QualityCentral

Public Report

Report From: Delphi-BCB/Compiler/Delphi/Linker [ Add a report in this area ]

Report #: 54489

Status: Closed

PE Optional Header Timestamp is fixed to 1992 date

Project: Delphi

Build #: 10.0.2558.35231

Version: 10.0

Submitted By: Patrick Kolla-ten Venne

Report Type: Minor failure / Design problem

Date Reported: 11/7/2007 12:33:50 AM

Severity: Commonly encountered problem

Last Updated: 12/18/2007 2:19:44 PM

Platform: All versions

Internal Tracking #:

Resolution: Fixed (Resolution Comments)

Resolved in Build: : 11.0.2902.10471

Duplicate of: None

Voting and Rating

Overall Rating: No Ratings Yet

0.00 out of 5

Total Votes: None

Description

Delphi creates executables for Windows 32.
Windows 32 executables do have the Portable Executable file format.
PE files do have special headers, including an "optional header".
Delphi apps have this optional header.
The PE Optional Header includes a TimeStamp field.

All Delphi applications have a fixed value for the timestamp field: $2A425E19, which means June 19th, 1992, 23:22:17.

Ok, it's nice to have a field that can be easily used to identify an application was written with Delphi, here's the Microsoft documention on these PE/COFF fields though:
http://support.microsoft.com/?scid=kb%3Ben-us%3B121460&x=13&y=13
"Time/Date Stamp: Time and date the file was created."

Since AV and AS software may use the creation date plausibility for heuristics, using the actual creation (linking) time would be much preferred.

Steps to Reproduce:

1. Compile any Delphi Application.
2. Use for example FileAlyzer ( http://www.safer-networking.org/en/filealyzer/index.html ) to view the PE header.
3. Locate the "Time/Date stamp" field.
4. Repeat steps 1 to 3 for other Delphi created applications and compare the timestamps.

Workarounds

None

Attachment

None

Comments

None

Developer Tools

Database Tools