Determine Windows version and SP version from file time & date stamps?

Posted on 2011-03-02
Last Modified: 2012-05-11
I have a laptop PC with a hard drive that won't boot and a Product Key sticker that's worn and illegible.  I was wondering if I can put the drive in a different computer and use the time/date stamp on explorer.exe (or some other system file) to determine the correct version of Windows and the installed service pack.  I know this is possible with XP and I already have a written reference for that O/S - but this is either Vista or 7 and I can't find anything on the Web about it.

Any insight would be greatly appreciated.

Question by:chris-ce
LVL 32

Expert Comment

by:Paul Sauvé
ID: 35021842

Assuming the other computer will boot properly, right-click the My computer icon on the desktop and select Properties. You will see the product Key, Windows OS version and the installed service pack.

Author Comment

ID: 35022592
Sorry, I guess I wasn't clear about what I need to do.

When I put the drive that won't boot into a different PC, it would be a PC that already has its own working hard drive and version of Windows.  So, the bad drive I put into it would just be a slave - not a boot drive.  Therefore, the only access I would have to it is through the Windows Explorer or the command line of the known-good system I put the drive into and I would only be able to view its file contents.
LVL 44

Expert Comment

by:Jackie Man
ID: 35023898
Yes, attach the bad HDD as a slave drive in another computer ("working PC"). Install ProduKey v1.46 in the working PC. If the bad HDD is still accessible, you will be able to locate the Windows product key  and its OS version of the bad HDD. Details are as follows:-

According to the advice if johnb6767, it says:-

"ProduKey v1.46 - Recover lost Windows product key (CD-Key) and Office 2003/2007 product key.

File>Select Source>and either the 3rd or 4th option will suffice....

3rd option, point to the <DEAD DRIVE>:\Windows
4th, <DEAD DRIVE>:\Windows\System32\Config\SOFTWARE


Try ProduKey to locate the cd keys that you want."

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

LVL 12

Expert Comment

by:John Griffith
ID: 35025692
Viewing the "details" tab of most OS drivers should tell you OS & version number.  

Look through c:\windows\system32\drivers or also check \windows\explorer.exe

Also, sort the drivers by date.  If you find July 13, 2009 on most - it is Windows 7.  If

April 11, 2009 = Vista SP2.

Regards. . .

LVL 20

Expert Comment

ID: 35028745
With ProduKey, if you right-click on the found key and select "properties," it will also tell you the service pack. However, it doesn't tell you whether it's 32-bit or 63-bit.

Another way is to check the Windows registry stored on the drive:

Those instructions are for XP, but still apply to Vista and 7. However, in Vista and 7 there's also a string called "BuildLabEx" that will let you know whether the version installed is 32-bit or 64-bit. if the string has "x86" in it, it's 32-bit, while if it has "amd64" in it, then it's 64-bit.

Author Comment

ID: 35057296
Sorry folks, I ended up being out of commission for a couple of days and din't have an opportunity to post a new comment here.  

Thanks for the suggestions about ProduKey.  I have worked with that before and tried what you all suggested.  Unfortunately, when using ProduKey to point to the Windows folder and/or Windows\System32\Config\Software hive file on the dead drive, nothing shows up in the ProduKey main window.

I am about to try the SkullSecurity link referenced in the comment directly above this one and we'll see how that works out.

Meanwhile, I'm still curious about my original question - are there time/date stamps on system files in Windows Vista/7 that will indicate the version and SP?  Anyone who knows the answer to that - please let me know.

Thanks again, all.
LVL 20

Expert Comment

ID: 35057820
Meanwhile, I'm still curious about my original question - are there time/date stamps on system files in Windows Vista/7 that will indicate the version and SP?

jcgriff2 posted above a link to supposed timestamps for specific versions/SPs of Windows, but I don't think it's terribly accurate to try and gauge a system that way.

For example, the link stats that a Vista SP2 should have driver files stamped 4/11/2009. However, only 26 of 295 driver files in my system32/drivers folder are from 4/11/2009. There's an additional 45 driver files dated 4/10/2009, but even counting those it only totals 71 of 295 files, not a majority.

Meanwhile, my system has 131 driver files from 1/20/2008, the date for SP1, far more files than it has for SP2's date(s). If one wasn't careful, they may mistakenly think my system is still SP1.

Finally, I have 27 driver files dated 11/2/2006, the date for RTM (SP0). However, I have a handful of files from before that date, which doesn't seem technically possible.  I also have files with dates between all the SPs, and some after SP2.

The problem with timestamps is that Windows will replace files based on security updates and the like, so there's never going to be a single consistent date. A system that was installed with Vista SP2 from the beginning may have mostly SP2-dated files, but one that had Vista earlier and upgraded through the SPs, like mine, is going to have a hodge-podge of dates.

Also, the files aren't going to tell you which Edition of windows it is (i.e. Home or Pro) or what License it was (i.e. OEM or Retail). Nor can I find a way to see if a given driver is 32-bit or 64-bit, although most Windows 64-bit installs (all?) are going to have a "Program Files (x86)" directory on the drive.

Author Comment

ID: 35057975
marsilies -

I did see that but was as dubious about it as you are.  What I'm really curious about, I suppose, is whether a file such as EXPLORER.EXE (whose time/date stamp is likely to to change only when a SP is installed) might be telling as to the particular version of Windows.  In my experience, that was the case in XP.  I have a reference that I use often for that purpose where Windows XP is concerned.  But I have not been able to find any similar reference source for Windows Vista or 7.

As curious as I am, the bottom line is that I have a dead drive with a version of Windows on it that I can't identify.  I am attempting some offline registry access now (as per your suggestion via the SkullSecurity link). So, I'll let you know how that goes.

LVL 20

Expert Comment

ID: 35058086
What is the reference you use for XP?

Author Comment

ID: 35058416
I don't remember where I got this from but, basically, for XP the following EXPLORER.EXE time/date stamps indicate the Service Pack version:

No SP = 08/23/2001 05:00 AM
SP1    = 08/29/2002 03:41 AM
SP2    = 06/13/2007 03:23 AM
SP3    = 04/14/2008 05:42 AM

This is especially helpful to me because there are times when I find it necessary to remove Service Pack 3 if I have to conduct a repair install on a non-bootable drive.  Also, a quick look in BOOT.INI indicates the XP edition.

Unfortunately, in Vista and 7, the BOOT.INI has been integrated into something else and I don't have any reference for the SP version using EXPLORER.EXE time/date stamps.

LVL 20

Accepted Solution

marsilies earned 250 total points
ID: 35058992
That date for SP2, 6/13/2007, is far too recent to be the date of the explorer.exe file that came with SP2, it's more likely the date of a security update for SP2 that replaced explorer.exe. SP2 for XP was released on August 25, 2004.

You could use the release dates as a rough rule-of-thumb. If the file is dated after the release of one service pack, but before the release of the next service pack, then it's likely that. However, there's a possibility that a security update could replace the file with a newly-dated one for two service packs at once (presuming MS is still supporting an earlier service pack). This could easily cause confusion, especially if you're only checking the date of one file.

The boot.ini file has been replaced by Boot Configuration Data (BCD) in Vista/7 . You can edit it using a tool like EasyBCD, but just checking my BCD, it looks like it doesn't store the Edition name in the entry (possibly due to the Anytime Upgrade process in Vista/7 means that the Edition could change without a full re-install/upgrade occurring).

For my money, checking the registry on the drive for this info is still the most reliable method.

Author Closing Comment

ID: 35059839
This person really seems to know his stuff.  Kudos.

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Disk Quota Windows 2012 R2 6 100
Batch File search for Drive Letter 8 44
Change default Permissions for windows services 9 16
Sony EVI-D70 and Skype 2 36
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question