File Checksum Integrity Verifier (FCIV) Examples
- The Microsoft FCIV (File Checksum Integrity Verifier) is a free command-line utility for making hashes (checksums) of files. At a later date, these hashes can be verified against hashes newly made, to discover whether or not the files have since changed.
- Options exist to include or exclude sub-folders, choose algorithms, and direct output.
- The utility can hash single files, folders, or recursively, large folder structures.
- The hash algorithms available are MD5 and SHA1.
- The hash results and verification results can be sent to files or can be viewed on screen.. Base64 format only is used for output to a file, while both HEX and base64 are available on screen.
- Hash file output is made in an .xml database format.
- Verification file output can be made in a .txt textfile format.
- Folders and files can be excluded from a hash run using listings in a special text file.
- Hash files are one-time runs, and are not subject to incremental update of any kind.
- Microsoft's FCIV download is available from from Availability and description of the File Checksum Integrity Verifier utility in a zip file.
- The fciv.exe file can be installed in any convenient location. To avoid the need for an exclusions file, (you cannot hash the fciv.exe file while it is running!), you might place the FCIV folder in a place that you are unlikely to want to hash. Alternatively, Microsoft suggest adding the fciv.exe path to the system path list. In this way it can be run by simply typing the file name;an alternative quick solution is to place the file in a location that is already listed, e.g., C:\Windows\System32.
- Long paths are not a problem for those who intend to drag paths onto the command window, or paste them from saved texts. Since these examples are intended for those unfamiliar with the subject, all of these examples include fully expressed paths.
- A reference for the commands and options of the FCIV is given in the drop-box below.
FCIV Commands and Options
|File Checksum Integrity Verifier (FCIV) Commands and Options|
Command Line Basics
|Command Line Window Basics|
The command window screen is available on all Windows computers. It allows a user to run programs without the usual Windows GUI, Graphical User Interface, that we take so much for granted. In particular, it allows a user to run the FCIV utility.
Here are a few basics for those who are unfamiliar with the use of the command window:
On opening cmd the flashing prompt displays its default path, eg., C:\>. This path is the base-part of any path that the user types after the prompt. This allows shorter typed entries. Alternatively, a user could ignore what the default says and just type a path that is fully expressed in any case. The default base path is easily changed with the cd command, short for Change Directory.
The preferred method for changing the base path is of course to open the command window using the Open command window here method described in the basics section above. However, when opening an elevated prompt or when the window is already open the base path needs to be changed at the command line. The examples below are the most frequently used of the base-change actions.
To go to the root directory, type:
To go to the next directory up, type:
To break a long running process, press:
To make the prompt path say, C:\users, type:
To return to the current prompt without running the current command line, type:
To open a standard command prompt with a complicated base path already set, do this:
A fully expressed address is unambiguous, but at times a user needs to take advantage of shortened entries by using the base-path of the prompt. An example is given below to show the characters to add. It should be noted that in the example below, we could have made any number of directories a part of the default prompt, but best advantage was had by noting that three of them are common to both of the paths. An added method needs mention. An environmental variable exists that allows substitution for every path element up to and including the user's named folder; an example of this is also shown below.
Notice that there is a dot followed by a backslash to signify joining to the default path. You can think of the dot as representing all of the entry to the left of the command prompt symbol >. The default applies to every path in the command, not just to the one that is nearest. Note also that quotes surround both of these shortened paths, and this is done more to demonstrate the technique than for necessity, since these path names now contain no spaces. Both the fully expressed or the shortened versions of these entries would work equally well.
When the cmd, or other console applications of the kind open at other than the best directory, it can be laborious to change the base path all the time. The solution is to make it open at the path you want in the first place. Using an existing shortcut or one made for the task, open the shortcut's properties, and locate the text field called Open With. Change its contents to the path required, for example, C:\ for the root directory. Click OK and it is done. The window options will need adjusted again for openting with this shortcut. If the Open With text field is missing in your version of properties, you can type cd C:\ after the target address instead; make sure to include a space befor typing; that will do the same thing.
There are a number of time-saving features for working at the command prompt.
- There are at most four paths to consider in a typical command line when making a hash database. These are, the path to the fciv.exe file itself, the path to the target folder or file that we intend to hash, an exclusions file path, and the intended destination path for the output data. The general form for the usual case is just:
- Spaces in paths cause problems. Although the Windows Explorer can handle spaces in filenames and folders, the command window cannot. Note that the paths used in the examples are of this type, but to avoid problems, all paths have been set in double quotes.
- Consider using fully expressed paths. Confusion can result for novices when writing paths, especially when there is a joining to a base path. When problems of this type exist or are suspected, then construct fully expressed paths to exclude this as a source of the error.
- There are two kinds of options used in FCIV. Some are for particular commands and some apply more generally. At times a bad sequence of options will cause errors, so follow the examples in the text when placing the options.
Hashes On-screen - Examples
The following command line code displays a single MyText.txt file's hash on the screen. When the addresses are fully written in this way it does not matter which base address is showing on the command prompt. By default, the hash algorithm is MD5, but it has been specified here for completeness. For an SHA1 hash just replace the -md5 with -sha1, or if you want both hash types, replace it with -both. Note that options are preceded by minus signs.
Single File Hash
Notice that the code assumes that the fciv.exe file is itself in a folder called FCIV, in the user's Downloads folder. In the next example, the single file path has been replaced with the name of a folder.
Flat Folder Hash
Here, the Documents folder, but NOT its sub-folders, will be hashed SHA1 and listed on screen. In the example that follows the -r option is used to introduce recursive hashing of all sub-folders in Documents.
Recursive Folder Hash
In the above example, both SHA1 and MD5 hashes are made for the entire Documents folder and all of its sub-folders, on screen. In this last case there are probably far too many files to view conveniently on-screen. Exporting the data to a database file provides a more permanent listing and is easier to read. This is described in the next section.
Hashes to a File - Example
The simple examples given in the preceding section sent their results to the screen. In each case these examples could be modified to send their results to a database file instead. When such a file is used, the data is diverted and so there are no hashes on the screen. Details of the format for the file must be given, in the case below with -xml, followed immediately by the path for the xml file itself. This file need not exist initially. If it does not exist, the process will make the file before loading it. If is exists, with or without contents, the data will be appended. Note that although screen hashes are written in hex, the hashes sent to a file are in base-64; these are converted for use in any verification work. The following example builds on the recursive example above and makes a database using both hash types with the option -both.
Recursive Folder Hash to File
In the event that the process makes its own database file it will imply on screen that an error has occurred. The process will however continue to run normally, and the database file will be found at the intended address. The hash run for this folder takes several minutes on the author's PC, a blinking cursor the only clue to its working. It notifies file completion on-screen. Attempts to locate the XML file before the run is complete will find a near-empty file. The neatest output results from opening the XML file in MS Word, though any word processor or text editor will do. Errors found during any run are written into the file fciv.err, and is best placed near the fciv.exe file itself.
Other Output Methods
The main methods for output are as described, on-screen or to an XML file. However it should be noted that two other ways also exist.
- Direct output to the clipboard. To direct output to the clipboard, just add a space, followed by a vertical bar (|), followed by the word clip. There will be no screen display, but the output will be found on the clipboard ready for use.
- Direct output to a text file. Instead of an XML file, a simple text file can be used. The most general method is to pipe the output to the text file. That is, just add a space, followed by a greater than symbol (>), followed by the path of the file. If the file does not exist at the location specified, it will be made. Because XML files always contain base64 formats, and screen outputs are always HEX, this is the only way to obtain a file copy with a HEX format.
- One but not both. Sending to the clipboard after piping to a text file will result in an empty string to the clipboard. Use only one output method at a time.
Excluded Files - Example
An exclusions file is a text file that contains the paths to the files and folders that should be excluded from the hashing process. Each path should be written on a line of its own and need not have quotes. The last line however must end in a carriage return before being saved or the file will not work. The following fully expressed paths make an external database of SHA1 hashes called MyHash.xml for all files in the Downloads folder, including its sub-folders, but excluding the three folders and three files listed in the exclusions file called Ignorefiles.txt.
Recursive Folder Hash to File with Exclusions
The following list shows the format to use in making the exclusions file Ignorefiles.txt. The fact that the entries are for completely different folders to the ones being hashed is unimportant. In this way exclusions can be set in the one file for all of a users tasks.
Exclusions File Format
Hashes to File Using VBA
VBA can be used to automate the production of hash files, but cannot as far as is known be used to obtain the results of a verification. For that, the command line is still needed.
The VBA code in the drop panel below is made for the most useful case - the export of SHA1 hashes to a database xml file of the Documents tree. It allows for an exclusions file also. The output files can have the same name since each has an added date-time stamp. By necessity, the paths are specific for the tested case. It will be noted that VBA requires much modification of quotes in order to deliver quote-surrounded paths to the command line. This arises because spaces in paths in the command line will result in File not found errors.
There is another peculiarity of working from VBA. The Shell function runs independently of the launching procedure after it is started. This means that the procedure will exit while the Shell function is still running. If there is only one call on the Shell function and the file that it makes is not to be used in code, then all is well, but otherwise a delay must be introduced to avoid interaction with a partial output product. It has further been noted that there can be a wide variation in time-to-complete for such tasks, depending on a processor's other priorities. This code introduces such a delay, though it would be better if the VBA Shell function had a delay of its own.
|VBA Code to Make an FCIV Hash File for an Entire Documents Tree|
Sub HashFileTreeFCIV() 'exports an sha1 hash for the Documents file tree, less exclusions, to an xml file 'If used in an automated process, adjust the delay to allow completion before further work 'The user should modify the paths to suit his own work 'Uses Microsoft FCIV utility. (https://support.microsoft.com/en-us/kb/841290) Dim Ret, sU As String, sD As String, sN As String, sRP As String Dim sE As String, sR As String, sP As String, sT As String 'path and name of the fciv utility sU = """" & "c:\users\My Folder\Downloads\FCIV\fciv.exe" & """" 'path for the documents tree folder to hash sD = """" & "C:\users\My Folder\Documents" & """" 'path and name of exclusions file sE = """" & "c:\users\My Folder\Downloads\Ignorefiles.txt" & """" 'time stamped results file name sN = "MyHash.XML" sT = TimeStamped(sN) 'path of results xml file sRP = "C:\users\My Folder\Downloads\Hashes" sR = """" & sRP & "\" & sT & """" 'string for the shell function's parameter string 'The clipboard and piped text file methods do not work for this construct sP = sU & " " & sD & " -r -exc " & sE & " -sha1 -xml " & sR 'This delay prevents closure of the process while the Shell function is still running. 'Eg: Use 15 seconds for ten files or so, and 300 seconds for a big Docs folder. 'If the output file is made but is empty, simply rerun with an extended delay time. Ret = Shell(sP) Delayed (90) 'seconds MsgBox "Hash run is complete" End Sub Function Delayed(PauseTime As Single) As Boolean 'delays for PauseTime seconds Dim Start As Single Start = Timer ' Set start time. Do While Timer < Start + PauseTime DoEvents 'Yield to other processes. Loop Delayed = True End Function Function TimeStamped(sOldName As String) As String 'adds a date time stamp onto the existing file name Dim vN As Variant If sOldName = "" Then MsgBox "Empty string input in TimeStamped - closing without change" Exit Function Else End If 'split at the dot vN = Split(sOldName, ".") TimeStamped = vN(0) & "-" & Format(Now, "dd-mmm-yy hh""h"" mm""m"" ss""s""") & "." & vN(1) End Function
Verifying On-screen - Example
Verification of the hash file against the actual computer files referenced in it takes place using the -v option. The xml file that contains the hashes, to be of any use, must have been made using full address paths; that is to say without the use of either the -wp or -bp options. Clearly, if a particular algorithm was used to make the hashes, that same algorithm must be specified in the verification command line. If two hash types were included with the -both option, then the user must specify the one that is to be used for verification. That said, the general form for its use is as follows:
In its simplest form the command line to verify a file's hashes looks like this:
XML File Verification to Screen
It was assumed that the file contained SHA1 values. It was assumed also that there were full paths available in the file for the check. A useful addition to this function is to export the results to a text file instead of the screen. The following exports to the text file MyText.txt. If the file does not exist then it will be made by the process. If it exists, then the report will be appended.
Verifying to a File - Example
XML File Verification to File
Screen output can be diverted to a text file in any of the above examples using this greater-than syntax. When the output is piped in this way there is no advice whatsoever on-screen; only the return of the blinking cursor advises of completion.
Hashes with Windows PowerShell
For Windows versions 8.1 and later, the internal Powershell application can make HEX hashes of single files, and all of the MD5, SHA1, SHA256, SHA384, and SHA512 hashes are available. Only a screen display is produced, though the output can also be diverted to the clipboard. When outputs other than MD5 or SHA1 are needed the user might find it of some use. Two examples of the command lines to type are given below, the first for screen display, and the next for the clipboard. As in cmd the drag and drop of file paths is the best method to use, since the path is always fully expressed.
SHA512 File Hash to Screen
The FL suffix makes sure that all of the characters are printed instead of shortening them to fit the tabular layout.
SHA256 File Hash to Clipboard
The clip suffix in addition to the FL suffix sends a full output to the clipboard. If the FL suffix is omitted, then the clipboard output will be made but it will contain any shortening of text that would have been applied on screen.
- FCIV Download and description : By Microsoft
- MS-DOS and Windows Command Line Tips : By ComputerHope
- Command Prompt: frequently asked questions : By Microsoft
- Command Prompt : By PCSupport
- Folder Hashing in VBA :Another companion page that makes recursive folder hash listings, and logs. Uses up to date hash algorithms, but limited to files no larger than about 200MB.