无法验证 exe 的校验和 [英] Unable to verify checksum for exe

问题描述

我还附上了 exe 和符号的故障转储.但我收到此错误:

hi i have attached crash dump for an exe and symbols also.but i am getting this error:

无法验证 abc.exe 的校验和.

Unable to verify checksum for abc.exe.

这是什么原因?

推荐答案

当 PE 标头中的校验和不可验证时发出无法验证校验和.

如果有问题的 exe 是在没有使用 /RELEASE 链接器选项的情况下编译和链接的，就会发生这种情况.

This can happen if the exe in question was compiled and linked without using /RELEASE linker option.

基于普通项目的编译链接器设置此选项.基于 nmake 或批处理文件的编译可以省略此开关并可能导致此输出.

Normal project based compile linker sets this option. nmake or batch file based compilation can omit this switch and can lead to this output.

一个简单的 hello world 编译和链接，使用和不使用 /RELEASE 链接器选项(PDB 不是为了简单而生成的，而是为了显示时间戳和校验和的差异而不同).加载到WinDbg中，仅对PE头中没有校验和的exe产生校验和警告.

A simple hello world compiled and linked with and without /RELEASE linker option (PDB not generated for simpilicity and diffed to show the difference in timestamp and checksum). Loaded in WinDbg and checksum warning is generated only for the exe with no checksum in PE header.

简单的hello world.cpp内容

testrelease:\>dir /b & type testrelease.cpp
testrelease.cpp
#include <stdio.h>
int main (void)     {
        printf("hello my relase\n");
        return 0;
}

不使用/RELEASE 编译

testrelease:\>cl /nologo testrelease.cpp
testrelease.cpp 

重命名 exe 并使用/RELEASE 编译相同的源

testrelease:\>ren testrelease.exe testrelease_norel.exe    
testrelease:\>cl /nologo testrelease.cpp /link /release
testrelease.cpp    

比较两个exe

testrelease:\>fc /b testrelease.exe testrelease_norel.exe
Comparing files testrelease.exe and TESTRELEASE_NOREL.EXE
000000E0: D6 CE
00000130: A3 00
00000131: 95 00
00000132: 01 00

分析比较的输出

testrelease:\>xxd -s +0x3c -l 1 testrelease.exe
000003c: d8                                       .    
testrelease:\>xxd -s +0x3c -l 1 testrelease_norel.exe
000003c: d8                                       .    
testrelease:\>echo d8 = NT_HEADER so e0 = TimeDateStamp and 130 = CheckSum
d8 = NT_HEADER so e0 = TimeDateStamp and 130 = CheckSum    

在windbg 中加载两个exe 警告，只为一个没有校验和的exe 生成警告

testrelease:\>cdb -c ".reload /f ; q" testrelease.exe      
.*** ERROR: Module load completed but symbols could not be loaded for image00400 
  
testrelease:\>cdb -c ".reload /f ; q" testrelease_norel.exe      
.*** WARNING: Unable to verify checksum for image00400000
*** ERROR: Module load completed but symbols could not be loaded for image004000

no symbol header available 错误意味着 exe 是在没有调试信息的情况下编译的.

no symbol header available error means the exe was compiled without debug information.

除非您在从头开始重新创建调试信息方面拥有丰富的专业知识，否则您对此无能为力.

You can't do much about it unless you have a lot of expertise in recreating debug information from scratch.

上面编译的两个可执行文件都会产生错误，因为我故意没有创建调试信息.

Both the executables that are compiled above will generate the error because iIhave intentionally not created the debug information.

DBGHELP: image00400000 missing debug info.  Searching for pdb anyway
DBGHELP: Can't use symbol server for image00400000.pdb - no header information available

这篇关于无法验证 exe 的校验和的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！