Do you have plans for recording other Microsoft tool IDs in comp_id.txt?

Question

Do you have plans for recording other Microsoft tool IDs in comp_id.txt?

Closed this issue 2 years ago · 3 comments

There are other Microsoft tools that leave their fingerprints in the P.E. binary Rich header structure.
For example, CvtCIL, Link time code generator (LTCG), program guided optimization (POGO), etc.

https://github.com/avast/pelib/blob/master/src/pelib/RichHeader.cpp
https://hasherezade.github.io/bearparser/_rich_hdr_wrapper_8cpp_source.html
etc.

It seems that we could all benefit from a unified list instead of multiple incomplete implementations.

Answer 1 · 2023-03-17T20:21:09.000Z

It sure sounds interesting.
I experimented with LTCG and PGO options for C and C++, and got additional fields in richheader ("Utc1900_LTCG_C", "Utc1900_LTCG_CPP", "Utc1900_POGO_I_C", "Utc1900_POGO_I_CPP" in bearparser repo). I also got "Cvtpgd1900" (00fe), but strangely enough, it has no build number (i.e., comp_id is simply 00fe0000).
I added these fields for current VS2022 releases. Since I use three-letter codes for the tools, the new ones are a bit clumsy... Maybe they need to be longer.

As for the other tools, I am not sure how to get them in the header. E.g., I couldn't get any of these:
AliasObj1400 (00fd)
Utc1900_CVTCIL_C (0106)
Utc1900_CVTCIL_CPP (0107)
Utc1900_LTCG_MSIL (010a)
Utc1900_POGO_O_C (010d)
Utc1900_POGO_O_CPP (010e)
Can you advise how to get them in the rich header?

Answer 2 · 2023-03-17T20:48:50.000Z

I suspect something like cl -Zi hello.cpp /EHsc -O2 /GL -link -debug /LTCG /GENPROFILE The relevant options are /GL, /LTCG, and /GENPROFILE I don’t have much experience with LTCG… yet. From: dishather ***@***.***> Sent: Friday, March 17, 2023 4:21 PM To: dishather/richprint ***@***.***> Cc: Mike Stratoti ***@***.***>; Author ***@***.***> Subject: Re: [dishather/richprint] Do you have plans for recording other Microsoft tool IDs in comp_id.txt? (Issue #3) WARNING: This email originated from outside of the organization. DO NOT click links, open attachments, or respond unless you recognize the sender and know the content is safe.

…

________________________________ It sure sounds interesting. I experimented with LTCG and PGO options for C and C++, and got additional fields in richheader ("Utc1900_LTCG_C", "Utc1900_LTCG_CPP", "Utc1900_POGO_I_C", "Utc1900_POGO_I_CPP" in bearparser repo). I also got "Cvtpgd1900" (00fe), but strangely enough, it has no build number (i.e., comp_id is simply 00fe0000). I added these fields for current VS2022 releases. Since I use three-letter codes for the tools, the new ones are a bit clumsy... Maybe they need to be longer. As for the other tools, I am not sure how to get them in the header. E.g., I couldn't get any of these: AliasObj1400 (00fd) Utc1900_CVTCIL_C (0106) Utc1900_CVTCIL_CPP (0107) Utc1900_LTCG_MSIL (010a) Utc1900_POGO_O_C (010d) Utc1900_POGO_O_CPP (010e) Can you advise how to get them in the rich header? — Reply to this email directly, view it on GitHub<https://urldefense.com/v3/__https:/github.com/dishather/richprint/issues/3*issuecomment-1474366794__;Iw!!F1Q1IbZmrAg!EdkujfFo99nCLaYOFDIt8mfv9RTeSWwK_6WS4YcxsYNIGZ_NXEgP35N8QOWf8GGH-qap3FGNNXKQYzzWI4_2UN1SOhTs$>, or unsubscribe<https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AX76GFXRZAC4IG35EKUHUCTW4TBUDANCNFSM6AAAAAAV5JQPPM__;!!F1Q1IbZmrAg!EdkujfFo99nCLaYOFDIt8mfv9RTeSWwK_6WS4YcxsYNIGZ_NXEgP35N8QOWf8GGH-qap3FGNNXKQYzzWI4_2UEwUaarc$>. You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>

________________________________ This email, including any attachments, may contain confidential and/or proprietary information intended only for the use of the recipient. If you are not the intended recipient, any distribution, copying, or use of this email or its attachments is prohibited. If you received this email in error, please reply to the sender immediately and delete this message and any copies. Bentley Systems has taken all reasonable steps to ensure that this communication is free from viruses, data corruption, and unauthorized alteration. Bentley Systems does not accept liability for any damages that may be incurred as a result of this or any communication by email [https://cdn2.webdamdb.com/310th_sm_UnR3pO7k0ir0.jpg?1616176329]

Answer 3 · 2023-03-27T10:48:43.000Z

Well, okay... I've added modern tools (version Utc1900 in bearparser repo), making the file comp_id.txt almost twice as large.
Since I have no means of checking older releases, I marked all added records as interpolated.
I expected to add only VS2022 and perhaps VS2019 records, but ironically, the tools IDs are consistent in VS2022, VS2019, VS2017 and down to VS2015. So the list grew quite large.