Solved

Determine Windows version and SP version from file time & date stamps?

Posted on 2011-03-02
12
732 Views
Last Modified: 2012-05-11
I have a laptop PC with a hard drive that won't boot and a Product Key sticker that's worn and illegible.  I was wondering if I can put the drive in a different computer and use the time/date stamp on explorer.exe (or some other system file) to determine the correct version of Windows and the installed service pack.  I know this is possible with XP and I already have a written reference for that O/S - but this is either Vista or 7 and I can't find anything on the Web about it.

Any insight would be greatly appreciated.

Thanks.
0
Comment
Question by:chris-ce
12 Comments
 
LVL 31

Expert Comment

by:Paul Sauvé
ID: 35021842

Assuming the other computer will boot properly, right-click the My computer icon on the desktop and select Properties. You will see the product Key, Windows OS version and the installed service pack.
0
 

Author Comment

by:chris-ce
ID: 35022592
Sorry, I guess I wasn't clear about what I need to do.

When I put the drive that won't boot into a different PC, it would be a PC that already has its own working hard drive and version of Windows.  So, the bad drive I put into it would just be a slave - not a boot drive.  Therefore, the only access I would have to it is through the Windows Explorer or the command line of the known-good system I put the drive into and I would only be able to view its file contents.
0
 
LVL 41

Expert Comment

by:Jackie Man
ID: 35023898
Yes, attach the bad HDD as a slave drive in another computer ("working PC"). Install ProduKey v1.46 in the working PC. If the bad HDD is still accessible, you will be able to locate the Windows product key  and its OS version of the bad HDD. Details are as follows:-

According to the advice if johnb6767, it says:-

"ProduKey v1.46 - Recover lost Windows product key (CD-Key) and Office 2003/2007 product key.
http://www.nirsoft.net/utils/product_cd_key_viewer.html

File>Select Source>and either the 3rd or 4th option will suffice....

3rd option, point to the <DEAD DRIVE>:\Windows
4th, <DEAD DRIVE>:\Windows\System32\Config\SOFTWARE

Source: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_26791136.html

Try ProduKey to locate the cd keys that you want."

Source: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_26828220.html
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 35025692
Viewing the "details" tab of most OS drivers should tell you OS & version number.  

Look through c:\windows\system32\drivers or also check \windows\explorer.exe

Also, sort the drivers by date.  If you find July 13, 2009 on most - it is Windows 7.  If

April 11, 2009 = Vista SP2.

http://jcgriff2.com/0x1/Windows_OS_Driver_Base_Timestamps.html

Regards. . .

jcgriff2
0
 
LVL 19

Expert Comment

by:marsilies
ID: 35028745
With ProduKey, if you right-click on the found key and select "properties," it will also tell you the service pack. However, it doesn't tell you whether it's 32-bit or 63-bit.


Another way is to check the Windows registry stored on the drive:
http://www.skullsecurity.org/blog/2010/find-the-windows-version-offline

Those instructions are for XP, but still apply to Vista and 7. However, in Vista and 7 there's also a string called "BuildLabEx" that will let you know whether the version installed is 32-bit or 64-bit. if the string has "x86" in it, it's 32-bit, while if it has "amd64" in it, then it's 64-bit.
0
 

Author Comment

by:chris-ce
ID: 35057296
Sorry folks, I ended up being out of commission for a couple of days and din't have an opportunity to post a new comment here.  

Thanks for the suggestions about ProduKey.  I have worked with that before and tried what you all suggested.  Unfortunately, when using ProduKey to point to the Windows folder and/or Windows\System32\Config\Software hive file on the dead drive, nothing shows up in the ProduKey main window.

I am about to try the SkullSecurity link referenced in the comment directly above this one and we'll see how that works out.

Meanwhile, I'm still curious about my original question - are there time/date stamps on system files in Windows Vista/7 that will indicate the version and SP?  Anyone who knows the answer to that - please let me know.

Thanks again, all.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 19

Expert Comment

by:marsilies
ID: 35057820
Meanwhile, I'm still curious about my original question - are there time/date stamps on system files in Windows Vista/7 that will indicate the version and SP?

jcgriff2 posted above a link to supposed timestamps for specific versions/SPs of Windows, but I don't think it's terribly accurate to try and gauge a system that way.

For example, the link stats that a Vista SP2 should have driver files stamped 4/11/2009. However, only 26 of 295 driver files in my system32/drivers folder are from 4/11/2009. There's an additional 45 driver files dated 4/10/2009, but even counting those it only totals 71 of 295 files, not a majority.

Meanwhile, my system has 131 driver files from 1/20/2008, the date for SP1, far more files than it has for SP2's date(s). If one wasn't careful, they may mistakenly think my system is still SP1.

Finally, I have 27 driver files dated 11/2/2006, the date for RTM (SP0). However, I have a handful of files from before that date, which doesn't seem technically possible.  I also have files with dates between all the SPs, and some after SP2.

The problem with timestamps is that Windows will replace files based on security updates and the like, so there's never going to be a single consistent date. A system that was installed with Vista SP2 from the beginning may have mostly SP2-dated files, but one that had Vista earlier and upgraded through the SPs, like mine, is going to have a hodge-podge of dates.

Also, the files aren't going to tell you which Edition of windows it is (i.e. Home or Pro) or what License it was (i.e. OEM or Retail). Nor can I find a way to see if a given driver is 32-bit or 64-bit, although most Windows 64-bit installs (all?) are going to have a "Program Files (x86)" directory on the drive.
0
 

Author Comment

by:chris-ce
ID: 35057975
marsilies -

I did see that but was as dubious about it as you are.  What I'm really curious about, I suppose, is whether a file such as EXPLORER.EXE (whose time/date stamp is likely to to change only when a SP is installed) might be telling as to the particular version of Windows.  In my experience, that was the case in XP.  I have a reference that I use often for that purpose where Windows XP is concerned.  But I have not been able to find any similar reference source for Windows Vista or 7.

As curious as I am, the bottom line is that I have a dead drive with a version of Windows on it that I can't identify.  I am attempting some offline registry access now (as per your suggestion via the SkullSecurity link). So, I'll let you know how that goes.

Thanks.
0
 
LVL 19

Expert Comment

by:marsilies
ID: 35058086
What is the reference you use for XP?
0
 

Author Comment

by:chris-ce
ID: 35058416
I don't remember where I got this from but, basically, for XP the following EXPLORER.EXE time/date stamps indicate the Service Pack version:

No SP = 08/23/2001 05:00 AM
SP1    = 08/29/2002 03:41 AM
SP2    = 06/13/2007 03:23 AM
SP3    = 04/14/2008 05:42 AM

This is especially helpful to me because there are times when I find it necessary to remove Service Pack 3 if I have to conduct a repair install on a non-bootable drive.  Also, a quick look in BOOT.INI indicates the XP edition.

Unfortunately, in Vista and 7, the BOOT.INI has been integrated into something else and I don't have any reference for the SP version using EXPLORER.EXE time/date stamps.

0
 
LVL 19

Accepted Solution

by:
marsilies earned 250 total points
ID: 35058992
That date for SP2, 6/13/2007, is far too recent to be the date of the explorer.exe file that came with SP2, it's more likely the date of a security update for SP2 that replaced explorer.exe. SP2 for XP was released on August 25, 2004.
http://en.wikipedia.org/wiki/Windows_XP#Service_packs

You could use the release dates as a rough rule-of-thumb. If the file is dated after the release of one service pack, but before the release of the next service pack, then it's likely that. However, there's a possibility that a security update could replace the file with a newly-dated one for two service packs at once (presuming MS is still supporting an earlier service pack). This could easily cause confusion, especially if you're only checking the date of one file.

The boot.ini file has been replaced by Boot Configuration Data (BCD) in Vista/7 . You can edit it using a tool like EasyBCD, but just checking my BCD, it looks like it doesn't store the Edition name in the entry (possibly due to the Anytime Upgrade process in Vista/7 means that the Edition could change without a full re-install/upgrade occurring).

http://en.wikipedia.org/wiki/Windows_Vista_startup_process#Boot_Configuration_Data
http://neosmart.net/forums/showthread.php?t=4340

For my money, checking the registry on the drive for this info is still the most reliable method.
0
 

Author Closing Comment

by:chris-ce
ID: 35059839
This person really seems to know his stuff.  Kudos.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now