Determine Windows version and SP version from file time & date stamps?

Posted on 2011-03-02
Medium Priority
Last Modified: 2012-05-11
I have a laptop PC with a hard drive that won't boot and a Product Key sticker that's worn and illegible.  I was wondering if I can put the drive in a different computer and use the time/date stamp on explorer.exe (or some other system file) to determine the correct version of Windows and the installed service pack.  I know this is possible with XP and I already have a written reference for that O/S - but this is either Vista or 7 and I can't find anything on the Web about it.

Any insight would be greatly appreciated.

Question by:Chris Collins
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 33

Expert Comment

by:Paul Sauvé
ID: 35021842

Assuming the other computer will boot properly, right-click the My computer icon on the desktop and select Properties. You will see the product Key, Windows OS version and the installed service pack.

Author Comment

by:Chris Collins
ID: 35022592
Sorry, I guess I wasn't clear about what I need to do.

When I put the drive that won't boot into a different PC, it would be a PC that already has its own working hard drive and version of Windows.  So, the bad drive I put into it would just be a slave - not a boot drive.  Therefore, the only access I would have to it is through the Windows Explorer or the command line of the known-good system I put the drive into and I would only be able to view its file contents.
LVL 47

Expert Comment

by:Jackie Man
ID: 35023898
Yes, attach the bad HDD as a slave drive in another computer ("working PC"). Install ProduKey v1.46 in the working PC. If the bad HDD is still accessible, you will be able to locate the Windows product key  and its OS version of the bad HDD. Details are as follows:-

According to the advice if johnb6767, it says:-

"ProduKey v1.46 - Recover lost Windows product key (CD-Key) and Office 2003/2007 product key.

File>Select Source>and either the 3rd or 4th option will suffice....

3rd option, point to the <DEAD DRIVE>:\Windows
4th, <DEAD DRIVE>:\Windows\System32\Config\SOFTWARE

Source: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_26791136.html

Try ProduKey to locate the cd keys that you want."

Source: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_26828220.html
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

LVL 12

Expert Comment

by:John Griffith
ID: 35025692
Viewing the "details" tab of most OS drivers should tell you OS & version number.  

Look through c:\windows\system32\drivers or also check \windows\explorer.exe

Also, sort the drivers by date.  If you find July 13, 2009 on most - it is Windows 7.  If

April 11, 2009 = Vista SP2.


Regards. . .

LVL 20

Expert Comment

ID: 35028745
With ProduKey, if you right-click on the found key and select "properties," it will also tell you the service pack. However, it doesn't tell you whether it's 32-bit or 63-bit.

Another way is to check the Windows registry stored on the drive:

Those instructions are for XP, but still apply to Vista and 7. However, in Vista and 7 there's also a string called "BuildLabEx" that will let you know whether the version installed is 32-bit or 64-bit. if the string has "x86" in it, it's 32-bit, while if it has "amd64" in it, then it's 64-bit.

Author Comment

by:Chris Collins
ID: 35057296
Sorry folks, I ended up being out of commission for a couple of days and din't have an opportunity to post a new comment here.  

Thanks for the suggestions about ProduKey.  I have worked with that before and tried what you all suggested.  Unfortunately, when using ProduKey to point to the Windows folder and/or Windows\System32\Config\Software hive file on the dead drive, nothing shows up in the ProduKey main window.

I am about to try the SkullSecurity link referenced in the comment directly above this one and we'll see how that works out.

Meanwhile, I'm still curious about my original question - are there time/date stamps on system files in Windows Vista/7 that will indicate the version and SP?  Anyone who knows the answer to that - please let me know.

Thanks again, all.
LVL 20

Expert Comment

ID: 35057820
Meanwhile, I'm still curious about my original question - are there time/date stamps on system files in Windows Vista/7 that will indicate the version and SP?

jcgriff2 posted above a link to supposed timestamps for specific versions/SPs of Windows, but I don't think it's terribly accurate to try and gauge a system that way.

For example, the link stats that a Vista SP2 should have driver files stamped 4/11/2009. However, only 26 of 295 driver files in my system32/drivers folder are from 4/11/2009. There's an additional 45 driver files dated 4/10/2009, but even counting those it only totals 71 of 295 files, not a majority.

Meanwhile, my system has 131 driver files from 1/20/2008, the date for SP1, far more files than it has for SP2's date(s). If one wasn't careful, they may mistakenly think my system is still SP1.

Finally, I have 27 driver files dated 11/2/2006, the date for RTM (SP0). However, I have a handful of files from before that date, which doesn't seem technically possible.  I also have files with dates between all the SPs, and some after SP2.

The problem with timestamps is that Windows will replace files based on security updates and the like, so there's never going to be a single consistent date. A system that was installed with Vista SP2 from the beginning may have mostly SP2-dated files, but one that had Vista earlier and upgraded through the SPs, like mine, is going to have a hodge-podge of dates.

Also, the files aren't going to tell you which Edition of windows it is (i.e. Home or Pro) or what License it was (i.e. OEM or Retail). Nor can I find a way to see if a given driver is 32-bit or 64-bit, although most Windows 64-bit installs (all?) are going to have a "Program Files (x86)" directory on the drive.

Author Comment

by:Chris Collins
ID: 35057975
marsilies -

I did see that but was as dubious about it as you are.  What I'm really curious about, I suppose, is whether a file such as EXPLORER.EXE (whose time/date stamp is likely to to change only when a SP is installed) might be telling as to the particular version of Windows.  In my experience, that was the case in XP.  I have a reference that I use often for that purpose where Windows XP is concerned.  But I have not been able to find any similar reference source for Windows Vista or 7.

As curious as I am, the bottom line is that I have a dead drive with a version of Windows on it that I can't identify.  I am attempting some offline registry access now (as per your suggestion via the SkullSecurity link). So, I'll let you know how that goes.

LVL 20

Expert Comment

ID: 35058086
What is the reference you use for XP?

Author Comment

by:Chris Collins
ID: 35058416
I don't remember where I got this from but, basically, for XP the following EXPLORER.EXE time/date stamps indicate the Service Pack version:

No SP = 08/23/2001 05:00 AM
SP1    = 08/29/2002 03:41 AM
SP2    = 06/13/2007 03:23 AM
SP3    = 04/14/2008 05:42 AM

This is especially helpful to me because there are times when I find it necessary to remove Service Pack 3 if I have to conduct a repair install on a non-bootable drive.  Also, a quick look in BOOT.INI indicates the XP edition.

Unfortunately, in Vista and 7, the BOOT.INI has been integrated into something else and I don't have any reference for the SP version using EXPLORER.EXE time/date stamps.

LVL 20

Accepted Solution

marsilies earned 1000 total points
ID: 35058992
That date for SP2, 6/13/2007, is far too recent to be the date of the explorer.exe file that came with SP2, it's more likely the date of a security update for SP2 that replaced explorer.exe. SP2 for XP was released on August 25, 2004.

You could use the release dates as a rough rule-of-thumb. If the file is dated after the release of one service pack, but before the release of the next service pack, then it's likely that. However, there's a possibility that a security update could replace the file with a newly-dated one for two service packs at once (presuming MS is still supporting an earlier service pack). This could easily cause confusion, especially if you're only checking the date of one file.

The boot.ini file has been replaced by Boot Configuration Data (BCD) in Vista/7 . You can edit it using a tool like EasyBCD, but just checking my BCD, it looks like it doesn't store the Edition name in the entry (possibly due to the Anytime Upgrade process in Vista/7 means that the Edition could change without a full re-install/upgrade occurring).


For my money, checking the registry on the drive for this info is still the most reliable method.

Author Closing Comment

by:Chris Collins
ID: 35059839
This person really seems to know his stuff.  Kudos.

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article summaries thoughts and ideas from two years of sustained use. It provides good reasoning to make the jump to Windows 10.
Determining the an SCCM package name from the Package ID
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question