Summary
Perform the following procedure to view an NTFS file version property through a Windows command line interface using Windows Management Instrumentation Command-line (WMIC) or the Sigcheck tool from Windows SysInternals.
Resolution
This procedure describes how to view and export the file property for NTFS files when other methods, such as a remote session or a screenshot are not available. It is used to collect the version file property for executables.
There are two available options for viewing the file property:
- Windows Management Instrumentation Command-line (WMIC)
- Sigcheck tool from Windows Sysinternals
See the Additional Information section for further documentation.
WMIC:
- Determine the absolute path of the file or executable. This examples uses the following path: C:\Program Files\NSB\bin\sssnap.exe. Please look at all the text in RED as I am not sure if the path is correct. Thanks.
- Open a Windows command line prompt and enter:
C:\>wmic datafile where name='C:\\program files\\nsb\\bin\\sssnap.exe' get version
Note:- This WMIC command syntax demands that any slashes "\" are doubled in the path.
- The absolute path of the file is required.
- The following output displays:
Version
4.0.20534.25564
You can also export all available file properties for a file:
C:\>wmic datafile where name='C:\\program files\\nsb\\bin\\sssnap.exe'
Sigcheck tool from Windows Sysinternals:
Sigcheck allows you to export properties for one or multiple NTFS files at the same time.
Download the Sigcheck tool (technet.microsoft.com/en-us/sysinternals/bb897441.aspx). You can also download the Sigcheck tool through the Windows Sysinternals page at technet.microsoft.com/en-US/sysinternals.
- Copy sigcheck.exe to the server that contains the file to be analyzed. For example: C:\windows\temp\sigcheck.exe.
- Open a Windows command line prompt and navigate to the directory of the file to be analyzed.
Note: The first time sigcheck.exe runs, it displays a standard user agreement. - Check the version of a single file. For example, to check the version of sssnap.exe in C:\Program Files\NSB\bin\sssnap.exe, enter:
C:\windows\temp\sigcheck.exe -a -h sssnap.exe
- The following output displays (version bolded):
Verified: Signed
Signing date: 2:50 PM 8/27/2012
Publisher: Catalogic Software Incorporated
Description: snapmd
Product: DPX
Version: 4.0
File version: 4,0,20534,25564
Strong Name: Unsigned
Original Name:
Internal Name: snapmd
Copyright: Copyright(c) Catalogic Software Incorporated, 1996-2012
Comments:
MD5: 5606338129cc00aa6f655ca6a1e75c60
SHA1: ab7fffa6ce9784766177c1f2f9f4e556706526b5
SHA256: 3e802d94c0981f1034d45ccea8793b68f38b93025cc58690ea343eb373a94bc0