• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 203
  • Last Modified:

How to Tell If Two Executable (Binary) Windows Files are the same

I am attempting to compare two executables that are compiled from the same source code within Visual Studio 2008 and Visual Studio 2010. When I attempt to use WinMerge or PE Explorer, I can get the same source code showing several variations from one another even though they were compiled from the same source code. For instance if I were to compile executable_A at 1pm and then compile executable_B at 2pm, I would end up with several distinctions within the *.exe file itself when comparing them with WinMerge or PE Explorer. From using these programs, I have found that the date/time stamp of when the *.exe was created is different and embedded into the *.exe as well as there is something called a "magic number" that is different if you were to compile the same source code on two different computers. I was wondering if someone knew of a way to make the executables be the same throughout the entire executable file, by removing the date/time stamp or removing the "magic number" that is found when using these two applications to compare *.exe. (During the testing of these applications, I used some source code that was compiled in Visual Basic, C++, and C#. All languages ended up with the same results.)

Any help that could be provided on this issue would be greatly appreciated.
0
thenthorn1010
Asked:
thenthorn1010
  • 4
  • 2
4 Solutions
 
Bill NolanOwner, Lead Technology ProgrammerCommented:
There may be a prettier way to do this, but just a couple ideas:

1) Examine the compiler options and docs closely.  There may be switches, etc., to keep that data out, or to manually set it.
2) Depending on exactly what is being embedded, you may be able to fake it (by rigging the system clock, e.g.).  Cheesy.
3) If the differences are small and are written to a static header, you may be able to simply figure out where they are and ignore them (or copy from one to the other if you need to make them match).
0
 
TommySzalapskiCommented:
Since you are in Windows, you are creating PE files (.exe files) which follow a specific format regardless of the language used.
For lots of info on the PE format, see: http://msdn.microsoft.com/en-us/library/ms809762.aspx

There is a timestamp as well as a linker version that go in the header. Those would naturally be different based on compiler version and time.
0
 
TommySzalapskiCommented:
The 'magic' number in the PE header is always the ASCII code for "MZ" so I'm not sure what magic number you are referring to.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
thenthorn1010Author Commented:
TommySzalapski,

Thank you for the link to the article. It did help explain a lot to me about the PE file format. I was wondering if by chance you knew how to turn off the settings for having all of the information that was mentioned above from any *.EXE that is compiled and built within Windows. (I am being forced to use legacy code on Microsoft Visual C++ version 6 to begin this project, and the person purchasing the code would like to know that they are getting the same code that they have on their FTP site from the source code that they are purchasing.)

Thank you again for any help you can add and for all of the help that you provided.

One question...I was under the impression that the "Magic Number" was unique to each computer because it was representative of the processor that is being used...is that true? Or, why is the magic number the same on each computer, if I am incorrect?
0
 
TommySzalapskiCommented:
The field labelled "magic" is always 010B now (the "MZ" thing was from the old DOS format). There may be other fields that change from computer to computer. I'm not really an expert on the PE format; I've just studied it a bit for some reverse engineering and file decoding.

The Machine field can differ in the processor is different. And all the versions (OS, Image, Subsystem, and especially Linker) could all be different depending on the compiler.

There is no way to "turn off" those options. The only way to do that would be to go into the exe manually (or with a script) and change those values. It generally should not affect the running of the program, but it might mess with things that check compatibility (like Windows 7) because it might say it's incompatible (but it should run fine).
0
 
TommySzalapskiCommented:
That's assuming you are creating standalone exes. If you are creating and using dlls, then the linker version might matter.

Here's the thing though. Who cares if the headers match? Tell the people who have concerns that the headers don't matter and only the image matters. So if the actual code (the non-header portion of the file called the image) is the same, then the two exes should be considered the same.

In fact there's even an image checksum field in the header. If those are being populated and match, just compare those.
0
 
thenthorn1010Author Commented:
Thanks for the in-depth explanation...it helped me tremendously...
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now