Unable to verify checksum for exe

Question

hi i have attached crash dump for an exe and symbols also.but i am getting this error:

Unable to verify checksum for abc.exe.

What would be the reason for th

Answer 1

Unable to verify checksum is emitted when the checksum in pe header isnt verifiable

this can happen if the exe in question was compiled and linked without using /RELEASE linker option
normal project based compile link sets this option nmake / batfile based compilation can omit this switch and can lead to this output

a simple helloworld compiled and linked with and without /RELEASE Linker Option (pdb not generated for simpilicity and diffed to show the difference in timestamp and checksum and loaded in windbg and checksum warning is generated only for the exe with no checksum in pe header)

simple hello world.cpp contents

testrelease:\>dir /b & type testrelease.cpp
testrelease.cpp
#include <stdio.h>
int main (void)     {
        printf("hello my relase\n");
        return 0;
}

compiling without /RELEASE

testrelease:\>cl /nologo testrelease.cpp
testrelease.cpp 

renaming the exe and compiling the same source with with /RELEASE

testrelease:\>ren testrelease.exe testrelease_norel.exe    
testrelease:\>cl /nologo testrelease.cpp /link /release
testrelease.cpp    

comparing both exes

testrelease:\>fc /b testrelease.exe testrelease_norel.exe
Comparing files testrelease.exe and TESTRELEASE_NOREL.EXE
000000E0: D6 CE
00000130: A3 00
00000131: 95 00
00000132: 01 00

analysing output of the comparison

testrelease:\>xxd -s +0x3c -l 1 testrelease.exe
000003c: d8                                       .    
testrelease:\>xxd -s +0x3c -l 1 testrelease_norel.exe
000003c: d8                                       .    
testrelease:\>echo d8 = NT_HEADER so e0 = TimeDateStamp and 130 = CheckSum
d8 = NT_HEADER so e0 = TimeDateStamp and 130 = CheckSum    

loading both exes in windbg warning generated for only one exe without checksum

testrelease:\>cdb -c ".reload /f ; q" testrelease.exe      
.*** ERROR: Module load completed but symbols could not be loaded for image00400 

testrelease:\>cdb -c ".reload /f ; q" testrelease_norel.exe      
.*** WARNING: Unable to verify checksum for image00400000
*** ERROR: Module load completed but symbols could not be loaded for image004000

no symbol header available error means the exe was compiled without debug information

you cant do much about it unless you have a lot of expertise in recreating debug information from scratch

both the executables that are compiled above will generate the error because i have intentionally not created the debug information

DBGHELP: image00400000 missing debug info.  Searching for pdb anyway
DBGHELP: Can't use symbol server for image00400000.pdb - no header information available