A common technique is to simply grep the binary file image for a known text-string that is also distinctly present in (and somehow used in) the program in question. (You do have to make sure that the string is actually used somehow so that a compiler does not optimize it away as dead-code or dead-data.)
In some environments (e.g. Windows) it is possible to specify version-identifying metadata which is inserted into the library or executable expressly for this purpose ... and any sort of named character-string can be put there.
A third strategy that's used in larger organizations is to calculate and to store the sha1sum signature of every software asset, which is used both as a positive form of identification and as a guard against unauthorized modification of that asset. This is similar to the idea of cryptographic "code signing," which in some environments can be used at the operating-system level to prevent the execution (at all!) of code that is not signed as the organization demands it to be.
The answer to the general question of "reverse engineering" is simply that, in the general case, it cannot be done. Optimizing compilers produce outputs which are functionally equivalent to what the source code said, but not directly comparable (let alone "reversible") to it.
Last edited by sundialsvcs; 05-07-2014 at 07:58 AM.
|