used. It's the police and the prosecutor who will usually go about determining intent, or bring in a psychologist to do so.

> Being around the forum for sometimes now i've seen guys with
> intresting skills in forensics but are clueless about simple technology
> related problems.

I'm sure. Make sure you point that out to them when you see it, okay?


   
ReplyQuote
 Member
(@member)
Eminent Member
Joined: 19 years ago
Posts: 22
11/11/2006 9:38 pm  

(O;

but hey… i didnt mean to me MEAN nor it was a personal alligation.

I apologize if it was.


   
ReplyQuote
_nik_
 _nik_
(@_nik_)
Trusted Member
Joined: 19 years ago
Posts: 93
13/11/2006 5:37 am  

_nik_

> You do some analysis to find out what compiler was used

How so? What would you be analyzing?

In the PE header we have the major and minor linker version
http//en.wikibooks.org/wiki/Reverse_Engineering/PE

The name and section properties (and the resources) can be analyzed as well.


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
13/11/2006 8:56 am  

> In the PE header we have the major and minor linker version

Right, but it doesn't tell you the name of the linker, only the version

> The name and section properties (and the resources) can be analyzed as well.

What are the 'name' properties? What about the section properties and resources would you analyze?


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: