Determine Windows version and SP version from file time & date stamps?

I have a laptop PC with a hard drive that won't boot and a Product Key sticker that's worn and illegible.  I was wondering if I can put the drive in a different computer and use the time/date stamp on explorer.exe (or some other system file) to determine the correct version of Windows and the installed service pack.  I know this is possible with XP and I already have a written reference for that O/S - but this is either Vista or 7 and I can't find anything on the Web about it.

Any insight would be greatly appreciated.

Chris CollinsOwnerAsked:
Who is Participating?
marsiliesConnect With a Mentor Commented:
That date for SP2, 6/13/2007, is far too recent to be the date of the explorer.exe file that came with SP2, it's more likely the date of a security update for SP2 that replaced explorer.exe. SP2 for XP was released on August 25, 2004.

You could use the release dates as a rough rule-of-thumb. If the file is dated after the release of one service pack, but before the release of the next service pack, then it's likely that. However, there's a possibility that a security update could replace the file with a newly-dated one for two service packs at once (presuming MS is still supporting an earlier service pack). This could easily cause confusion, especially if you're only checking the date of one file.

The boot.ini file has been replaced by Boot Configuration Data (BCD) in Vista/7 . You can edit it using a tool like EasyBCD, but just checking my BCD, it looks like it doesn't store the Edition name in the entry (possibly due to the Anytime Upgrade process in Vista/7 means that the Edition could change without a full re-install/upgrade occurring).

For my money, checking the registry on the drive for this info is still the most reliable method.
Paul SauvéRetiredCommented:

Assuming the other computer will boot properly, right-click the My computer icon on the desktop and select Properties. You will see the product Key, Windows OS version and the installed service pack.
Chris CollinsOwnerAuthor Commented:
Sorry, I guess I wasn't clear about what I need to do.

When I put the drive that won't boot into a different PC, it would be a PC that already has its own working hard drive and version of Windows.  So, the bad drive I put into it would just be a slave - not a boot drive.  Therefore, the only access I would have to it is through the Windows Explorer or the command line of the known-good system I put the drive into and I would only be able to view its file contents.
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Jackie ManCommented:
Yes, attach the bad HDD as a slave drive in another computer ("working PC"). Install ProduKey v1.46 in the working PC. If the bad HDD is still accessible, you will be able to locate the Windows product key  and its OS version of the bad HDD. Details are as follows:-

According to the advice if johnb6767, it says:-

"ProduKey v1.46 - Recover lost Windows product key (CD-Key) and Office 2003/2007 product key.

File>Select Source>and either the 3rd or 4th option will suffice....

3rd option, point to the <DEAD DRIVE>:\Windows
4th, <DEAD DRIVE>:\Windows\System32\Config\SOFTWARE


Try ProduKey to locate the cd keys that you want."

John GriffithConsultantCommented:
Viewing the "details" tab of most OS drivers should tell you OS & version number.  

Look through c:\windows\system32\drivers or also check \windows\explorer.exe

Also, sort the drivers by date.  If you find July 13, 2009 on most - it is Windows 7.  If

April 11, 2009 = Vista SP2.

Regards. . .

With ProduKey, if you right-click on the found key and select "properties," it will also tell you the service pack. However, it doesn't tell you whether it's 32-bit or 63-bit.

Another way is to check the Windows registry stored on the drive:

Those instructions are for XP, but still apply to Vista and 7. However, in Vista and 7 there's also a string called "BuildLabEx" that will let you know whether the version installed is 32-bit or 64-bit. if the string has "x86" in it, it's 32-bit, while if it has "amd64" in it, then it's 64-bit.
Chris CollinsOwnerAuthor Commented:
Sorry folks, I ended up being out of commission for a couple of days and din't have an opportunity to post a new comment here.  

Thanks for the suggestions about ProduKey.  I have worked with that before and tried what you all suggested.  Unfortunately, when using ProduKey to point to the Windows folder and/or Windows\System32\Config\Software hive file on the dead drive, nothing shows up in the ProduKey main window.

I am about to try the SkullSecurity link referenced in the comment directly above this one and we'll see how that works out.

Meanwhile, I'm still curious about my original question - are there time/date stamps on system files in Windows Vista/7 that will indicate the version and SP?  Anyone who knows the answer to that - please let me know.

Thanks again, all.
Meanwhile, I'm still curious about my original question - are there time/date stamps on system files in Windows Vista/7 that will indicate the version and SP?

jcgriff2 posted above a link to supposed timestamps for specific versions/SPs of Windows, but I don't think it's terribly accurate to try and gauge a system that way.

For example, the link stats that a Vista SP2 should have driver files stamped 4/11/2009. However, only 26 of 295 driver files in my system32/drivers folder are from 4/11/2009. There's an additional 45 driver files dated 4/10/2009, but even counting those it only totals 71 of 295 files, not a majority.

Meanwhile, my system has 131 driver files from 1/20/2008, the date for SP1, far more files than it has for SP2's date(s). If one wasn't careful, they may mistakenly think my system is still SP1.

Finally, I have 27 driver files dated 11/2/2006, the date for RTM (SP0). However, I have a handful of files from before that date, which doesn't seem technically possible.  I also have files with dates between all the SPs, and some after SP2.

The problem with timestamps is that Windows will replace files based on security updates and the like, so there's never going to be a single consistent date. A system that was installed with Vista SP2 from the beginning may have mostly SP2-dated files, but one that had Vista earlier and upgraded through the SPs, like mine, is going to have a hodge-podge of dates.

Also, the files aren't going to tell you which Edition of windows it is (i.e. Home or Pro) or what License it was (i.e. OEM or Retail). Nor can I find a way to see if a given driver is 32-bit or 64-bit, although most Windows 64-bit installs (all?) are going to have a "Program Files (x86)" directory on the drive.
Chris CollinsOwnerAuthor Commented:
marsilies -

I did see that but was as dubious about it as you are.  What I'm really curious about, I suppose, is whether a file such as EXPLORER.EXE (whose time/date stamp is likely to to change only when a SP is installed) might be telling as to the particular version of Windows.  In my experience, that was the case in XP.  I have a reference that I use often for that purpose where Windows XP is concerned.  But I have not been able to find any similar reference source for Windows Vista or 7.

As curious as I am, the bottom line is that I have a dead drive with a version of Windows on it that I can't identify.  I am attempting some offline registry access now (as per your suggestion via the SkullSecurity link). So, I'll let you know how that goes.

What is the reference you use for XP?
Chris CollinsOwnerAuthor Commented:
I don't remember where I got this from but, basically, for XP the following EXPLORER.EXE time/date stamps indicate the Service Pack version:

No SP = 08/23/2001 05:00 AM
SP1    = 08/29/2002 03:41 AM
SP2    = 06/13/2007 03:23 AM
SP3    = 04/14/2008 05:42 AM

This is especially helpful to me because there are times when I find it necessary to remove Service Pack 3 if I have to conduct a repair install on a non-bootable drive.  Also, a quick look in BOOT.INI indicates the XP edition.

Unfortunately, in Vista and 7, the BOOT.INI has been integrated into something else and I don't have any reference for the SP version using EXPLORER.EXE time/date stamps.

Chris CollinsOwnerAuthor Commented:
This person really seems to know his stuff.  Kudos.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.