File Checksum Integrity Verifier (FCIV) Examples


 * The Microsoft FCIV (File Checksum Integrity Verifier) is a free command-line utility for making hashes (checksums) of files.  At a later date, these hashes can be verified against hashes newly made, to discover whether or not the files have since changed.
 * Options exist to include or exclude sub-folders, choose algorithms, and direct output.
 * The utility can hash single files, folders, or recursively, large folder structures.
 * '''The hash algorithms available are MD5 and SHA1.
 * The hash results and verification results can be sent to files or can be viewed on screen.. Base64 format only is used for output to a file, while both HEX and base64 are available on screen.
 * Hash file output is made in an .xml database format.
 * Verification file output can be made in a .txt textfile format.
 * Folders and files can be excluded from a hash run using listings in a special text file.
 * Hash files are one-time runs, and are not subject to incremental update of any kind.

FCIV Installation

 * Microsoft's FCIV download is available from from Availability and description of the File Checksum Integrity Verifier utility in a zip file. This is not the microsoft site, since that organisation no longer supports the application, but an archived page of the original from which the application is still available.
 * The fciv.exe file can be installed in any convenient location.  To avoid the need for an exclusions file, (you cannot hash the fciv.exe file while it is running!), you might place the FCIV folder in a place that you are unlikely to want to hash.   Alternatively, Microsoft suggest adding the fciv.exe path to the system path list.    In this way it can be run by simply typing the file name;an alternative quick solution is to place the file in a location that is already listed, e.g., C:\Windows\System32.
 * Long paths are not a problem for those who intend to drag paths onto the command window, or paste them from saved texts. Since these examples are intended for those unfamiliar with the subject, all of these examples include fully expressed paths.
 * A reference for the commands and options of the FCIV is given in the drop-box below.

Making Hashes
 [UtilityPath] [ -add (default)    TargetFilePath   [ -r  ]]  [ -exc ExclusionFilePath ]  [ -xml OutputFilePath ] [ -sha1 | -md5  | -both  (default -md5) ]
 * There are at most four paths to consider in a typical command line when making a hash database.  These are, the path to the fciv.exe file itself, the path to the target folder or file that we intend to hash, an exclusions file path, and the intended destination path for the output data.  The general form for the usual case is just:


 * Spaces in paths cause problems. Although the Windows Explorer can handle spaces in filenames and folders, the command window cannot. Note that the paths used in the examples are of this type, but to avoid problems, all paths have been set in double quotes.
 * Consider using fully expressed paths. Confusion can result for novices when writing paths, especially when there is a joining to a base path. When problems of this type exist or are suspected, then construct fully expressed paths to exclude this as a source of the error.
 * There are two kinds of options used in FCIV.  Some are for particular commands and some apply more generally.  At times a bad sequence of options will cause errors, so follow the examples in the text when placing the options.

Hashes On-screen - Examples
The following command line code displays a single MyText.txt file's hash on the screen. When the addresses are fully written in this way it does not matter which base address is showing on the command prompt. By default, the hash algorithm is MD5, but it has been specified here for completeness. For an SHA1 hash just replace the -md5 with -sha1, or if you want both hash types, replace it with -both. Note that options are preceded by minus signs.

Single File Hash
 "c:\Users\My Folder\Downloads\FCIV\fciv.exe" "c:\Users\My Folder\Documents\MyText.txt" -md5 Notice that the code assumes that the fciv.exe file is itself in a folder called FCIV, in the user's Downloads folder. In the next example, the single file path has been replaced with the name of a folder.

Flat Folder Hash
 "c:\Users\My Folder\Downloads\FCIV\fciv.exe" "c:\Users\My Folder\Documents" -sha1 Here, the Documents folder, but NOT its sub-folders, will be hashed SHA1 and listed on screen. In the example that follows the -r option is used to introduce recursive hashing of all sub-folders in Documents.

Recursive Folder Hash
 "c:\Users\My Folder\Downloads\FCIV\fciv.exe" "c:\Users\My Folder\Documents" -r -both In the above example, both SHA1 and MD5 hashes are made for the entire Documents folder and all of its sub-folders, on screen. In this last case there are probably far too many files to view conveniently on-screen. Exporting the data to a database file provides a more permanent listing and is easier to read. This is described in the next section.

Hashes to a File - Example
The simple examples given in the preceding section sent their results to the screen. In each case these examples could be modified to send their results to a database file instead. When such a file is used, the data is diverted and so there are no hashes on the screen. Details of the format for the file must be given, in the case below with -xml, followed immediately by the path for the xml file itself. This file need not exist initially. If it does not exist, the process will make the file before loading it. If is exists, with or without contents, the data will be appended. Note that although screen hashes are written in hex, the hashes sent to a file are in base-64; these are converted for use in any verification work. The following example builds on the recursive example above and makes a database using both hash types with the option -both.

Recursive Folder Hash to File
 "c:\Users\My Folder\Downloads\FCIV\fciv.exe" "c:\Users\My Folder\Documents" -r -xml "c:\users\My Folder\Downloads\MyHash.xml" -both In the event that the process makes its own database file it will imply on screen that an error has occurred. The process will however continue to run normally, and the database file will be found at the intended address. The hash run for this folder takes several minutes on the author's PC, a blinking cursor the only clue to its working. It notifies file completion on-screen. Attempts to locate the XML file before the run is complete will find a near-empty file. The neatest output results from opening the XML file in MS Word, though any word processor or text editor will do. Errors found during any run are written into the file fciv.err, and is best placed near the fciv.exe file itself.

Other Output Methods
The main methods for output are as described, on-screen or to an XML file. However it should be noted that two other ways also exist.
 * Direct output to the clipboard.  To direct output to the clipboard, just add a space, followed by a vertical bar (|), followed by the word clip.   There will be no screen display, but the output will be found on the clipboard ready for use.
 * Direct output to a text file. Instead of an XML file, a simple text file can be used.  The most general method is to pipe the output to the text file.  That is, just add a space, followed by a greater than symbol (>), followed by the path of the file. If the file does not exist at the location specified, it will be made.   Because XML files always contain base64 formats, and screen outputs are always HEX, this is the only way to obtain a file copy with a HEX format.
 * One but not both. Sending to the clipboard after piping to a text file will result in an empty string to the clipboard.  Use only one output method at a time.

Excluded Files - Example
An exclusions file is a text file that contains the paths to the files and folders that should be excluded from the hashing process. Each path should be written on a line of its own and need not have quotes. The last line however must end in a carriage return before being saved or the file will not work. The following fully expressed paths make an external database of SHA1 hashes called MyHash.xml for all files in the Downloads folder, including its sub-folders, but excluding the three folders and three files listed in the exclusions file called Ignorefiles.txt.

Recursive Folder Hash to File with Exclusions
 c:\>"C:\Users\My Folder\Downloads\FCIV\fciv.exe" "C:\Users\My Folder\Downloads" -r -exc "C:\Users\My Folder\Downloads\Ignorefiles.txt" -xml "C:\Users\My Folder\Downloads\MyHash.xml" -sha1

The following list shows the format to use in making the exclusions file Ignorefiles.txt. The fact that the entries are for completely different folders to the ones being hashed is unimportant. In this way exclusions can be set in the one file for all of a users tasks.

Exclusions File Format
 c:\Users\My Folder\Downloads\fciv.err C:\Users\My Folder\Documents\fciv.err c:\Users\My Folder\Downloads\FCIV c:\Users\My Folder\Downloads\Hashes c:\Users\My Folder\Downloads\HashOfHashes c:\Users\My Folder\Downloads\Ignorefiles.txt c:\Users\My Folder\Downloads\MyHash.xml (Editor's note only: the last line of the content must end with a carriage return)

Hashes to File Using VBA
VBA can be used to automate the production of hash files, but cannot as far as is known be used to obtain the results of a verification. For that, the command line is still needed.

The VBA code in the drop panel below is made for the most useful case - the export of SHA1 hashes to a database xml file of the Documents tree. It allows for an exclusions file also. The output files can have the same name since each has an added date-time stamp. By necessity, the paths are specific for the tested case. It will be noted that VBA requires much modification of quotes in order to deliver quote-surrounded paths to the command line. This arises because spaces in paths in the command line will result in File not found errors.

There is another peculiarity of working from VBA. The Shell function runs independently of the launching procedure after it is started. This means that the procedure will exit while the Shell function is still running. If there is only one call on the Shell function and the file that it makes is not to be used in code, then all is well, but otherwise a delay must be introduced to avoid interaction with a partial output product. It has further been noted that there can be a wide variation in time-to-complete for such tasks, depending on a processor's other priorities. This code introduces such a delay, though it would be better if the VBA Shell function had a delay of its own.

Verifying On-screen - Example
Verification of the hash file against the actual computer files referenced in it takes place using the -v option. The xml file that contains the hashes, to be of any use, must have been made using full address paths; that is to say without the use of either the -wp or -bp options. Clearly, if a particular algorithm was used to make the hashes, that same algorithm must be specified in the verification command line. If two hash types were included with the -both option, then the user must specify the one that is to be used for verification. That said, the general form for its use is as follows:  UtilityPath  -v  -xml  HashFilePath  [ -sha1|-md5  (default  -md5) ]  [ >   OutputTextFilePath] In its simplest form the command line to verify a file's hashes looks like this:

XML File Verification to Screen
 c:\>"C:\Users\My Folder\Downloads\FCIV\fciv.exe" -v -xml "C:\Users\My Folder\Downloads\MyHash.xml" -sha1 It was assumed that the file contained SHA1 values. It was assumed also that there were full paths available in the file for the check. A useful addition to this function is to export the results to a text file instead of the screen. The following exports to the text file MyText.txt. If the file does not exist then it will be made by the process. If it exists, then the report will be appended.

XML File Verification to File
 c:\>"C:\Users\My Folder\Downloads\FCIV\fciv.exe" -v -xml "C:\Users\My Folder\Downloads\MyHash.xml" -sha1 > "C:\Users\My Folder\Documents\MyText.txt" Screen output can be diverted to a text file in any of the above examples using this greater-than syntax. When the output is piped in this way there is no advice whatsoever on-screen; only the return of the blinking cursor advises of completion.

Hashes with Windows PowerShell
For Windows versions 8.1 and later, the internal Powershell application can make HEX hashes of single files, and all of the MD5, SHA1, SHA256, SHA384, and SHA512 hashes are available. Only a screen display is produced, though the output can also be diverted to the clipboard. When outputs other than MD5 or SHA1 are needed the user might find it of some use. Two examples of the command lines to type are given below, the first for screen display, and the next for the clipboard. As in cmd the drag and drop of file paths is the best method to use, since the path is always fully expressed.

SHA512 File Hash to Screen
 c:\> get-filehash "C:\Users\My Folder\Documents\512MB.zip" -algorithm sha512 |FL The FL suffix makes sure that all of the characters are printed instead of shortening them to fit the tabular layout.

SHA256 File Hash to Clipboard
 c:\> get-filehash "C:\Users\My Folder\Documents\512MB.zip" -algorithm sha256 |FL |clip The clip suffix in addition to the FL suffix sends a full output to the clipboard. If the FL suffix is omitted, then the clipboard output will be made but it will contain any shortening of text that would have been applied on screen.