File Checksum Integrity Verifier (FCIV) Examples

From Wikibooks, open books for an open world
Jump to: navigation, search


  • The Microsoft FCIV (File Checksum Integrity Verifier) is a command-line utility for making hashes (checksums) of files. At a later date, these hashes can be verified against hashes newly made, to discover whether or not the files have since changed.
  • Options exist to include or exclude sub-folders, choose algorithms, and direct output.
  • The utility can hash single files, folders, or recursively, large folder structures.
  • The hash algorithms available are MD5 and SHA1.
  • The hash results and verification results can be sent to files or can be viewed on screen.
  • Hash file output is made in an .xml database format.
  • Verification file output is made in a .txt textfile format.
  • Folders and files can be excluded from a hash run using listings in a special text file.
  • Hash files are one-time runs, and are not subject to incremental update of any kind.

FCIV Installation[edit]

  • The fciv.exe file can be installed in any convenient location. To save making full path entries to run it, consider adding its path to the system path list. In this way it can be run by simply typing the file name. An alternative quick solution is to place the file in a location that is already listed, eg., C:\Windows\System32.
  • Long paths are not a problem for those who intend to drag paths onto the command window, or paste them from saved texts. Since these examples are intended for those unfamiliar with the subject, all of these examples include fully expressed paths.
  • A reference for the commands and options of the FCIV is given in the drop-box below.

FCIV Commands and Options[edit]

File Checksum Integrity Verifier (FCIV) Commands and Options
Commands Options Description
-add < file or directory path > Makes hashes for files or folders. Only one entry per run is permitted.
  Specific options for -add:  
  -type <a single file type > Only these types : Example : -type *.exe –type *.txt. Needs one option word entry for each file type.
  -r Include all sub-folders as well.
  -exc <path to exclusion file> Provide the path to a text file with the paths to ignore.
  -wp Use only file names without paths in hash output. Screen use only – avoid it for xml file output.
  -bp < path to remove > Removes this base path from verification results.
-list   Make a list of hashes from a hash file.
-v only one option for -v: Verify live files against a hash file. Reports only on-screen unless piped to a text file.
  -bp < path to remove > Removes this base path from verification results.
-? -h help   Extended on-screen help for FCIV
General Options Put these at the end of the command line.
-md5   Choose the MD5 hash algorithm for the output or for the one to use for verification when there is a choice.
-sha1   Choose the SHA1 hash algorithm for the output or for the one to use for verification when there is a choice.
-both   Choose both hash algorithms for the output.
-xml <output file path> Specify the output file type and its path. If the file does not exist it will be made automatically, and if it exists already, the output will be appended.

Command Line Basics[edit]

Command Line Window Basics
Command Window Basics

The command window screen is available on all Windows computers. It allows a user to run programs without the usual Windows GUI, Graphical User Interface, that we take so much for granted. In particular, it allows a user to run the FCIV utility.

Here are a few basics for those who are unfamiliar with the use of the command window:

  • There are two forms of the command window; with normal access or elevated access. These are broadly consistent with the Standard and Administrator account levels of access. That is to say, when the work is likely to require higher access than usual, the elevated prompt is preferred. Before an elevated prompt window is opened however, the administrator's password must be given.
  • There is an added advantage to opening the standard command window from Windows Explorer. By right-clicking on any folder while pressing the SHIFT key, a context menu appears. Selecting the item Open command window here opens a standard command window with the chosen folder already listed as the base path. This feature is not available when opening an elevated command window, and for that a selection in the START menu or Settings is needed.
  • The name of the command window program is cmd.exe, and it can always be found by searching for cmd or command prompt in the computer's Start menu or Settings. When the program is located, it can be opened for standard use by just double-clicking it. The window then opens and is ready for use. To open the cmd as an elevated prompt, the user should instead right-click the item and from the context menu that appears, select the Open as Administrator option.
  • Programs are run in the command window by typing the paths to executable files, then pressing Enter. When in-built functions are to be run, their paths are already listed in the system search paths, so just typing their names and any parameters is sufficient.
  • In-built functions are referred to as DOS functions. Examples include functions to say, display the contents of directories, or to copy files, and there are in excess of one hundred of these to choose from.
  • A knowledge of how to write down folder and file paths is assumed. The work is greatly simplified with even a slight knowledge of how to do this, and this basic knowledge is assumed. Some information is given below on changing base addresses within the command window, but for those who need more information on the use of the command prompt, a selection of references has been provided in the See Also section below.
The Command Window Base Path

On opening cmd the flashing prompt displays its default path, eg., C:\>. This path is the base-part of any path that the user types after the prompt. This allows shorter typed entries. Alternatively, a user could ignore what the default says and just type a path that is fully expressed in any case. The default base path is easily changed with the cd command, short for Change Directory.

Typical Base Path Prompts:

C:\Users\My Folder\Downloads>
C:\Users\My Folder>

Changing the Base Path

The preferred method for changing the base path is of course to open the command window using the Open command window here method described in the basics section above. However, when opening an elevated prompt or when the window is already open the base path needs to be changed at the command line. The examples below are the most frequently used of the base-change actions.

To go to the root directory, type:

cd\ or cd/ then Enter

To go to the next directory up, type:

cd.. then Enter

To break a long running process, press:

Ctrl + C

To make the prompt path say, C:\users, type:

C:\users then Enter

To return to the current prompt without running the current command line, type:

> then Enter

To open a standard command prompt with a complicated base path already set, do this:

Go to Windows Explorer.
With shift pressed, right-click the folder or file of interest.
Select the item "Open command window here".

Building onto the Base Path

A fully expressed address is unambiguous, but at times a user needs to take advantage of shortened entries by using the base-path of the prompt. An example is given below to show the characters to add. It should be noted that in the example below, we could have made any number of directories a part of the default prompt, but best advantage was had by noting that three of them are common to both of the paths. An added method needs mention. An environmental variable exists that allows substitution for every path element up to and including the user's named folder; an example of this is also shown below.

This is the full form of a common hash command, written at the root command prompt;
   C:\>"C:\Users\My Folder\Downloads\FCIV\fciv,exe" "c:\Users\My Folder\Documents\MyText.txt" -md5

After setting these first three elements as the default path, the equivalent form becomes just:
   C:\Users\My Folder>".\Downloads\FCIV\fciv,exe" ".\Documents\MyText.txt" -md5

Alternatively, starting from any prompt path, the environmental variable %userprofile% can be used to substitute for the first three terms of the full path. The entry then becomes just:
   C:\>"%userprofile%\Downloads\FCIV\fciv,exe" "%userprofile%\Documents\MyText.txt" -md5

Notice that there is a dot followed by a backslash to signify joining to the default path. You can think of the dot as representing all of the entry to the left of the command prompt symbol >. The default applies to every path in the command, not just to the one that is nearest. Note also that quotes surround both of these shortened paths, and this is done more to demonstrate the technique than for necessity, since these path names now contain no spaces. Both the fully expressed or the shortened versions of these entries would work equally well.

CMD Time Savers

There are a number of time-saving features for working at the command prompt.

  • Step through the session commands. When working, all of the current session's typed entries can be recovered by pressing the up-arrow repeatedly, until the required line appears on the screen. When recovered, the line can be edited. The list can also be viewed in a window by pressing f7, though when a list selection is made the command line is executed without the opportunity for modification.
  • Drag files onto the command window. In standard command windows, not elevated windows, dragging a file or folder onto the window will write the entire address at the cursor, so saving much typing. When combined with routine editing of text this saves much time.
  • Auto-complete folder names during typing. After typing the first letter of a folder, pressing Tab repeatedly steps through all of the possible names that exist. This can greatly speed up the process of path writing.
  • Set the base path using the Open command window here method. This works for the standard command window but not for the elevated prompt.
  • Paste long commands from saved texts. Save all of your working commands in a text file and paste them from the clipboard as required.
  • Use the internet for more information. Refer to the links in See Also for details of these methods and others.

Making Hashes[edit]

  • There are at most four paths to consider in a typical command line when making a hash database. These are, the path to the fciv.exe file itself, the path to the target folder or file that we intend to hash, an exclusions file path, and the intended destination path for the output data. The general form for the usual case is just:

UtilityPath [ -add (default)] TargetFilePath [ -r ] [ -exc ExclusionFilePath ] [ -xml OutputFilePath ] [ -sha1 | -md5 | -both (default -md5) ]

  • Spaces in paths cause problems. Although the Windows Explorer can handle spaces in filenames and folders, the command window cannot. Note that the paths used in the examples are of this type, but to avoid problems, all paths have been set in double quotes.
  • Consider using fully expressed paths. Confusion can result for novices when writing paths, especially when there is a joining to a base path. When problems of this type exist or are suspected, then construct fully expressed paths to exclude this as a source of the error.
  • There are two kinds of options used in FCIV. Some are for particular commands and some apply more generally. At times a bad sequence of options will cause errors, so follow the examples in the text when placing the options.

Hashes On-screen - Examples[edit]

The following command line code displays a single MyText.txt file's hash on the screen. When the addresses are fully written in this way it does not matter which base address is showing on the command prompt. By default, the hash algorithm is MD5, but it has been specified here for completeness. For an SHA1 hash just replace the -md5 with -sha1, or if you want both hash types, replace it with -both. Note that options are preceded by minus signs.

Single File Hash[edit]

"c:\Users\My Folder\Downloads\FCIV\fciv.exe" "c:\Users\My Folder\Documents\MyText.txt" -md5

In the next example, the single file path has been replaced with the name of a folder.

Flat Folder Hash[edit]

"c:\Users\My Folder\Downloads\FCIV\fciv.exe" "c:\Users\My Folder\Documents" -sha1

In the example that follows the -r option is used to introduce recursive hashing of all sub-folders in Documents.

Recursive Folder Hash[edit]

"c:\Users\My Folder\Downloads\FCIV\fciv.exe" "c:\Users\My Folder\Documents" -r -both

In this last case there are probably far too many files to view conveniently on-screen. A database file is best for this.

Hashes to a File - Example[edit]

The simple examples given in the preceding section sent their results to the screen. In each case these examples could be modified to send their results to a database file instead. When such a file is used, the data is diverted and so there are no hashes on the screen. Details of the format for the file must be given, in the case below with -xml, followed immediately by the path for the xml file itself. This file need not exist initially. If it does not exist, the process will make the file before loading it. If is exists, with or without contents, the data will be appended. Note that although screen hashes are written in hex, the hashes sent to a file are in base-64; these are converted for use in any verification work. The following example builds on the recursive example above and makes a database using both hash types with the option -both.

Recursive Folder Hash to File[edit]

"c:\Users\My Folder\Downloads\FCIV\fciv.exe" "c:\Users\My Folder\Documents" -r -xml "c:\users\My Folder\Downloads\MyHash.xml" -both

In the event that the process makes its own database file it will imply on screen that an error has occurred. The process will however continue to run normally, and the database file will be found at the intended address. Errors found during any run are written into the file fciv.err, and is best placed near the fciv.exe file itself.

Excluded Files - Example[edit]

An exclusions file is a text file that contains the paths to the files and folders that should be excluded from the hashing process. Each path should be written on a line of its own and need not have quotes. The last line however must end in a carriage return before being saved or the file will not work. The following fully expressed paths make an external database of SHA1 hashes called MyHash.xml for all files in the Downloads folder, including its sub-folders, but excluding the three folders and three files listed in the exclusions file called Ignorefiles.txt.

Recursive Folder Hash to File with Exclusions[edit]

c:\>"C:\Users\My Folder\Downloads\FCIV\fciv.exe" "C:\Users\My Folder\Downloads" -r -exc "C:\Users\My Folder\Downloads\Ignorefiles.txt" -xml "C:\Users\My Folder\Downloads\MyHash.xml" -sha1

The following list shows the format to use in making the exclusions file Ignorefiles.txt. The fact that the entries are for completely different folders to the ones being hashed is unimportant. In this way exclusions can be set in the one file for all of a users tasks.

Exclusions File Format[edit]

c:\Users\My Folder\Downloads\fciv.err
C:\Users\My Folder\Documents\fciv.err
c:\Users\My Folder\Downloads\FCIV
c:\Users\My Folder\Downloads\Hashes
c:\Users\My Folder\Downloads\HashOfHashes
c:\Users\My Folder\Downloads\Ignorefiles.txt
c:\Users\My Folder\Downloads\MyHash.xml (Editor's note only: the last line of the content must end with a carriage return)

Hashes to File Using VBA[edit]

VBA can be used to automate the production of hash files, but cannot as far as is known be used to obtain the results of a verification. For that, the command line is still needed.

The VBA code in the drop panel below is made for the most useful case - the export of SHA1 hashes to a database xml file of the Documents tree. It allows for an exclusions file also. The output files can have the same name since each has an added date-time stamp. By necessity, the paths are specific for the tested case. It will be noted that VBA requires much modification of quotes in order to deliver quote-surrounded paths to the command line. This arises because spaces in paths in the command line will result in File not found errors.

There is another peculiarity of working from VBA. The Shell function runs independently of the launching procedure after it is started. This means that the procedure will exit while the Shell function is still running. If there is only one call on the Shell function and the file that it makes is not to be used in code, then all is well, but otherwise a delay must be introduced to avoid interaction with a partial output product. It has further been noted that there can be a wide variation in time-to-complete for such tasks, depending on a processor's other priorities. This code introduces such a delay, though it would be better if the VBA Shell function had a delay of its own.

VBA Code to Make an FCIV Hash File for an Entire Documents Tree
Sub HashFileTreeFCIV()
    'exports an sha1 hash for the Documents file tree, less exclusions, to an xml file
    'If used in an automated process, adjust the delay to allow completion before further work    
    'The user should modify the paths to suit his own work    
    'Uses Microsoft FCIV utility. (
    Dim Ret, sU As String, sD As String, sN As String, sRP As String
    Dim sE As String, sR As String, sP As String, sT As String
    'path and name of the fciv utility
       sU = """" & "c:\users\My Folder\Downloads\FCIV\fciv.exe" & """"
    'path for the documents tree folder to hash
       sD = """" & "C:\users\My Folder\Documents" & """"
    'path and name of exclusions file
       sE = """" & "c:\users\My Folder\Downloads\Ignorefiles.txt" & """"
    'time stamped results file name
       sN = "MyHash.XML"
       sT = TimeStamped(sN)
    'path of results xml file
       sRP = "C:\users\My Folder\Downloads\Hashes"
       sR = """" & sRP & "\" & sT & """"
    'string for the shell function
       sP = sU & " " & sD & " -r -exc " & sE & " -sha1 -xml " & sR
    'note: this sub will close while the shell is still running
    'so a delay is needed to prevent users affecting it before completion
    'does 3000 files in about 50 seconds
       Ret = Shell(sP)
       Delayed (90) 'seconds
       MsgBox "Hash run is complete"

End Sub

Function Delayed(PauseTime As Single) As Boolean
   'delays for PauseTime seconds

   Dim Start As Single
      Start = Timer      ' Set start time.
      Do While Timer < Start + PauseTime
        DoEvents      'Yield to other processes.
   Delayed = True

End Function

Function TimeStamped(sOldName As String) As String
   'adds a date time stamp onto the existing file name
   Dim vN As Variant

      If sOldName = "" Then
         MsgBox "Empty string input in TimeStamped - closing without change"
         Exit Function
      End If

   'split at the dot
      vN = Split(sOldName, ".")
      TimeStamped = vN(0) & "-" & Format(Now, "dd-mmm-yy hh""h"" mm""m"" ss""s""") & "." & vN(1)

End Function

Verifying Hashes[edit]

Verifying On-screen - Example[edit]

Verification of the hash file against the actual computer files referenced in it takes place using the -v option. The xml file that contains the hashes, to be of any use, must have been made using full address paths; that is to say without the use of either the -wp or -bp options. Clearly, if a particular algorithm was used to make the hashes, that same algorithm must be specified in the verification command line. If two hash types were included with the -both option, then the user must specify the one that is to be used for verification. That said, the general form for its use is as follows:

UtilityPath -v -xml HashFilePath [ -sha1|-md5 (default -md5) ] [ > OutputTextFilePath]

In its simplest form the command line to verify a file's hashes looks like this:

XML File Verification to Screen[edit]

c:\>"C:\Users\My Folder\Downloads\FCIV\fciv.exe" -v -xml "C:\Users\My Folder\Downloads\MyHash.xml" -sha1

It was assumed that the file contained SHA1 values. It was assumed also that there were full paths available in the file for the check. A useful addition to this function is to export the results to a text file instead of the screen. The following exports to the text file MyText.txt. If the file does not exist then it will be made by the process. If it exists, then the report will be appended.

Verifying to a File - Example[edit]

XML File Verification to File[edit]

c:\>"C:\Users\My Folder\Downloads\FCIV\fciv.exe" -v -xml "C:\Users\My Folder\Downloads\MyHash.xml" -sha1 > "C:\Users\My Folder\Documents\MyText.txt"

Screen output can be diverted to a text file in any of the above examples using this greater-than syntax. When the output is piped in this way there is no advice whatsoever on-screen; only the return of the blinking cursor advises of completion.

See Also[edit]