File Checksum Integrity Verifier (FCIV) Examples

From Wikibooks, open books for an open world
Jump to navigation Jump to search

Summary[edit]

  • The Microsoft FCIV (File Checksum Integrity Verifier) is a free command-line utility for making hashes (checksums) of files. At a later date, these hashes can be verified against hashes newly made, to discover whether or not the files have since changed.
  • Options exist to include or exclude sub-folders, choose algorithms, and direct output.
  • The utility can hash single files, folders, or recursively, large folder structures.
  • The hash algorithms available are MD5 and SHA1; base64 format to file, and HEX to screen.
  • The hash results and verification results can be sent to files or can be viewed on screen.
  • Hash file output is made in an .xml database format.
  • Verification file output is made in a .txt textfile format.
  • Folders and files can be excluded from a hash run using listings in a special text file.
  • Hash files are one-time runs, and are not subject to incremental update of any kind.

FCIV Installation[edit]

  • The fciv.exe file can be installed in any convenient location. To avoid the need for an exclusions file, (you cannot hash the fciv.exe file while it is running!), you might place the FCIV folder in a place that you are unlikely to want to hash. Alternatively , Microsoft suggest adding the fciv.exe path to the system path list. In this way it can be run by simply typing the file name;an alternative quick solution is to place the file in a location that is already listed, eg., C:\Windows\System32.
  • Long paths are not a problem for those who intend to drag paths onto the command window, or paste them from saved texts. Since these examples are intended for those unfamiliar with the subject, all of these examples include fully expressed paths.
  • A reference for the commands and options of the FCIV is given in the drop-box below.


FCIV Commands and Options[edit]

File Checksum Integrity Verifier (FCIV) Commands and Options

(https://support.microsoft.com/en-us/kb/841290)
Commands Options Description
-add < file or directory path >Makes hashes for files or folders. Only one entry per run is permitted.
  Specific options for -add:  
  -type <a single file type > Only these types : Example : -type *.exe –type *.txt. Needs one option word entry for each file type.
  -r Include all sub-folders as well.
  -exc <path to exclusion file> Provide the path to a text file with the paths to ignore.
  -wp Use only file names without paths in hash output. Screen use only – avoid it for xml file output.
  -bp < path to remove > Removes this base path from verification results.
     
-list   Make a list of hashes from a hash file.
-v only one option for -v: Verify live files against a hash file. Reports only on-screen unless piped to a text file.
  -bp < path to remove > Removes this base path from verification results.
-? -h help   Extended on-screen help for FCIV
     
General OptionsPut these at the end of the command line.
-md5   Choose the MD5 hash algorithm for the output or for the one to use for verification when there is a choice.
-sha1   Choose the SHA1 hash algorithm for the output or for the one to use for verification when there is a choice.
-both   Choose both hash algorithms for the output.
-xml <output file path> Specify the output file type and its path. If the file does not exist it will be made automatically, and if it exists already, the output will be appended.
     
     


Command Line Basics[edit]

Command Line Window Basics
Command Window Basics

The command window screen is available on all Windows computers. It allows a user to run programs without the usual Windows GUI, Graphical User Interface, that we take so much for granted. In particular, it allows a user to run the FCIV utility.

Here are a few basics for those who are unfamiliar with the use of the command window:

  • There are two forms of the command window; with normal access or elevated access. These are broadly consistent with the Standard and Administrator account levels of access. That is to say, when the work is likely to require higher access than usual, the elevated prompt is preferred. Before an elevated prompt window is opened however, the administrator's password must be given.
  • There is an added advantage to opening the standard command window from Windows Explorer. By right-clicking on any folder while pressing the SHIFT key, a context menu appears. Selecting the item Open command window here opens a standard command window with the chosen folder already listed as the base path. This feature is not available when opening an elevated command window, and for that a selection in the START menu or Settings is needed.
  • The name of the command window program is cmd.exe, and it can always be found by searching for cmd or command prompt in the computer's Start menu or Settings. When the program is located, it can be opened for standard use by just double-clicking it. The window then opens and is ready for use. To open the cmd as an elevated prompt, the user should instead right-click the item and from the context menu that appears, select the Open as Administrator option.
  • Programs are run in the command window by typing the paths to executable files, then pressing Enter. When in-built functions are to be run, their paths are already listed in the system search paths, so just typing their names and any parameters is sufficient.
  • In-built functions are referred to as DOS functions. Examples include functions to say, display the contents of directories, or to copy files, and there are in excess of one hundred of these to choose from.
  • A knowledge of how to write down folder and file paths is assumed. The work is greatly simplified with even a slight knowledge of how to do this, and this basic knowledge is assumed. Some information is given below on changing base addresses within the command window, but for those who need more information on the use of the command prompt, a selection of references has been provided in the See Also section below.
The Command Window Base Path

On opening cmd the flashing prompt displays its default path, eg., C:\>. This path is the base-part of any path that the user types after the prompt. This allows shorter typed entries. Alternatively, a user could ignore what the default says and just type a path that is fully expressed in any case. The default base path is easily changed with the cd command, short for Change Directory.

Typical Base Path Prompts:

C:\>
C:\Windows\System32>
C:\Users\My Folder\Downloads>
C:\Users\My Folder>

Changing the Base Path

The preferred method for changing the base path is of course to open the command window using the Open command window here method described in the basics section above. However, when opening an elevated prompt or when the window is already open the base path needs to be changed at the command line. The examples below are the most frequently used of the base-change actions.

To go to the root directory, type:

cd\ or cd/ then Enter

To go to the next directory up, type:

cd.. then Enter

To break a long running process, press:

Ctrl + C

To make the prompt path say, C:\users, type:

C:\users then Enter

To return to the current prompt without running the current command line, type:

> then Enter

To open a standard command prompt with a complicated base path already set, do this:

Go to Windows Explorer.
With shift pressed, right-click the folder or file of interest.
Select the item "Open command window here".

Building onto the Base Path

A fully expressed address is unambiguous, but at times a user needs to take advantage of shortened entries by using the base-path of the prompt. An example is given below to show the characters to add. It should be noted that in the example below, we could have made any number of directories a part of the default prompt, but best advantage was had by noting that three of them are common to both of the paths. An added method needs mention. An environmental variable exists that allows substitution for every path element up to and including the user's named folder; an example of this is also shown below.

This is the full form of a common hash command, written at the root command prompt;
   C:\>"C:\Users\My Folder\Downloads\FCIV\fciv.exe" "c:\Users\My Folder\Documents\MyText.txt" -md5

After setting these first three elements as the default path, the equivalent form becomes just:
   C:\Users\My Folder>".\Downloads\FCIV\fciv.exe" ".\Documents\MyText.txt" -md5

Alternatively, starting from any prompt path, the environmental variable %userprofile% can be used to substitute for the first three terms of the full path. The entry then becomes just:
   C:\>"%userprofile%\Downloads\FCIV\fciv.exe" "%userprofile%\Documents\MyText.txt" -md5

Notice that there is a dot followed by a backslash to signify joining to the default path. You can think of the dot as representing all of the entry to the left of the command prompt symbol >. The default applies to every path in the command, not just to the one that is nearest. Note also that quotes surround both of these shortened paths, and this is done more to demonstrate the technique than for necessity, since these path names now contain no spaces. Both the fully expressed or the shortened versions of these entries would work equally well.

Chnge Default Opening Directory

When the cmd, or other console applications of the kind open at other than the best directory, it can be laborious to change the base path all the time. The solution is to make it open at the path you want in the first place. Using an existing shortcut or one made for the task, open the shortcut's properties, and locate the text field called Open With. Change its contents to the path required, for example, C:\ for the root directory. Click OK and it is done. The window options will need adjusted again for openting with this shortcut. If the Open With text field is missing in your version of properties, you can type cd C:\ after the target address instead; make sure to include a space befor typing; that will do the same thing.

CMD Time Savers

There are a number of time-saving features for working at the command prompt.

  • Step through the session commands. When working, all of the current session's typed entries can be recovered by pressing the up-arrow repeatedly, until the required line appears on the screen. When recovered, the line can be edited. The list can also be viewed in a window by pressing f7, though when a list selection is made the command line is executed without the opportunity for modification.
  • Drag files onto the command window. In standard command windows, not elevated windows, dragging a file or folder onto the window will write the entire address at the cursor, so saving much typing. When combined with routine editing of text this saves much time.
  • Auto-complete folder names during typing. After typing the first letter of a folder, pressing Tab repeatedly steps through all of the possible names that exist. This can greatly speed up the process of path writing.
  • Set the base path using the Open command window here method. This works for the standard command window but not for the elevated prompt.
  • Paste long commands from saved texts. Save all of your working commands in a text file and paste them from the clipboard as required.
  • Use the internet for more information. Refer to the links in See Also for details of these methods and others.
  • Pass command output to clipboard instead of screen. Users of Vista, Windows 7, and Windows 8 can output directly to the clipboard by appending the command line with a space followed by a vertical bar and the word clip.This is useful when saving to notes or a text file.


Making Hashes[edit]

  • There are at most four paths to consider in a typical command line when making a hash database. These are, the path to the fciv.exe file itself, the path to the target folder or file that we intend to hash, an exclusions file path, and the intended destination path for the output data. The general form for the usual case is just:

[UtilityPath] [ -add (default) TargetFilePath [ -r ]] [ -exc ExclusionFilePath ] [ -xml OutputFilePath ] [ -sha1 | -md5 | -both (default -md5) ]

  • Spaces in paths cause problems. Although the Windows Explorer can handle spaces in filenames and folders, the command window cannot. Note that the paths used in the examples are of this type, but to avoid problems, all paths have been set in double quotes.
  • Consider using fully expressed paths. Confusion can result for novices when writing paths, especially when there is a joining to a base path. When problems of this type exist or are suspected, then construct fully expressed paths to exclude this as a source of the error.
  • There are two kinds of options used in FCIV. Some are for particular commands and some apply more generally. At times a bad sequence of options will cause errors, so follow the examples in the text when placing the options.

Hashes On-screen - Examples[edit]

The following command line code displays a single MyText.txt file's hash on the screen. When the addresses are fully written in this way it does not matter which base address is showing on the command prompt. By default, the hash algorithm is MD5, but it has been specified here for completeness. For an SHA1 hash just replace the -md5 with -sha1, or if you want both hash types, replace it with -both. Note that options are preceded by minus signs.

Single File Hash[edit]

"c:\Users\My Folder\Downloads\FCIV\fciv.exe" "c:\Users\My Folder\Documents\MyText.txt" -md5

Notice that the code assumes that the fciv.exe file is itself in a folder called FCIV, in the user's Downloads folder. In the next example, the single file path has been replaced with the name of a folder.

Flat Folder Hash[edit]

"c:\Users\My Folder\Downloads\FCIV\fciv.exe" "c:\Users\My Folder\Documents" -sha1

Here, the Documents folder, but NOT its sub-folders, will be hashed SHA1 and listed on screen. In the example that follows the -r option is used to introduce recursive hashing of all sub-folders in Documents.

Recursive Folder Hash[edit]

"c:\Users\My Folder\Downloads\FCIV\fciv.exe" "c:\Users\My Folder\Documents" -r -both

In the above example, both SHA1 and MD5 hashes are made for the entire Documents folder and all of its sub-folders, on screen. In this last case there are probably far too many files to view conveniently on-screen. Exporting the data to a database file provides a more permanent listing and is easier to read. This is described in the next section.

Hashes to a File - Example[edit]

The simple examples given in the preceding section sent their results to the screen. In each case these examples could be modified to send their results to a database file instead. When such a file is used, the data is diverted and so there are no hashes on the screen. Details of the format for the file must be given, in the case below with -xml, followed immediately by the path for the xml file itself. This file need not exist initially. If it does not exist, the process will make the file before loading it. If is exists, with or without contents, the data will be appended. Note that although screen hashes are written in hex, the hashes sent to a file are in base-64; these are converted for use in any verification work. The following example builds on the recursive example above and makes a database using both hash types with the option -both.

Recursive Folder Hash to File[edit]

"c:\Users\My Folder\Downloads\FCIV\fciv.exe" "c:\Users\My Folder\Documents" -r -xml "c:\users\My Folder\Downloads\MyHash.xml" -both

In the event that the process makes its own database file it will imply on screen that an error has occurred. The process will however continue to run normally, and the database file will be found at the intended address. The hash run for this folder takes several minutes on the author's PC, a blinking cursor the only clue to its working. It notifies file completion on-screen. Attempts to locate the XML file before the run is complete will find a near-empty file. The neatest output results from opening the XML file in MS Word, though any word processor or text editor will do. Errors found during any run are written into the file fciv.err, and is best placed near the fciv.exe file itself.

Other Output Methods[edit]

The main methods for output are as described, on-screen or to an XML file. However it should be noted that two other ways also exist.

  • Direct output to the clipboard. To direct output to the clipboard, just add a space, followed by a vertical bar (|), followed by the word clip. There will be no screen display, but the output will be found on the clipboard ready for use.
  • Direct output to a text file. Instead of an XML file, a simple text file can be used. The most general method is to pipe the output to the text file. That is, just add a space, followed by a greater than symbol (>), followed by the path of the file. If the file does not exist at the location specified, it will be made. Because XML files always contain base64 formats, and screen outputs are always HEX, this is the only way to obtain a file copy with a HEX format.
  • One but not both. Sending to the clipboard after piping to a text file will result in an empty string to the clipboard. Use only one output method at a time.

Excluded Files - Example[edit]

An exclusions file is a text file that contains the paths to the files and folders that should be excluded from the hashing process. Each path should be written on a line of its own and need not have quotes. The last line however must end in a carriage return before being saved or the file will not work. The following fully expressed paths make an external database of SHA1 hashes called MyHash.xml for all files in the Downloads folder, including its sub-folders, but excluding the three folders and three files listed in the exclusions file called Ignorefiles.txt.

Recursive Folder Hash to File with Exclusions[edit]

c:\>"C:\Users\My Folder\Downloads\FCIV\fciv.exe" "C:\Users\My Folder\Downloads" -r -exc "C:\Users\My Folder\Downloads\Ignorefiles.txt" -xml "C:\Users\My Folder\Downloads\MyHash.xml" -sha1

The following list shows the format to use in making the exclusions file Ignorefiles.txt. The fact that the entries are for completely different folders to the ones being hashed is unimportant. In this way exclusions can be set in the one file for all of a users tasks.

Exclusions File Format[edit]

c:\Users\My Folder\Downloads\fciv.err
C:\Users\My Folder\Documents\fciv.err
c:\Users\My Folder\Downloads\FCIV
c:\Users\My Folder\Downloads\Hashes
c:\Users\My Folder\Downloads\HashOfHashes
c:\Users\My Folder\Downloads\Ignorefiles.txt
c:\Users\My Folder\Downloads\MyHash.xml (Editor's note only: the last line of the content must end with a carriage return)

Hashes to File Using VBA[edit]

VBA can be used to automate the production of hash files, but cannot as far as is known be used to obtain the results of a verification. For that, the command line is still needed.

The VBA code in the drop panel below is made for the most useful case - the export of SHA1 hashes to a database xml file of the Documents tree. It allows for an exclusions file also. The output files can have the same name since each has an added date-time stamp. By necessity, the paths are specific for the tested case. It will be noted that VBA requires much modification of quotes in order to deliver quote-surrounded paths to the command line. This arises because spaces in paths in the command line will result in File not found errors.

There is another peculiarity of working from VBA. The Shell function runs independently of the launching procedure after it is started. This means that the procedure will exit while the Shell function is still running. If there is only one call on the Shell function and the file that it makes is not to be used in code, then all is well, but otherwise a delay must be introduced to avoid interaction with a partial output product. It has further been noted that there can be a wide variation in time-to-complete for such tasks, depending on a processor's other priorities. This code introduces such a delay, though it would be better if the VBA Shell function had a delay of its own.


VBA Code to Make an FCIV Hash File for an Entire Documents Tree
Sub HashFileTreeFCIV()
    'exports an sha1 hash for the Documents file tree, less exclusions, to an xml file
    'If used in an automated process, adjust the delay to allow completion before further work    
    'The user should modify the paths to suit his own work    
    'Uses Microsoft FCIV utility. (https://support.microsoft.com/en-us/kb/841290)
    
    Dim Ret, sU As String, sD As String, sN As String, sRP As String
    Dim sE As String, sR As String, sP As String, sT As String
    
    'path and name of the fciv utility
       sU = """" & "c:\users\My Folder\Downloads\FCIV\fciv.exe" & """"
    
    'path for the documents tree folder to hash
       sD = """" & "C:\users\My Folder\Documents" & """"
    
    'path and name of exclusions file
       sE = """" & "c:\users\My Folder\Downloads\Ignorefiles.txt" & """"
    
    'time stamped results file name
       sN = "MyHash.XML"
       sT = TimeStamped(sN)
    
    'path of results xml file
       sRP = "C:\users\My Folder\Downloads\Hashes"
       sR = """" & sRP & "\" & sT & """"
          
    'string for the shell function's parameter string
    'The clipboard and piped text file methods do not work for this construct
       sP = sU & " " & sD & " -r -exc " & sE & " -sha1 -xml " & sR
    
    'This delay prevents closure of the process while the Shell function is still running.
    'Eg: Use 15 seconds for ten files or so, and 300 seconds for a big Docs folder.
    'If the output file is made but is empty, simply rerun with an extended delay time.
       
       Ret = Shell(sP)
    
       Delayed (90) 'seconds
    
       MsgBox "Hash run is complete"

End Sub

Function Delayed(PauseTime As Single) As Boolean
   'delays for PauseTime seconds

   Dim Start As Single
      Start = Timer      ' Set start time.
      Do While Timer < Start + PauseTime
        DoEvents      'Yield to other processes.
      Loop
   Delayed = True

End Function

Function TimeStamped(sOldName As String) As String
   'adds a date time stamp onto the existing file name
   Dim vN As Variant

      If sOldName = "" Then
         MsgBox "Empty string input in TimeStamped - closing without change"
         Exit Function
      Else
      End If

   'split at the dot
      vN = Split(sOldName, ".")
      TimeStamped = vN(0) & "-" & Format(Now, "dd-mmm-yy hh""h"" mm""m"" ss""s""") & "." & vN(1)

End Function


Verifying Hashes[edit]

Verifying On-screen - Example[edit]

Verification of the hash file against the actual computer files referenced in it takes place using the -v option. The xml file that contains the hashes, to be of any use, must have been made using full address paths; that is to say without the use of either the -wp or -bp options. Clearly, if a particular algorithm was used to make the hashes, that same algorithm must be specified in the verification command line. If two hash types were included with the -both option, then the user must specify the one that is to be used for verification. That said, the general form for its use is as follows:

UtilityPath -v -xml HashFilePath [ -sha1|-md5 (default -md5) ] [ > OutputTextFilePath]

In its simplest form the command line to verify a file's hashes looks like this:

XML File Verification to Screen[edit]

c:\>"C:\Users\My Folder\Downloads\FCIV\fciv.exe" -v -xml "C:\Users\My Folder\Downloads\MyHash.xml" -sha1

It was assumed that the file contained SHA1 values. It was assumed also that there were full paths available in the file for the check. A useful addition to this function is to export the results to a text file instead of the screen. The following exports to the text file MyText.txt. If the file does not exist then it will be made by the process. If it exists, then the report will be appended.

Verifying to a File - Example[edit]

XML File Verification to File[edit]

c:\>"C:\Users\My Folder\Downloads\FCIV\fciv.exe" -v -xml "C:\Users\My Folder\Downloads\MyHash.xml" -sha1 > "C:\Users\My Folder\Documents\MyText.txt"

Screen output can be diverted to a text file in any of the above examples using this greater-than syntax. When the output is piped in this way there is no advice whatsoever on-screen; only the return of the blinking cursor advises of completion.

Hashes with Windows PowerShell[edit]

For Windows versions 8.1 and later, the internal Powershell application can make HEX hashes of single files, and all of the MD5, SHA1, SHA256, SHA384, and SHA512 hashes are available. Only a screen display is produced, though the output can also be diverted to the clipboard. When outputs other than MD5 or SHA1 are needed the user might find it of some use. Two examples of the command lines to type are given below, the first for screen display, and the next for the clipboard. As in cmd the drag and drop of file paths is the best method to use, since the path is always fully expressed.

SHA512 File Hash to Screen[edit]

c:\> get-filehash "C:\Users\My Folder\Documents\512MB.zip" -algorithm sha512 |FL

The FL suffix makes sure that all of the characters are printed instead of shortening them to fit the tabular layout.

SHA256 File Hash to Clipboard[edit]

c:\> get-filehash "C:\Users\My Folder\Documents\512MB.zip" -algorithm sha256 |FL |clip

The clip suffix in addition to the FL suffix sends a full output to the clipboard. If the FL suffix is ommitted, then the clipboard output will be made but it will contain any shortening of text that would have been applied on screen.

See Also[edit]