Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Determine Windows version and SP version from file time & date stamps?

Posted on 2011-03-02
Medium Priority
Last Modified: 2012-05-11
I have a laptop PC with a hard drive that won't boot and a Product Key sticker that's worn and illegible.  I was wondering if I can put the drive in a different computer and use the time/date stamp on explorer.exe (or some other system file) to determine the correct version of Windows and the installed service pack.  I know this is possible with XP and I already have a written reference for that O/S - but this is either Vista or 7 and I can't find anything on the Web about it.

Any insight would be greatly appreciated.

Question by:Chris Collins
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 33

Expert Comment

by:Paul Sauvé
ID: 35021842

Assuming the other computer will boot properly, right-click the My computer icon on the desktop and select Properties. You will see the product Key, Windows OS version and the installed service pack.

Author Comment

by:Chris Collins
ID: 35022592
Sorry, I guess I wasn't clear about what I need to do.

When I put the drive that won't boot into a different PC, it would be a PC that already has its own working hard drive and version of Windows.  So, the bad drive I put into it would just be a slave - not a boot drive.  Therefore, the only access I would have to it is through the Windows Explorer or the command line of the known-good system I put the drive into and I would only be able to view its file contents.
LVL 49

Expert Comment

by:Jackie Man
ID: 35023898
Yes, attach the bad HDD as a slave drive in another computer ("working PC"). Install ProduKey v1.46 in the working PC. If the bad HDD is still accessible, you will be able to locate the Windows product key  and its OS version of the bad HDD. Details are as follows:-

According to the advice if johnb6767, it says:-

"ProduKey v1.46 - Recover lost Windows product key (CD-Key) and Office 2003/2007 product key.

File>Select Source>and either the 3rd or 4th option will suffice....

3rd option, point to the <DEAD DRIVE>:\Windows
4th, <DEAD DRIVE>:\Windows\System32\Config\SOFTWARE

Source: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_26791136.html

Try ProduKey to locate the cd keys that you want."

Source: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_26828220.html
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 12

Expert Comment

by:John Griffith
ID: 35025692
Viewing the "details" tab of most OS drivers should tell you OS & version number.  

Look through c:\windows\system32\drivers or also check \windows\explorer.exe

Also, sort the drivers by date.  If you find July 13, 2009 on most - it is Windows 7.  If

April 11, 2009 = Vista SP2.


Regards. . .

LVL 20

Expert Comment

ID: 35028745
With ProduKey, if you right-click on the found key and select "properties," it will also tell you the service pack. However, it doesn't tell you whether it's 32-bit or 63-bit.

Another way is to check the Windows registry stored on the drive:

Those instructions are for XP, but still apply to Vista and 7. However, in Vista and 7 there's also a string called "BuildLabEx" that will let you know whether the version installed is 32-bit or 64-bit. if the string has "x86" in it, it's 32-bit, while if it has "amd64" in it, then it's 64-bit.

Author Comment

by:Chris Collins
ID: 35057296
Sorry folks, I ended up being out of commission for a couple of days and din't have an opportunity to post a new comment here.  

Thanks for the suggestions about ProduKey.  I have worked with that before and tried what you all suggested.  Unfortunately, when using ProduKey to point to the Windows folder and/or Windows\System32\Config\Software hive file on the dead drive, nothing shows up in the ProduKey main window.

I am about to try the SkullSecurity link referenced in the comment directly above this one and we'll see how that works out.

Meanwhile, I'm still curious about my original question - are there time/date stamps on system files in Windows Vista/7 that will indicate the version and SP?  Anyone who knows the answer to that - please let me know.

Thanks again, all.
LVL 20

Expert Comment

ID: 35057820
Meanwhile, I'm still curious about my original question - are there time/date stamps on system files in Windows Vista/7 that will indicate the version and SP?

jcgriff2 posted above a link to supposed timestamps for specific versions/SPs of Windows, but I don't think it's terribly accurate to try and gauge a system that way.

For example, the link stats that a Vista SP2 should have driver files stamped 4/11/2009. However, only 26 of 295 driver files in my system32/drivers folder are from 4/11/2009. There's an additional 45 driver files dated 4/10/2009, but even counting those it only totals 71 of 295 files, not a majority.

Meanwhile, my system has 131 driver files from 1/20/2008, the date for SP1, far more files than it has for SP2's date(s). If one wasn't careful, they may mistakenly think my system is still SP1.

Finally, I have 27 driver files dated 11/2/2006, the date for RTM (SP0). However, I have a handful of files from before that date, which doesn't seem technically possible.  I also have files with dates between all the SPs, and some after SP2.

The problem with timestamps is that Windows will replace files based on security updates and the like, so there's never going to be a single consistent date. A system that was installed with Vista SP2 from the beginning may have mostly SP2-dated files, but one that had Vista earlier and upgraded through the SPs, like mine, is going to have a hodge-podge of dates.

Also, the files aren't going to tell you which Edition of windows it is (i.e. Home or Pro) or what License it was (i.e. OEM or Retail). Nor can I find a way to see if a given driver is 32-bit or 64-bit, although most Windows 64-bit installs (all?) are going to have a "Program Files (x86)" directory on the drive.

Author Comment

by:Chris Collins
ID: 35057975
marsilies -

I did see that but was as dubious about it as you are.  What I'm really curious about, I suppose, is whether a file such as EXPLORER.EXE (whose time/date stamp is likely to to change only when a SP is installed) might be telling as to the particular version of Windows.  In my experience, that was the case in XP.  I have a reference that I use often for that purpose where Windows XP is concerned.  But I have not been able to find any similar reference source for Windows Vista or 7.

As curious as I am, the bottom line is that I have a dead drive with a version of Windows on it that I can't identify.  I am attempting some offline registry access now (as per your suggestion via the SkullSecurity link). So, I'll let you know how that goes.

LVL 20

Expert Comment

ID: 35058086
What is the reference you use for XP?

Author Comment

by:Chris Collins
ID: 35058416
I don't remember where I got this from but, basically, for XP the following EXPLORER.EXE time/date stamps indicate the Service Pack version:

No SP = 08/23/2001 05:00 AM
SP1    = 08/29/2002 03:41 AM
SP2    = 06/13/2007 03:23 AM
SP3    = 04/14/2008 05:42 AM

This is especially helpful to me because there are times when I find it necessary to remove Service Pack 3 if I have to conduct a repair install on a non-bootable drive.  Also, a quick look in BOOT.INI indicates the XP edition.

Unfortunately, in Vista and 7, the BOOT.INI has been integrated into something else and I don't have any reference for the SP version using EXPLORER.EXE time/date stamps.

LVL 20

Accepted Solution

marsilies earned 1000 total points
ID: 35058992
That date for SP2, 6/13/2007, is far too recent to be the date of the explorer.exe file that came with SP2, it's more likely the date of a security update for SP2 that replaced explorer.exe. SP2 for XP was released on August 25, 2004.

You could use the release dates as a rough rule-of-thumb. If the file is dated after the release of one service pack, but before the release of the next service pack, then it's likely that. However, there's a possibility that a security update could replace the file with a newly-dated one for two service packs at once (presuming MS is still supporting an earlier service pack). This could easily cause confusion, especially if you're only checking the date of one file.

The boot.ini file has been replaced by Boot Configuration Data (BCD) in Vista/7 . You can edit it using a tool like EasyBCD, but just checking my BCD, it looks like it doesn't store the Edition name in the entry (possibly due to the Anytime Upgrade process in Vista/7 means that the Edition could change without a full re-install/upgrade occurring).


For my money, checking the registry on the drive for this info is still the most reliable method.

Author Closing Comment

by:Chris Collins
ID: 35059839
This person really seems to know his stuff.  Kudos.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question