All geek questions in one place

Failed to verify checksum for exe

Hi, I have added an emergency dump for exe and characters. But I get this error:

Failed to check the checksum for abc.exe.

What is the reason for this?

+5
source share
1 answer

Unable to verify checksum emitted when checksum in pe header isnt verifiable

this can happen if the exe in question has been compiled and linked without using /RELEASE standard project-based compilation link sets this option The nmake / batfile-based compilation can omit this switch and may lead to this conclusion

a simple helloworld compiled and linked with and without /RELEASE linker option (pdb is not generated for simpilicity and diffed to show the difference in timestamp and checksum and l oaded in windbg and checksum warning is generated only for the exe with no checksum in pe header )

just greeting world.cpp content

 testrelease:\>dir /b & type testrelease.cpp testrelease.cpp #include <stdio.h> int main (void) { printf("hello my relase\n"); return 0; }

compilation without / RELEASE

 testrelease:\>cl /nologo testrelease.cpp testrelease.cpp

rename exe and compile the same source with / RELEASE

 testrelease:\>ren testrelease.exe testrelease_norel.exe testrelease:\>cl /nologo testrelease.cpp /link /release testrelease.cpp

comparison as exes

 testrelease:\>fc /b testrelease.exe testrelease_norel.exe Comparing files testrelease.exe and TESTRELEASE_NOREL.EXE 000000E0: D6 CE 00000130: A3 00 00000131: 95 00 00000132: 01 00

analysis of the comparison result

 testrelease:\>xxd -s +0x3c -l 1 testrelease.exe 000003c: d8 . testrelease:\>xxd -s +0x3c -l 1 testrelease_norel.exe 000003c: d8 . testrelease:\>echo d8 = NT_HEADER so e0 = TimeDateStamp and 130 = CheckSum d8 = NT_HEADER so e0 = TimeDateStamp and 130 = CheckSum

loading both exes into windbg warning generated for only one exe without checksum

 testrelease:\>cdb -c ".reload /f ; q" testrelease.exe .*** ERROR: Module load completed but symbols could not be loaded for image00400 testrelease:\>cdb -c ".reload /f ; q" testrelease_norel.exe .*** WARNING: Unable to verify checksum for image00400000 *** ERROR: Module load completed but symbols could not be loaded for image004000

no symbol header available error means exe was compiled without debug information

you can’t do much if you don’t have much experience in recreating debugging information from scratch

both executables compiled above will generate an error because I intentionally did not create debug information

 DBGHELP: image00400000 missing debug info. Searching for pdb anyway DBGHELP: Can't use symbol server for image00400000.pdb - no header information available
+10
source

Source: https://habr.com/ru/post/1201661/

More articles:


All Articles