41

Whats the easiest way to find out what programming language an application was written in? I would like to know if its vb or c++ or delphi or .net etc from the program exe file.

Ed Guiness
  • 33,233
  • 16
  • 102
  • 141
veagles
  • 465
  • 1
  • 5
  • 8
  • I remember 5 years ago, I found an API call that requires a window handle and will return the class name of the window. I notice that if the program is written in VB, the class name of any object should be preceded by 'thunder'. If it's written in Delphi, the class name is usually being with 'T'. I'm not sure if this is still the case anyway. –  Sep 01 '11 at 03:03

13 Answers13

30

Try PEiD

of course if they used a packer, some unpacking will need to be done first :)

shadow
  • 20,147
  • 4
  • 49
  • 71
John T
  • 22,621
  • 11
  • 53
  • 81
  • Does it still exist? If so where do you get it (without sofstsonic's malware)? – Serge Mar 25 '14 at 12:34
  • 2
    Worked and it's funny this app's name means 'FART' in portuguese... :P – delphirules Jun 15 '16 at 14:20
  • PEiD v0.95 (2008.11.03) successfully downloaded from above location and run under Windows 7 Pro 64. However, PEiD says `Not a valid PE file` for most but not all of the .exe and .dll files on my system. My guess is PEiD works for older binaries but isn't up to date for newer ones. – CODE-REaD Sep 15 '16 at 17:08
  • Worked well for me :-) – Rahim Mar 04 '19 at 23:36
13

Start it up and check what run-time DLLs it uses with Process Explorer.

If that doesn't make it immediately obvious, search the web for references to those DLLs.

Most disassemblers (including Olly I think) can easily show you the text contained in an EXE or DLL, and that can also sometimes give a clue. Delphi types are often prefixed with T as in TMyClass.

If it's a small executable with no DLL references and no text you might be SOL. At that point you'd need to look for idioms of particular compilers, and it would be mostly guesswork.

Ed Guiness
  • 33,233
  • 16
  • 102
  • 141
9

There is an art to detecting what language a program was written in. It is possible but there are no hard and fast rules. It takes a lot of experience (and it also leads to the question "Why would you want to..." but here are a few ideas on how to go about it.

What you're looking for is a "signature". The signature could be a certain string that is included by the compiler, a reference to an API that is quite common in the programming tool being used, or even a style of programing that is common to the tools being used, visible in the strings contained in the application.

In addition, there are styles to how an application is deployed: various configuration files found in the deployment directory, dlls and assemblies and even images, directories or icons.

Java applications wrapped in a self-launching executable will contain references to java libs, and will likely have certain libraries or files included in the same directory that indicate that it's java.

As indicated in other answers a managed assembly will show certain signs as well: you can open it in Reflector etc. While it is correct that c# and VB are "interchangable" once compiled, it is not true that they are identical. If you use Reflector to disassemble VB code you will quite often see that the assembly references the Microsoft.VisualBasic.dll assembly. You'll be able to tell the difference between Mono applications because they will most likely contain references to the mono assemblies.

Many compilers assemble and link code in certain ways, and leave footprints behind. For example, examining a window executable using "strings: tab in Process Explorer, you'll see a lot of strings. Using these you may be able to determine programming styles, methods called, error or trace methods withint the exe.

An example is that compilers use different mechanisms for localization: Microsoft stores localized strings in XML files or resource files. Other compilers will use a different tactic.

Another example is c++ name mangling. The CodeWarrior compiler uses a different algorithm to mangle the names of the member variables and functions of a call than Visual Studio.

I suppose you could write a book on the subject of accurately determining the lineage of any executable. This subject would probably be called "programming archeology".

Blue Toque
  • 1,749
  • 13
  • 22
3

You could try using Depends to see what runtime dependancies it has, which might give some clues.

Paul Dixon
  • 277,937
  • 48
  • 303
  • 335
2

The easiest way is to ask the developer of the program. It does not require any knowledge and utility programs.

HS.
  • 2,505
  • 2
  • 20
  • 28
1

Compiled languages (by this I mean no scripting languages, or Java, .NET, etc.) are compiled into CPU assembly instructions, which is essentially a one-way conversion. It is not usually possible to determine which language a program was written in. However, using a dependency walker, you could potentially determine which runtime library the program was loading (if any) and therefore determine which language it used (e.g. MS Visual C++ 9 uses msvcr90.dll).

jgottula
  • 1,216
  • 2
  • 11
  • 17
1

you can check is that a .net assembly or not by trying to open with ildasm.exe tool

Arsen Mkrtchyan
  • 47,086
  • 29
  • 143
  • 178
  • But what bout the different languages in .Net. – rahul Aug 31 '09 at 04:53
  • 2
    phoenix - no way to determine that. C# and VB.NET are interchangeable once compiled. – Beep beep Aug 31 '09 at 04:56
  • yea, no way to determine that because all .net languages compile the code to the same IL language – Arsen Mkrtchyan Aug 31 '09 at 05:00
  • I think VB leaves some weird stuff in its IL executables. Stuff that C# and other IL languages don't bother with, because VB is weird. – jgottula Aug 31 '09 at 05:04
  • 1
    interchangeable but NOT identical. For example VB implements the c# "?" operator as a function call to Iif(). VB includes Microsoft.VisualBasic for a lot of things. – Blue Toque Aug 31 '09 at 05:21
1
  • Determine Delphi Application
  • Use eda_preview270.exe (from here) or some other spy tool and check the window class names. If they read like TButton or TfrmBlubb, it's a VCL app. If there is an "Afx" in them, it's probably MFC.
Uli Gerhardt
  • 13,290
  • 1
  • 42
  • 81
0

In general, you can't.

If you can load it into Reflector, you know it is a managed assembly.

i_am_jorf
  • 51,120
  • 15
  • 123
  • 214
0

That's a good question. There isn't any general way to tell, but I bet most compilers and libraries leave a mark in the resulting EXE file. If you wanted to spend a lot of time on it, you could gather a bunch of EXEs written in known languages and scan for common strings. I would image you'd find some.

Dependancy Walker, which someone else mentioned would be a good way to look for telltale dependencies, like versions of MSVCRT, etc

Chad Okere
  • 4,474
  • 1
  • 19
  • 19
0

If I remember correctly PE Explorer Disassembler gives some information about compiler that creates given not .net and java binary, for .net use Reflector or ILDAsm tool

Arsen Mkrtchyan
  • 47,086
  • 29
  • 143
  • 178
0

i'd try running the .exe thru a 'strings' program to get assorted hints.

Scott Evernden
  • 35,319
  • 14
  • 75
  • 83
0

The easiest way that I found (at least in computer games) was to look in the "redist" folder nested within the game's main folder. It might be obvious to some of you that are more experienced in programming yourself, but the specific purpose of the MSI in this folder is to allow the setup.exe file to automatically install the prerequisites for the game itself. For example: In Empire Total War, there is an MSI called "vcredist_x86-sp1.exe". This indicates that the game/program was written in Microsoft's "Visual C 2005" in the .NET Framework (usually). In fact, if you open the MSI/EXE, the installer should immediately indicate the language it's written in and which version. The reason I'm familiar is because I code in C# and VB in the .NET Framework and we auto-install the prerequisites for our business app. Hope this helps!

ITGuyOU
  • 29
  • 5