Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Unable to verify checksum for exe

Tags:

windbg

hi i have attached crash dump for an exe and symbols also.but i am getting this error:

Unable to verify checksum for abc.exe.

What would be the reason for this?

like image 427
mahan07 Avatar asked Sep 02 '14 18:09

mahan07


1 Answers

Unable to verify checksum is emitted when the checksum in the PE header isn't verifiable.

This can happen if the exe in question was compiled and linked without using /RELEASE linker option.

Normal project based compile linker sets this option. nmake or batch file based compilation can omit this switch and can lead to this output.

A simple hello world compiled and linked with and without /RELEASE linker option (PDB not generated for simpilicity and diffed to show the difference in timestamp and checksum). Loaded in WinDbg and checksum warning is generated only for the exe with no checksum in PE header.

simple hello world.cpp contents

testrelease:\>dir /b & type testrelease.cpp
testrelease.cpp
#include <stdio.h>
int main (void)     {
        printf("hello my relase\n");
        return 0;
}

compiling without /RELEASE

testrelease:\>cl /nologo testrelease.cpp
testrelease.cpp 

renaming the exe and compiling the same source with with /RELEASE

testrelease:\>ren testrelease.exe testrelease_norel.exe    
testrelease:\>cl /nologo testrelease.cpp /link /release
testrelease.cpp    

comparing both exes

testrelease:\>fc /b testrelease.exe testrelease_norel.exe
Comparing files testrelease.exe and TESTRELEASE_NOREL.EXE
000000E0: D6 CE
00000130: A3 00
00000131: 95 00
00000132: 01 00

analysing output of the comparison

testrelease:\>xxd -s +0x3c -l 1 testrelease.exe
000003c: d8                                       .    
testrelease:\>xxd -s +0x3c -l 1 testrelease_norel.exe
000003c: d8                                       .    
testrelease:\>echo d8 = NT_HEADER so e0 = TimeDateStamp and 130 = CheckSum
d8 = NT_HEADER so e0 = TimeDateStamp and 130 = CheckSum    

loading both exes in windbg warning generated for only one exe without checksum

testrelease:\>cdb -c ".reload /f ; q" testrelease.exe      
.*** ERROR: Module load completed but symbols could not be loaded for image00400 
  
testrelease:\>cdb -c ".reload /f ; q" testrelease_norel.exe      
.*** WARNING: Unable to verify checksum for image00400000
*** ERROR: Module load completed but symbols could not be loaded for image004000

no symbol header available error means the exe was compiled without debug information.

You can't do much about it unless you have a lot of expertise in recreating debug information from scratch.

Both the executables that are compiled above will generate the error because iIhave intentionally not created the debug information.

DBGHELP: image00400000 missing debug info.  Searching for pdb anyway
DBGHELP: Can't use symbol server for image00400000.pdb - no header information available
like image 194
blabb Avatar answered Oct 11 '22 13:10

blabb