hi i have attached crash dump for an exe and symbols also.but i am getting this error:
Unable to verify checksum for abc.exe.
What would be the reason for this?
Unable to verify checksum is emitted when the checksum in the PE header isn't verifiable.
This can happen if the exe in question was compiled and linked without using /RELEASE
linker option.
Normal project based compile linker sets this option. nmake or batch file based compilation can omit this switch and can lead to this output.
A simple hello world compiled and linked with and without /RELEASE
linker option (PDB not generated for simpilicity and diffed to show the difference in timestamp and checksum). Loaded in WinDbg and checksum warning is generated only for the exe with no checksum in PE header.
simple hello world.cpp contents
testrelease:\>dir /b & type testrelease.cpp
testrelease.cpp
#include <stdio.h>
int main (void) {
printf("hello my relase\n");
return 0;
}
compiling without /RELEASE
testrelease:\>cl /nologo testrelease.cpp
testrelease.cpp
renaming the exe and compiling the same source with with /RELEASE
testrelease:\>ren testrelease.exe testrelease_norel.exe
testrelease:\>cl /nologo testrelease.cpp /link /release
testrelease.cpp
comparing both exes
testrelease:\>fc /b testrelease.exe testrelease_norel.exe
Comparing files testrelease.exe and TESTRELEASE_NOREL.EXE
000000E0: D6 CE
00000130: A3 00
00000131: 95 00
00000132: 01 00
analysing output of the comparison
testrelease:\>xxd -s +0x3c -l 1 testrelease.exe
000003c: d8 .
testrelease:\>xxd -s +0x3c -l 1 testrelease_norel.exe
000003c: d8 .
testrelease:\>echo d8 = NT_HEADER so e0 = TimeDateStamp and 130 = CheckSum
d8 = NT_HEADER so e0 = TimeDateStamp and 130 = CheckSum
loading both exes in windbg warning generated for only one exe without checksum
testrelease:\>cdb -c ".reload /f ; q" testrelease.exe
.*** ERROR: Module load completed but symbols could not be loaded for image00400
testrelease:\>cdb -c ".reload /f ; q" testrelease_norel.exe
.*** WARNING: Unable to verify checksum for image00400000
*** ERROR: Module load completed but symbols could not be loaded for image004000
no symbol header available error means the exe was compiled without debug information.
You can't do much about it unless you have a lot of expertise in recreating debug information from scratch.
Both the executables that are compiled above will generate the error because iIhave intentionally not created the debug information.
DBGHELP: image00400000 missing debug info. Searching for pdb anyway
DBGHELP: Can't use symbol server for image00400000.pdb - no header information available
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With