Views:

Summary



Perform the following procedure to view an NTFS file version property through a Windows command line interface using Windows Management Instrumentation Command-line (WMIC) or the Sigcheck tool from Windows SysInternals.

Resolution



This procedure describes how to view and export the file property for NTFS files when other methods, such as a remote session or a screenshot are not available. It is used to collect the version file property for executables.

There are two available options for viewing the file property:

  • Windows Management Instrumentation Command-line (WMIC)
  • Sigcheck tool from Windows Sysinternals

See the Additional Information section for further documentation.

WMIC:

  1. Determine the absolute path of the file or executable. This examples uses the following path: C:\Program Files\NSB\bin\sssnap.exe.   Please look at all the text in RED as I am not sure if the path is correct.  Thanks.
  2. Open a Windows command line prompt and enter:

    C:\>wmic datafile where name='C:\\program files\\nsb\\bin\\sssnap.exe' get version

    Note:
    • This WMIC command syntax demands that any slashes "\" are doubled in the path.
    • The absolute path of the file is required.
  3. The following output displays:

    Version
    4.0.20534.25564

You can also export all available file properties for a file:

C:\>wmic datafile where name='C:\\program files\\nsb\\bin\\sssnap.exe'


Sigcheck tool from Windows Sysinternals:

Sigcheck allows you to export properties for one or multiple NTFS files at the same time.

Download the Sigcheck tool (technet.microsoft.com/en-us/sysinternals/bb897441.aspx). You can also download the Sigcheck tool through the Windows Sysinternals page at technet.microsoft.com/en-US/sysinternals.

  1. Copy sigcheck.exe to the server that contains the file to be analyzed. For example: C:\windows\temp\sigcheck.exe.
  2. Open a Windows command line prompt and navigate to the directory of the file to be analyzed.

    Note: The first time sigcheck.exe runs, it displays a standard user agreement.
  3. Check the version of a single file. For example, to check the version of sssnap.exe in C:\Program Files\NSB\bin\sssnap.exe, enter:

    C:\windows\temp\sigcheck.exe -a -h sssnap.exe
  4. The following output displays (version bolded):

    Verified: Signed
    Signing date: 2:50 PM 8/27/2012
    Publisher: Catalogic Software Incorporated
    Description: snapmd
    Product: DPX
    Version: 4.0
    File version: 4,0,20534,25564
    Strong Name: Unsigned
    Original Name:
    Internal Name: snapmd
    Copyright: Copyright(c) Catalogic Software Incorporated, 1996-2012
    Comments:
    MD5: 5606338129cc00aa6f655ca6a1e75c60
    SHA1: ab7fffa6ce9784766177c1f2f9f4e556706526b5
    SHA256: 3e802d94c0981f1034d45ccea8793b68f38b93025cc58690ea343eb373a94bc0
Comments (0)