嗨,我已经为exe和符号附加了崩溃转储。但是我收到了这个错误:
无法验证abc.exe的校验和。
这是什么原因?
答案 0 :(得分:14)
Unable to verify checksum 时会发出 checksum in pe header isnt verifiable
如果有问题的exe编译并链接without using /RELEASE链接器选项
,则会发生这种情况
基于普通项目的编译链接设置此选项
基于nmake / batfile的编译可以省略此开关并可以导致此输出
a simple helloworld compiled and linked with and without /RELEASE链接器选项(pdb不是针对简单性而生成的diffed to show the difference in timestamp and checksum和l oaded in windbg和checksum warning is generated only for the exe with no checksum in pe header)
简单的hello world.cpp内容
testrelease:\>dir /b & type testrelease.cpp
testrelease.cpp
#include <stdio.h>
int main (void) {
printf("hello my relase\n");
return 0;
}
编译没有/ RELEASE
testrelease:\>cl /nologo testrelease.cpp
testrelease.cpp
重命名exe并使用/ RELEASE编译相同的源
testrelease:\>ren testrelease.exe testrelease_norel.exe
testrelease:\>cl /nologo testrelease.cpp /link /release
testrelease.cpp
比较两个前任
testrelease:\>fc /b testrelease.exe testrelease_norel.exe
Comparing files testrelease.exe and TESTRELEASE_NOREL.EXE
000000E0: D6 CE
00000130: A3 00
00000131: 95 00
00000132: 01 00
分析比较结果
testrelease:\>xxd -s +0x3c -l 1 testrelease.exe
000003c: d8 .
testrelease:\>xxd -s +0x3c -l 1 testrelease_norel.exe
000003c: d8 .
testrelease:\>echo d8 = NT_HEADER so e0 = TimeDateStamp and 130 = CheckSum
d8 = NT_HEADER so e0 = TimeDateStamp and 130 = CheckSum
在没有校验和的情况下仅为一个exe生成的windbg警告中加载两个exes
testrelease:\>cdb -c ".reload /f ; q" testrelease.exe
.*** ERROR: Module load completed but symbols could not be loaded for image00400
testrelease:\>cdb -c ".reload /f ; q" testrelease_norel.exe
.*** WARNING: Unable to verify checksum for image00400000
*** ERROR: Module load completed but symbols could not be loaded for image004000
no symbol header available错误表示exe was compiled without debug information
上面编译的两个可执行文件都会生成错误,因为我故意没有创建调试信息
DBGHELP: image00400000 missing debug info. Searching for pdb anyway
DBGHELP: Can't use symbol server for image00400000.pdb - no header information available