File Checksum Integrity Verifier (FCIV) Examples
- The Microsoft FCIV (File Checksum Integrity Verifier) is a command-line utility for making hashes (checksums) of files. At a later date, these hashes can be verified against hashes newly made, to discover whether or not the files have since changed.
- Options exist to include or exclude sub-folders, choose algorithms, and direct output.
- The utility can hash single files, folders, or recursively, large folder structures.
- The hash algorithms available are MD5 and SHA1.
- The hash results and verification results can be sent to files or can be viewed on screen.
- Hash file output is made in an .xml database format.
- Verification file output is made in a .txt textfile format.
- Folders and files can be excluded from a hash run using listings in a special text file.
- Hash files are one-time runs, and are not subject to incremental update of any kind.
- Microsoft's FCIV download is available from from Availability and description of the File Checksum Integrity Verifier utility in a zip file.
- The fciv.exe file can be installed in any convenient location. To save making full path entries to run it, consider adding its path to the system path list. In this way it can be run by simply typing the file name. An alternative quick solution is to place the file in a location that is already listed, eg., C:\Windows\System32.
- Long paths are not a problem for those who intend to drag paths onto the command window, or paste them from saved texts. Since these examples are intended for those unfamiliar with the subject, all of these examples include fully expressed paths.
- A reference for the commands and options of the FCIV is given in the drop-box below.
FCIV Commands and Options
|File Checksum Integrity Verifier (FCIV) Commands and Options|
Command Line Basics
|Command Line Window Basics|
The command window screen is available on all Windows computers. It allows a user to run programs without the usual Windows GUI, Graphical User Interface, that we take so much for granted. In particular, it allows a user to run the FCIV utility.
Here are a few basics for those who are unfamiliar with the use of the command window:
On opening cmd the flashing prompt displays its default path, eg., C:\>. This path is the base-part of any path that the user types after the prompt. This allows shorter typed entries. Alternatively, a user could ignore what the default says and just type a path that is fully expressed in any case. The default base path is easily changed with the cd command, short for Change Directory.
The preferred method for changing the base path is of course to open the command window using the Open command window here method described in the basics section above. However, when opening an elevated prompt or when the window is already open the base path needs to be changed at the command line. The examples below are the most frequently used of the base-change actions.
To go to the root directory, type:
To go to the next directory up, type:
To break a long running process, press:
To make the prompt path say, C:\users, type:
To return to the current prompt without running the current command line, type:
To open a standard command prompt with a complicated base path already set, do this:
A fully expressed address is unambiguous, but at times a user needs to take advantage of shortened entries by using the base-path of the prompt. An example is given below to show the characters to add. It should be noted that in the example below, we could have made any number of directories a part of the default prompt, but best advantage was had by noting that three of them are common to both of the paths. An added method needs mention. An environmental variable exists that allows substitution for every path element up to and including the user's named folder; an example of this is also shown below.
Notice that there is a dot followed by a backslash to signify joining to the default path. You can think of the dot as representing all of the entry to the left of the command prompt symbol >. The default applies to every path in the command, not just to the one that is nearest. Note also that quotes surround both of these shortened paths, and this is done more to demonstrate the technique than for necessity, since these path names now contain no spaces. Both the fully expressed or the shortened versions of these entries would work equally well.
There are a number of time-saving features for working at the command prompt.
- There are at most four paths to consider in a typical command line when making a hash database. These are, the path to the fciv.exe file itself, the path to the target folder or file that we intend to hash, an exclusions file path, and the intended destination path for the output data. The general form for the usual case is just:
- Spaces in paths cause problems. Although the Windows Explorer can handle spaces in filenames and folders, the command window cannot. Note that the paths used in the examples are of this type, but to avoid problems, all paths have been set in double quotes.
- Consider using fully expressed paths. Confusion can result for novices when writing paths, especially when there is a joining to a base path. When problems of this type exist or are suspected, then construct fully expressed paths to exclude this as a source of the error.
- There are two kinds of options used in FCIV. Some are for particular commands and some apply more generally. At times a bad sequence of options will cause errors, so follow the examples in the text when placing the options.
Hashes On-screen - Examples
The following command line code displays a single MyText.txt file's hash on the screen. When the addresses are fully written in this way it does not matter which base address is showing on the command prompt. By default, the hash algorithm is MD5, but it has been specified here for completeness. For an SHA1 hash just replace the -md5 with -sha1, or if you want both hash types, replace it with -both. Note that options are preceded by minus signs.
Single File Hash
In the next example, the single file path has been replaced with the name of a folder.
Flat Folder Hash
In the example that follows the -r option is used to introduce recursive hashing of all sub-folders in Documents.
Recursive Folder Hash
In this last case there are probably far too many files to view conveniently on-screen. A database file is best for this.
Hashes to a File - Example
The simple examples given in the preceding section sent their results to the screen. In each case these examples could be modified to send their results to a database file instead. When such a file is used, the data is diverted and so there are no hashes on the screen. Details of the format for the file must be given, in the case below with -xml, followed immediately by the path for the xml file itself. This file need not exist initially. If it does not exist, the process will make the file before loading it. If is exists, with or without contents, the data will be appended. Note that although screen hashes are written in hex, the hashes sent to a file are in base-64; these are converted for use in any verification work. The following example builds on the recursive example above and makes a database using both hash types with the option -both.
Recursive Folder Hash to File
In the event that the process makes its own database file it will imply on screen that an error has occurred. The process will however continue to run normally, and the database file will be found at the intended address. Errors found during any run are written into the file fciv.err, and is best placed near the fciv.exe file itself.
Excluded Files - Example
An exclusions file is a text file that contains the paths to the files and folders that should be excluded from the hashing process. Each path should be written on a line of its own and need not have quotes. The last line however must end in a carriage return before being saved or the file will not work. The following fully expressed paths make an external database of SHA1 hashes called MyHash.xml for all files in the Downloads folder, including its sub-folders, but excluding the three folders and three files listed in the exclusions file called Ignorefiles.txt.
Recursive Folder Hash to File with Exclusions
The following list shows the format to use in making the exclusions file Ignorefiles.txt. The fact that the entries are for completely different folders to the ones being hashed is unimportant. In this way exclusions can be set in the one file for all of a users tasks.
Exclusions File Format
Hashes to File Using VBA
VBA can be used to automate the production of hash files, but cannot as far as is known be used to obtain the results of a verification. For that, the command line is still needed.
The VBA code in the drop panel below is made for the most useful case - the export of SHA1 hashes to a database xml file of the Documents tree. It allows for an exclusions file also. The output files can have the same name since each has an added date-time stamp. By necessity, the paths are specific for the tested case. It will be noted that VBA requires much modification of quotes in order to deliver quote-surrounded paths to the command line. This arises because spaces in paths in the command line will result in File not found errors.
There is another peculiarity of working from VBA. The Shell function runs independently of the launching procedure after it is started. This means that the procedure will exit while the Shell function is still running. If there is only one call on the Shell function and the file that it makes is not to be used in code, then all is well, but otherwise a delay must be introduced to avoid interaction with a partial output product. It has further been noted that there can be a wide variation in time-to-complete for such tasks, depending on a processor's other priorities. This code introduces such a delay, though it would be better if the VBA Shell function had a delay of its own.
|VBA Code to Make an FCIV Hash File for an Entire Documents Tree|
Sub HashFileTreeFCIV() 'exports an sha1 hash for the Documents file tree, less exclusions, to an xml file 'If used in an automated process, adjust the delay to allow completion before further work 'The user should modify the paths to suit his own work 'Uses Microsoft FCIV utility. (https://support.microsoft.com/en-us/kb/841290) Dim Ret, sU As String, sD As String, sN As String, sRP As String Dim sE As String, sR As String, sP As String, sT As String 'path and name of the fciv utility sU = """" & "c:\users\My Folder\Downloads\FCIV\fciv.exe" & """" 'path for the documents tree folder to hash sD = """" & "C:\users\My Folder\Documents" & """" 'path and name of exclusions file sE = """" & "c:\users\My Folder\Downloads\Ignorefiles.txt" & """" 'time stamped results file name sN = "MyHash.XML" sT = TimeStamped(sN) 'path of results xml file sRP = "C:\users\My Folder\Downloads\Hashes" sR = """" & sRP & "\" & sT & """" 'string for the shell function sP = sU & " " & sD & " -r -exc " & sE & " -sha1 -xml " & sR 'note: this sub will close while the shell is still running 'so a delay is needed to prevent users affecting it before completion 'does 3000 files in about 50 seconds Ret = Shell(sP) Delayed (90) 'seconds MsgBox "Hash run is complete" End Sub Function Delayed(PauseTime As Single) As Boolean 'delays for PauseTime seconds Dim Start As Single Start = Timer ' Set start time. Do While Timer < Start + PauseTime DoEvents 'Yield to other processes. Loop Delayed = True End Function Function TimeStamped(sOldName As String) As String 'adds a date time stamp onto the existing file name Dim vN As Variant If sOldName = "" Then MsgBox "Empty string input in TimeStamped - closing without change" Exit Function Else End If 'split at the dot vN = Split(sOldName, ".") TimeStamped = vN(0) & "-" & Format(Now, "dd-mmm-yy hh""h"" mm""m"" ss""s""") & "." & vN(1) End Function
Verifying On-screen - Example
Verification of the hash file against the actual computer files referenced in it takes place using the -v option. The xml file that contains the hashes, to be of any use, must have been made using full address paths; that is to say without the use of either the -wp or -bp options. Clearly, if a particular algorithm was used to make the hashes, that same algorithm must be specified in the verification command line. If two hash types were included with the -both option, then the user must specify the one that is to be used for verification. That said, the general form for its use is as follows:
In its simplest form the command line to verify a file's hashes looks like this:
XML File Verification to Screen
It was assumed that the file contained SHA1 values. It was assumed also that there were full paths available in the file for the check. A useful addition to this function is to export the results to a text file instead of the screen. The following exports to the text file MyText.txt. If the file does not exist then it will be made by the process. If it exists, then the report will be appended.
Verifying to a File - Example
XML File Verification to File
Screen output can be diverted to a text file in any of the above examples using this greater-than syntax. When the output is piped in this way there is no advice whatsoever on-screen; only the return of the blinking cursor advises of completion.