What Portions of Executable Files Need to Match for Executable Files to Be Confirmed as Being Similar
Posted on 2011-10-25
I am attempting to compare two executables that are compiled from the same source code. (Both executables are being compiled from the same source code without any changes to the code or the environment settings.) After attempting to use PE Explorer, I found that there were too many differences within the file header and data sections to definitively say that two executables were the same. Using the PE format of exectuables, what pieces of the executable must match in order for the two executables to be considered the same? For instance each time you compile the code, you end up with a different checksum number and a different date/time stamp on the executable. If I wanted the main pieces of code to be the same when I compiled it on another PC, assuming that all of the environment variables within Visual Studio were set to be the same as the first PC, what section of the PE executable file would I look at? (I am thinking that I am going to have to manually write an application that will go through the header and ignore all of the data and just do a comparison on the information on the data section of the PE executables. If I am incorrect in my assumption on how to show that the two files are similar or different, please let me know of any other ideas. I do not have a lot of time to complete this task, and I was wondering if anyone knew of any other third party tools that would examine only the data sections of the PE executable files to determine if the executables are a match.
Thank you in advance for any help that you could provide...it is greatly appreciated.