executable comparisons - md5sum, etc.

[jwb]

Hello all,

I just was wondering if any one knows how to compare compiled VB.NET
executables to determine whether or not they are identical. In the dark ages
(read: pre-CLR and .NET) one could simply compute the md5sum of a binary and
determine if it was identical to another file. However, under the .NET
framework, this has changed; building an executable twice will result in two
different sums!

I need a quick and reliable way to verify if two files are the same, and I
cannot rely on the version numbers, for a few reasons. One is that they
change build to build, and two is that I do not want to have to rely on
manually setting the version information in the AssemblyInfo file.

Any help/information would be greatly appreciated.

jwb

 

[Michael Giagnocavo [MVP]]

I just was wondering if any one knows how to compare compiled VB.NET

executables to determine whether or not they are identical. In the dark ages
(read: pre-CLR and .NET) one could simply compute the md5sum of a binary and
determine if it was identical to another file. However, under the ..NET
framework, this has changed; building an executable twice will result in two
different sums!

If they are two different sums, then they aren't identical are they?
Are you building with a version number like "1.0.*.*"?

-mike

 

[jwb]

Mike-

I know that if the sums are different that the files are different... what I
do not understand is how the same source code, built with the same settings
twice, produces two "different" executables.
I have modified the AssemblyInfo version (removing the '*' so that it is not
automagically generated), but this still produces different sums.

My question really is this: Do the .NET compilers (Visual Studio or command
line) embed metadata in executables, and if so, how do I remove it? I need a
way to compare two executables and be certain that they are the same.
Unfortunately, due to some black magic in the .NET framework, I am unable to
do this in the same fashion that I am accustomed to, i.e. md5 sums.

Also, the binaries in question are .exe files, not dlls or assemblies, so I
do not think that this has to do with signing or any other versioning
component that I can think of.

-jwb

 

[Michael Giagnocavo [MVP]]

I see the MVID is different each time the CSC compiler generates an
executable. As well, offets 88 and 89 seem to change on each compile.
Use FC to check this.

I'm not sure why you can't use the built in versioning. Anyways, if
you want to check the "executable" section, you could zero out the
MVIDs and offsets 88 and 89. That's a lot of work The MVID comes
after (a few bytes or immeadiately) the US table in the metadata.

Can you tell us what you are trying to accomplish? There is most
likely a solution that doesn't require you to get comy with the PE
format and the .NET metadata on-disk representation.

-mike
MVP

 

[Michael Giagnocavo [MVP]]

Thank you for this info. Let me check some things and see what we can
do.

-mike
MVP

 

[jwb]

Any luck? I appreciate you looking into this for me.

-jwb